From 167fe51a8a0d1203fb1fa02c9125d02d5793d5ba Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Sat, 14 Mar 2020 17:42:47 -0500
Subject: [PATCH] emails: move edit email flow to emails controller.

---
 app/controllers/emails_controller.rb          | 36 ++++++++++++++++++
 .../user/email_changes_controller.rb          | 19 ----------
 app/logical/user_email_change.rb              | 17 ---------
 app/views/emails/edit.html.erb                | 15 ++++++++
 .../user/email_changes/new.html.erb           | 23 ------------
 app/views/users/edit.html.erb                 |  2 +-
 config/routes.rb                              |  2 +-
 test/functional/emails_controller_test.rb     | 36 ++++++++++++++++++
 .../user/email_changes_controller_test.rb     | 37 -------------------
 9 files changed, 89 insertions(+), 98 deletions(-)
 create mode 100644 app/controllers/emails_controller.rb
 delete mode 100644 app/controllers/maintenance/user/email_changes_controller.rb
 delete mode 100644 app/logical/user_email_change.rb
 create mode 100644 app/views/emails/edit.html.erb
 delete mode 100644 app/views/maintenance/user/email_changes/new.html.erb
 create mode 100644 test/functional/emails_controller_test.rb
 delete mode 100644 test/functional/maintenance/user/email_changes_controller_test.rb

diff --git a/app/controllers/emails_controller.rb b/app/controllers/emails_controller.rb
new file mode 100644
index 000000000..8a32484b2
--- /dev/null
+++ b/app/controllers/emails_controller.rb
@@ -0,0 +1,36 @@
+class EmailsController < ApplicationController
+  before_action :member_only
+  respond_to :html, :xml, :json
+
+  def edit
+    @user = User.find(params[:user_id])
+    check_privilege(@user)
+
+    respond_with(@user)
+  end
+
+  def update
+    @user = User.find(params[:user_id])
+    check_privilege(@user)
+
+    if User.authenticate(@user.name, params[:user][:password])
+      @user.update(email_address_attributes: { address: params[:user][:email] })
+    else
+      @user.errors[:base] << "Password was incorrect"
+    end
+
+    if @user.errors.none?
+      flash[:notice] = "Email updated"
+      respond_with(@user, location: settings_url)
+    else
+      flash[:notice] = @user.errors.full_messages.join("; ")
+      respond_with(@user)
+    end
+  end
+
+  private
+
+  def check_privilege(user)
+    raise User::PrivilegeError unless user.id == CurrentUser.id || CurrentUser.is_admin?
+  end
+end
diff --git a/app/controllers/maintenance/user/email_changes_controller.rb b/app/controllers/maintenance/user/email_changes_controller.rb
deleted file mode 100644
index 1199c1e16..000000000
--- a/app/controllers/maintenance/user/email_changes_controller.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-module Maintenance
-  module User
-    class EmailChangesController < ApplicationController
-      def new
-      end
-
-      def create
-        email_change = UserEmailChange.new(CurrentUser.user, params[:email_change][:email], params[:email_change][:password])
-        email_change.process
-        if CurrentUser.user.errors.any?
-          flash[:notice] = CurrentUser.user.errors.full_messages.join("; ")
-          redirect_to(new_maintenance_user_email_change_path)
-        else
-          redirect_to(edit_user_path(CurrentUser.user.id), :notice => "Email was updated")
-        end
-      end
-    end
-  end
-end
diff --git a/app/logical/user_email_change.rb b/app/logical/user_email_change.rb
deleted file mode 100644
index 2e97ac6b9..000000000
--- a/app/logical/user_email_change.rb
+++ /dev/null
@@ -1,17 +0,0 @@
-class UserEmailChange
-  attr_reader :user, :password, :new_email
-
-  def initialize(user, new_email, password)
-    @user = user
-    @new_email = new_email
-    @password = password
-  end
-
-  def process
-    if User.authenticate(user.name, password)
-      user.update(email_address_attributes: { address: new_email })
-    else
-      user.errors[:base] << "Password was incorrect"
-    end
-  end
-end
diff --git a/app/views/emails/edit.html.erb b/app/views/emails/edit.html.erb
new file mode 100644
index 000000000..80347f448
--- /dev/null
+++ b/app/views/emails/edit.html.erb
@@ -0,0 +1,15 @@
+<% page_title "Change Email" %>
+
+<div id="c-emails">
+  <div id="a-edit">
+    <h1>Change Email</h1>
+
+    <p>You must confirm your password in order to change your email address.</p>
+
+    <%= edit_form_for(@user, url: user_email_path(@user)) do |f| %>
+      <%= f.input :password %>
+      <%= f.input :email %>
+      <%= f.submit "Save" %>
+    <% end %>
+  </div>
+</div>
diff --git a/app/views/maintenance/user/email_changes/new.html.erb b/app/views/maintenance/user/email_changes/new.html.erb
deleted file mode 100644
index 87acf2228..000000000
--- a/app/views/maintenance/user/email_changes/new.html.erb
+++ /dev/null
@@ -1,23 +0,0 @@
-<div id="c-maintenance-user-email-changes">
-  <div id="a-new">
-    <h1>Change Email</h1>
-
-    <p>You must confirm your password in order to change your email address.</p>
-
-    <%= form_tag(maintenance_user_email_change_path, :class => "simple_form") do %>
-      <div class="input">
-        <label>New Email</label>
-        <%= email_field :email_change, :email %>
-      </div>
-
-      <div class="input">
-        <label>Password</label>
-        <%= password_field :email_change, :password %>
-      </div>
-
-      <div>
-        <%= submit_tag "Submit" %>
-      </div>
-    <% end %>
-  </div>
-</div>
diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
index a9c68680e..68548de9b 100644
--- a/app/views/users/edit.html.erb
+++ b/app/views/users/edit.html.erb
@@ -31,7 +31,7 @@
               <em>blank</em>
             <% end %>
 
-            - <%= link_to "Change your email", new_maintenance_user_email_change_path %>
+            - <%= link_to "Change your email", edit_user_email_path(@user) %>
           </p>
         </div>
 
diff --git a/config/routes.rb b/config/routes.rb
index 4da99cd9f..501d0356f 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -46,7 +46,6 @@ Rails.application.routes.draw do
       resource :count_fixes, only: [:new, :create]
       resource :email_notification, :only => [:show, :destroy]
       resource :deletion, :only => [:show, :destroy]
-      resource :email_change, :only => [:new, :create]
       resource :api_key, :only => [:show, :view, :update, :destroy] do
         post :view
       end
@@ -246,6 +245,7 @@ Rails.application.routes.draw do
   end
   resources :users do
     resources :favorite_groups, controller: "favorite_groups", only: [:index], as: "favorite_groups"
+    resource :email, only: [:edit, :update]
     resource :password, only: [:edit, :update]
     resource :api_key, :only => [:show, :view, :update, :destroy], :controller => "maintenance/user/api_keys" do
       post :view
diff --git a/test/functional/emails_controller_test.rb b/test/functional/emails_controller_test.rb
new file mode 100644
index 000000000..fea28ef72
--- /dev/null
+++ b/test/functional/emails_controller_test.rb
@@ -0,0 +1,36 @@
+require "test_helper"
+
+class EmailsControllerTest < ActionDispatch::IntegrationTest
+  context "in all cases" do
+    setup do
+      @user = create(:user, email_address: build(:email_address, { address: "bob@ogres.net" }))
+    end
+
+    context "#edit" do
+      should "render" do
+        get_auth edit_user_email_path(@user), @user
+        assert_response :success
+      end
+    end
+
+    context "#create" do
+      context "with the correct password" do
+        should "work" do
+          put_auth user_email_path(@user), @user, params: { user: { password: "password", email: "abc@ogres.net" }}
+
+          assert_redirected_to(settings_path)
+          assert_equal("abc@ogres.net", @user.reload.email_address.address)
+        end
+      end
+
+      context "with the incorrect password" do
+        should "not work" do
+          put_auth user_email_path(@user), @user, params: { user: { password: "passwordx", email: "abc@ogres.net" }}
+
+          assert_response :success
+          assert_equal("bob@ogres.net", @user.reload.email_address.address)
+        end
+      end
+    end
+  end
+end
diff --git a/test/functional/maintenance/user/email_changes_controller_test.rb b/test/functional/maintenance/user/email_changes_controller_test.rb
deleted file mode 100644
index e9fb82932..000000000
--- a/test/functional/maintenance/user/email_changes_controller_test.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-require "test_helper"
-
-module Maintenance
-  module User
-    class EmailChangesControllerTest < ActionDispatch::IntegrationTest
-      context "in all cases" do
-        setup do
-          @user = create(:user, email_address: build(:email_address, { address: "bob@ogres.net" }))
-        end
-
-        context "#new" do
-          should "render" do
-            get_auth new_maintenance_user_email_change_path, @user
-            assert_response :success
-          end
-        end
-
-        context "#create" do
-          context "with the correct password" do
-            should "work" do
-              post_auth maintenance_user_email_change_path, @user, params: {:email_change => {:password => "password", :email => "abc@ogres.net"}}
-              assert_redirected_to(edit_user_path(@user))
-              assert_equal("abc@ogres.net", @user.reload.email_address.address)
-            end
-          end
-
-          context "with the incorrect password" do
-            should "not work" do
-              post_auth maintenance_user_email_change_path, @user, params: {:email_change => {:password => "passwordx", :email => "abc@ogres.net"}}
-              assert_equal("bob@ogres.net", @user.reload.email_address.address)
-            end
-          end
-        end
-      end
-    end
-  end
-end