From f6b737e45d37a810f3606af00e49883f4a841864 Mon Sep 17 00:00:00 2001 From: KernelDeimos Date: Sun, 14 Apr 2024 21:33:15 -0400 Subject: [PATCH] Add confirmation email for email change --- packages/backend/src/routers/change_email.js | 16 +++++++++++++++- packages/backend/src/services/EmailService.js | 13 +++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/packages/backend/src/routers/change_email.js b/packages/backend/src/routers/change_email.js index f23e47b0..a7836010 100644 --- a/packages/backend/src/routers/change_email.js +++ b/packages/backend/src/routers/change_email.js @@ -23,6 +23,8 @@ const eggspress = require('../api/eggspress.js'); const APIError = require('../api/APIError.js'); const { DB_READ, DB_WRITE } = require('../services/database/consts.js'); +const config = require('../config.js'); + const CHANGE_EMAIL_START = eggspress('/change_email/start', { subdomain: 'api', auth: true, @@ -59,18 +61,27 @@ const CHANGE_EMAIL_START = eggspress('/change_email/start', { // generate confirmation token const token = crypto.randomBytes(4).toString('hex'); + // send confirmation email + const svc_email = req.services.get('email'); + await svc_email.send_email({ email: new_email }, 'email_change_request', { + confirm_url: `${config.origin}/change_email/confirm?token=${token}`, + username: user.username, + }); + // update user await db.write( 'UPDATE `user` SET `unconfirmed_change_email` = ?, `change_email_confirm_token` = ? WHERE `id` = ?', [new_email, token, user.id] ); + + res.send({ success: true }); }); const CHANGE_EMAIL_CONFIRM = eggspress('/change_email/confirm', { subdomain: 'api', auth: true, verified: true, - allowedMethods: ['POST'], + allowedMethods: ['GET'], }, async (req, res, next) => { const user = req.user; const token = req.body.token; @@ -94,6 +105,9 @@ const CHANGE_EMAIL_CONFIRM = eggspress('/change_email/confirm', { 'UPDATE `user` SET `email` = ?, `unconfirmed_change_email` = NULL, `change_email_confirm_token` = NULL WHERE `id` = ?', [new_email, user.id] ); + + const h = `

Your email has been successfully confirmed.

`; + return res.send(h); }); module.exports = app => { diff --git a/packages/backend/src/services/EmailService.js b/packages/backend/src/services/EmailService.js index 37453d87..c259232a 100644 --- a/packages/backend/src/services/EmailService.js +++ b/packages/backend/src/services/EmailService.js @@ -50,6 +50,19 @@ Exciting news! {{app_title}} is

Best,
The Puter Team +

+ `, + }, + 'email_change_request': { + subject: '\u{1f4dd} Confirm your email change', + html: ` +

Hi there,

+

+We received a request to link this email to the user "{{username}}" on Puter. If you made this request, please click the link below to confirm the change. If you did not make this request, please ignore this email. +

+ +

+Confirm email change

`, },