changeset 59:02d8876dc41d

improve change email
author Franklin Schmidt <fschmidt@gmail.com>
date Tue, 29 Nov 2022 18:45:22 -0700
parents 31c895b73bd0
children 8b5b1bce7d6b
files src/api/change_email_1.json.luan src/api/change_email_2.json.luan src/api/forms.html src/change_email.html.luan src/lib/User.luan
diffstat 5 files changed, 26 insertions(+), 25 deletions(-) [+]
line wrap: on
line diff
diff -r 31c895b73bd0 -r 02d8876dc41d src/api/change_email_1.json.luan
--- a/src/api/change_email_1.json.luan	Tue Nov 29 16:09:17 2022 -0700
+++ b/src/api/change_email_1.json.luan	Tue Nov 29 18:45:22 2022 -0700
@@ -25,7 +25,7 @@
 		body = output_of(function() %>
 Change your email address to <%=email%> by clicking this link:
 
-<%=base_url%>/change_email.html?email=<%=url_encode(email)%>&password1=<%=password%>
+<%=base_url%>/change_email.html?email=<%=url_encode(email)%>&password=<%=password%>
 
 If you don't want to change your email address, then don't click on the link.
 <%		end)
diff -r 31c895b73bd0 -r 02d8876dc41d src/api/change_email_2.json.luan
--- a/src/api/change_email_2.json.luan	Tue Nov 29 16:09:17 2022 -0700
+++ b/src/api/change_email_2.json.luan	Tue Nov 29 18:45:22 2022 -0700
@@ -14,17 +14,17 @@
 return api(function()
 	local base_url = Http.request.parameters.base_url or user_error "missing base_url param"
 	local from = Http.request.parameters.from or user_error "missing from param"
-	local email = Http.request.parameters.email or user_error "missing email param"
+	local to = Http.request.parameters.to or user_error "missing to param"
 	local password = Http.request.parameters.password or user_error "missing password param"
 	local mailer = Mail.sender() or user_error "mail not configured"
 	mailer.send{
 		From = from
-		To = email
+		To = to
 		Subject = "Change Email"
 		body = output_of(function() %>
 Change your email address to this email by clicking this link:
 
-<%=base_url%>/change_email.html?email=<%=url_encode(email)%>&password2=<%=password%>
+<%=base_url%>/change_email.html?password=<%=password%>
 <%		end)
 	}
 	return {
diff -r 31c895b73bd0 -r 02d8876dc41d src/api/forms.html
--- a/src/api/forms.html	Tue Nov 29 16:09:17 2022 -0700
+++ b/src/api/forms.html	Tue Nov 29 18:45:22 2022 -0700
@@ -29,7 +29,7 @@
 			<h3>change_email_2</h3>
 			<p>base_url: <input name=base_url type=url required></p>
 			<p>from: <input name=from required></p>
-			<p>email: <input name=email type=email required></p>
+			<p>to: <input name=to type=email required></p>
 			<p>password: <input name=password required></p>
 			<p><input type=submit></p>
 		</form>
diff -r 31c895b73bd0 -r 02d8876dc41d src/change_email.html.luan
--- a/src/change_email.html.luan	Tue Nov 29 16:09:17 2022 -0700
+++ b/src/change_email.html.luan	Tue Nov 29 18:45:22 2022 -0700
@@ -50,9 +50,8 @@
 	local user = User.current_required()
 	if user==nil then return end
 	local email = Http.request.parameters.email
-	local password1 = Http.request.parameters.password1
-	local password2 = Http.request.parameters.password2
-	if email == nil then
+	local password = Http.request.parameters.password
+	if email == nil and password == nil then
 		page(function()
 %>
 			<form>
@@ -65,10 +64,11 @@
 			</form>
 <%
 		end)
-	elseif password1 == nil and password2 == nil then
+	elseif email ~= nil and password == nil then
 		run_in_transaction( function()
 			user = user.reload()
-			user.hidden_password_1 = User.new_password()
+			user.hidden_password = User.new_password()
+			user.new_email = nil
 			user.save()
 		end )
 		local result = call_mail_api( "change_email_1", {
@@ -76,7 +76,7 @@
 			from = forum_title.." <support@freedit.org>"
 			to = user.email
 			email = email
-			password = user.hidden_password_1
+			password = user.hidden_password
 		} )
 		result.okay or error(result.error)
 		page(function()
@@ -84,22 +84,22 @@
 			<p>We have sent an email to your current email address.  Click on the link in that email to change your email.</p>
 <%
 		end)
-	elseif password1 ~= nil then
-		if password1 ~= user.hidden_password_1 then
+	elseif email ~= nil and password ~= nil then
+		if password ~= user.hidden_password then
 			invalid()
 			return
 		end
 		run_in_transaction( function()
 			user = user.reload()
-			user.hidden_password_1 = nil
-			user.hidden_password_2 = User.new_password()
+			user.hidden_password = User.new_password()
+			user.new_email = email
 			user.save()
 		end )
 		local result = call_mail_api( "change_email_2", {
 			base_url = base_url()
 			from = forum_title.." <support@freedit.org>"
-			email = email
-			password = user.hidden_password_2
+			to = email
+			password = user.hidden_password
 		} )
 		result.okay or error(result.error)
 		page(function()
@@ -107,15 +107,16 @@
 			<p>We have sent an email to <b><%=email%></b>.  Click on the link in that email to complete the change.</p>
 <%
 		end)
-	elseif password2 ~= nil then
-		if password2 ~= user.hidden_password_2 then
+	elseif email == nil and password ~= nil then
+		if password ~= user.hidden_password then
 			invalid()
 			return
 		end
 		run_in_transaction( function()
 			user = user.reload()
-			user.email = email
-			user.hidden_password_2 = nil
+			user.email = user.new_email or error()
+			user.hidden_password = nil
+			user.new_email = nil
 			user.save()
 		end )
 		page(function()
diff -r 31c895b73bd0 -r 02d8876dc41d src/lib/User.luan
--- a/src/lib/User.luan	Tue Nov 29 16:09:17 2022 -0700
+++ b/src/lib/User.luan	Tue Nov 29 18:45:22 2022 -0700
@@ -39,8 +39,8 @@
 		password = doc.password
 		name = doc.user_name
 		created = doc.created
-		hidden_password_1 = doc.hidden_password_1
-		hidden_password_2 = doc.hidden_password_2
+		hidden_password = doc.hidden_password
+		new_email = doc.new_email
 	}
 	set_local_only(users_by_id,user.id,user)
 	return user
@@ -55,8 +55,8 @@
 		password = user.password
 		user_name = user.name
 		created = user.created or time_now()
-		hidden_password_1 = user.hidden_password_1
-		hidden_password_2 = user.hidden_password_2
+		hidden_password = user.hidden_password
+		new_email = user.new_email
 	}
 end