FEATURE: Add setting to always confirm old email (#18417)

By default, only staff members have to confirm their old email when
changing it. This commit adds a site setting that when enabled will
always ask the user to confirm old email.

config/locales/server.en.yml

@@ -2044,6 +2044,7 @@ en:
     raw_email_max_length: "How many characters should be stored for incoming email."
     raw_rejected_email_max_length: "How many characters should be stored for rejected incoming email."
     delete_rejected_email_after_days: "Delete rejected emails older than (n) days."
+    require_change_email_confirmation: "Require non-staff users to confirm their old email address before changing it. Does not apply to staff users, they always need to confirm their old email address."
 
     manual_polling_enabled: "Push emails using the API for email replies."
     pop3_polling_enabled: "Poll via POP3 for email replies."

config/site_settings.yml

@@ -1291,6 +1291,7 @@ email:
   max_participant_names:
     default: 10
     hidden: true
+  require_change_email_confirmation: false
 
 files:
   max_image_size_kb:

lib/email_updater.rb

@@ -58,8 +58,7 @@ class EmailUpdater
     end
 
     if @change_req.change_state.blank? || @change_req.change_state == EmailChangeRequest.states[:complete]
-      @change_req.change_state = if @user.staff?
+      @change_req.change_state = if SiteSetting.require_change_email_confirmation || @user.staff?
-        # Staff users must confirm their old email address first.
         EmailChangeRequest.states[:authorizing_old]
       else
         EmailChangeRequest.states[:authorizing_new]

spec/lib/email_updater_spec.rb

@@ -43,6 +43,21 @@ RSpec.describe EmailUpdater do
         end
       end
 
+      it "sends an email to confirm old email first if require_change_email_confirmation is enabled" do
+        SiteSetting.require_change_email_confirmation = true
+
+        expect_enqueued_with(job: :critical_user_email, args: { type: :confirm_old_email, to_address: old_email }) do
+          updater.change_to(new_email)
+        end
+
+        expect(updater.change_req).to be_present
+        expect(updater.change_req.old_email).to eq(old_email)
+        expect(updater.change_req.new_email).to eq(new_email)
+        expect(updater.change_req.change_state).to eq(EmailChangeRequest.states[:authorizing_old])
+        expect(updater.change_req.old_email_token.email).to eq(old_email)
+        expect(updater.change_req.new_email_token).to be_blank
+      end
+
       it "logs the admin user as the requester" do
         updater.change_to(new_email)
         expect(updater.change_req.requested_by).to eq(admin)