mirror of
https://github.com/discourse/discourse.git
synced 2024-11-23 19:35:13 +08:00
30990006a9
This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
71 lines
1.9 KiB
Ruby
71 lines
1.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require_dependency 'rate_limiter'
|
|
require_dependency 'email_validator'
|
|
require_dependency 'email_updater'
|
|
|
|
class UsersEmailController < ApplicationController
|
|
|
|
requires_login only: [:index, :update]
|
|
|
|
skip_before_action :check_xhr, only: [:confirm]
|
|
skip_before_action :redirect_to_login_if_required, only: [:confirm]
|
|
|
|
def index
|
|
end
|
|
|
|
def update
|
|
params.require(:email)
|
|
user = fetch_user_from_params
|
|
|
|
RateLimiter.new(user, "change-email-hr-#{request.remote_ip}", 6, 1.hour).performed!
|
|
RateLimiter.new(user, "change-email-min-#{request.remote_ip}", 3, 1.minute).performed!
|
|
|
|
updater = EmailUpdater.new(guardian, user)
|
|
updater.change_to(params[:email])
|
|
|
|
if updater.errors.present?
|
|
return render_json_error(updater.errors.full_messages)
|
|
end
|
|
|
|
render body: nil
|
|
rescue RateLimiter::LimitExceeded
|
|
render_json_error(I18n.t("rate_limiter.slow_down"))
|
|
end
|
|
|
|
def confirm
|
|
expires_now
|
|
|
|
token = EmailToken.confirmable(params[:token])
|
|
user = token&.user
|
|
|
|
change_request =
|
|
if user
|
|
user.email_change_requests.where(new_email_token_id: token.id).first
|
|
end
|
|
|
|
if change_request&.change_state == EmailChangeRequest.states[:authorizing_new] &&
|
|
user.totp_enabled? && !user.authenticate_second_factor(params[:second_factor_token], params[:second_factor_method].to_i)
|
|
|
|
@update_result = :invalid_second_factor
|
|
@backup_codes_enabled = true if user.backup_codes_enabled?
|
|
|
|
if params[:second_factor_token].present?
|
|
RateLimiter.new(nil, "second-factor-min-#{request.remote_ip}", 3, 1.minute).performed!
|
|
@show_invalid_second_factor_error = true
|
|
end
|
|
else
|
|
updater = EmailUpdater.new
|
|
@update_result = updater.confirm(params[:token])
|
|
|
|
if @update_result == :complete
|
|
updater.user.user_stat.reset_bounce_score!
|
|
log_on_user(updater.user)
|
|
end
|
|
end
|
|
|
|
render layout: 'no_ember'
|
|
end
|
|
|
|
end
|