users: move emails to separate table.

* Move emails from users table to email_addresses table. * Validate that addresses are formatted correctly and are unique across users. Existing invalid emails are grandfathered in. * Add is_verified flag (the address has been confirmed by the user). * Add is_deliverable flag (an undeliverable address is an address that bounces). * Normalize addresses to prevent registering multiple accounts with the same email address (using tricks like Gmail's plus addressing).
2020-03-10 21:36:16 -05:00
parent 41304d6add
commit 258f4a8b95
22 changed files with 285 additions and 36 deletions
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@@ -3,10 +3,15 @@ class PasswordResetsController < ApplicationController

  def create
    @user = User.find_by_name(params.dig(:user, :name))
-    UserMailer.password_reset(@user).deliver_later

-    flash[:notice] = "Password reset email sent. Check your email"
-    respond_with(@user, location: new_session_path)
+    if @user.can_receive_email?
+      UserMailer.password_reset(@user).deliver_later
+      flash[:notice] = "Password reset email sent. Check your email"
+      respond_with(@user, location: new_session_path)
+    else
+      flash[:notice] = "Password not reset. This account does not have a valid, verified email address"
+      respond_with(@user)
+    end
  end

  def show
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -4,6 +4,7 @@ class UsersController < ApplicationController

  def new
    @user = User.new
+    @user.email_address = EmailAddress.new
    respond_with(@user)
  end

@@ -110,7 +111,7 @@ class UsersController < ApplicationController

  def user_params(context)
    permitted_params = %i[
-      password old_password password_confirmation email
+      password old_password password_confirmation
      comment_threshold default_image_size favorite_tags blacklisted_tags
      time_zone per_page custom_style theme

@@ -123,7 +124,10 @@ class UsersController < ApplicationController
      enable_safe_mode enable_desktop_mode disable_post_tooltips
    ]

-    permitted_params << :name if context == :create
+    if context == :create
+      permitted_params += [:name, { email_address_attributes: [:address] }]
+    end
+
    permitted_params << :level if CurrentUser.is_admin?

    params.require(:user).permit(permitted_params)