From 2e0e98810a5d327c7e51a4239bb271f28fc4bd5d Mon Sep 17 00:00:00 2001
From: Andy Heathershaw <andy@andysh.uk>
Date: Wed, 12 Sep 2018 17:08:27 +0100
Subject: [PATCH] #99: Email address can now be changed and confirmed with
 registration

---
 .../Controllers/Gallery/UserController.php    | 72 ++++++++++++++++---
 resources/lang/en/auth.php                    |  3 +-
 resources/lang/en/gallery.php                 |  3 +
 .../user_change_email_required.blade.php      |  2 +-
 .../base/gallery/user_settings.blade.php      | 13 +++-
 routes/web.php                                |  6 ++
 6 files changed, 88 insertions(+), 11 deletions(-)

diff --git a/app/Http/Controllers/Gallery/UserController.php b/app/Http/Controllers/Gallery/UserController.php
index 3809354..12e4714 100644
--- a/app/Http/Controllers/Gallery/UserController.php
+++ b/app/Http/Controllers/Gallery/UserController.php
@@ -18,31 +18,78 @@ use Symfony\Component\HttpFoundation\Request;
 
 class UserController extends Controller
 {
+    public function confirmEmailChangeState(Request $request)
+    {
+        $user = $this->getUser();
+        if (!$user->is_email_change_in_progress)
+        {
+            return redirect(route('userSettings'));
+        }
+
+        // Update the e-mail address
+        $user->email = $user->new_email_address;
+
+        // Reset the e-mail change state
+        $user->is_email_change_in_progress = false;
+        $user->new_email_address = null;
+        $user->save();
+
+        $request->session()->flash('success', trans('auth.change_email_success_message'));
+        return redirect(route('userSettings'));
+    }
+
+    public function resetEmailChangeState(Request $request)
+    {
+        $user = $this->getUser();
+        if (!$user->is_email_change_in_progress)
+        {
+            return redirect(route('userSettings'));
+        }
+
+        $data = $request->all();
+
+        if (isset($data['resend_email']))
+        {
+            $this->sendEmailChangeConfirmationEmail($user, $user->new_email_address);
+            $request->session()->flash('info', trans('auth.change_email_required_message'));
+        }
+
+        if (isset($data['cancel_change']))
+        {
+            $user->is_email_change_in_progress = false;
+            $user->new_email_address = null;
+            $user->save();
+        }
+
+        return redirect(route('userSettings'));
+    }
+
     public function saveSettings(SaveUserSettingsRequest $request)
     {
         $data = $request->only(['name', 'email', 'profile_alias', 'enable_profile_page']);
         $user = $this->getUser();
 
-        if (UserConfig::get('require_email_verification'))
+        if (
+            UserConfig::get('require_email_verification') &&
+            isset($data['email']) &&
+            $data['email'] != $user->email &&
+            !$user->is_email_change_in_progress
+        )
         {
             // Can't update the e-mail directly until the new e-mail address has been verified.
             // TODO - send e-mail and handle response, flag e-mail as being "change in-progress"
             // Send activation e-mail
 
-            // Temporarily change the e-mail address so we can send the activation message
-            $oldEmailAddress = $user->getEmailForPasswordReset();
-            $user->email = $data['email'];
-
-            Mail::to($this->getUser())->send(new UserChangeEmailRequired($this->getUser()));
+            $this->sendEmailChangeConfirmationEmail($user, $data['email']);
             $request->session()->flash('info', trans('auth.change_email_required_message'));
 
             // Flag the user as a change e-mail in progress
-            $user->new_email_address = $user->email;
+            $user->new_email_address = $data['email'];
             $user->is_email_change_in_progress = true;
-            $user->email = $oldEmailAddress;
             $user->save();
 
             unset($data['email']);
+            $request->session()->flash('info', trans('auth.change_email_required_message'));
         }
 
         // Don't allow e-mail address to be changed if a change is in progress
@@ -252,4 +299,13 @@ class UserController extends Controller
 
         return $results;
     }
+
+    private function sendEmailChangeConfirmationEmail(User $user, $newEmailAddress)
+    {
+        $oldEmailAddress = $user->email;
+        $user->email = $newEmailAddress;
+
+        Mail::to($user)->send(new UserChangeEmailRequired($user));
+        $user->email = $oldEmailAddress;
+    }
 }
\ No newline at end of file
diff --git a/resources/lang/en/auth.php b/resources/lang/en/auth.php
index 8ba7e21..b184749 100644
--- a/resources/lang/en/auth.php
+++ b/resources/lang/en/auth.php
@@ -21,7 +21,8 @@ return [
     'activation_required_message' => 'An e-mail containing an activation link has been sent to the e-mail address you provided. ' .
         'Please click the link in this e-mail to activate your account.',
     'change_email_required_message' => 'An e-mail containing an activation link has been sent to the e-mail address you provided. ' .
-    'Please click the link in this e-mail to confirm your new e-mail address.',
+        'Please click the link in this e-mail to confirm your new e-mail address.',
+    'change_email_success_message' => 'Your e-mail address change has been confirmed. You will now need to login with your new e-mail address.',
     'change_password_action' => 'Change password',
     'change_password_title' => 'Change your password',
     'email_password_login' => 'Alternatively, login with your e-mail address and password:',
diff --git a/resources/lang/en/gallery.php b/resources/lang/en/gallery.php
index b1f1b6b..485683a 100644
--- a/resources/lang/en/gallery.php
+++ b/resources/lang/en/gallery.php
@@ -79,6 +79,9 @@ return [
         'no_albums_p2' => ':user_name has not created any albums yet.'
     ],
     'user_settings' => [
+        'cancel_email_change' => 'Don\'t change e-mail address',
+        'change_email_in_progress' => 'To confirm your new e-mail address, please click on the &quot;confirm&quot; link in the e-mail that was sent to: <b>:new_email_address</b>.',
+        'change_email_resend' => 'Re-send confirmation e-mail.',
         'change_password' => 'Change password',
         'settings_saved' => 'Your settings were updated successfully.',
         'title' => 'Change my settings'
diff --git a/resources/views/themes/base/email/user_change_email_required.blade.php b/resources/views/themes/base/email/user_change_email_required.blade.php
index 62018b6..75fe1e4 100644
--- a/resources/views/themes/base/email/user_change_email_required.blade.php
+++ b/resources/views/themes/base/email/user_change_email_required.blade.php
@@ -7,7 +7,7 @@
 
 @lang('email.change_email_required_p2')
 
-@component('mail::button', ['url' => route('auth.activate', ['token' => $user->activation_token]), 'color' => 'blue'])
+@component('mail::button', ['url' => route('userSettings.confirmEmailChangeState'), 'color' => 'blue'])
     @lang('forms.confirm_email_action')
 @endcomponent
 
diff --git a/resources/views/themes/base/gallery/user_settings.blade.php b/resources/views/themes/base/gallery/user_settings.blade.php
index 5bfc8b3..461ab04 100644
--- a/resources/views/themes/base/gallery/user_settings.blade.php
+++ b/resources/views/themes/base/gallery/user_settings.blade.php
@@ -4,7 +4,7 @@
 @section('content')
     <div class="container">
         <div class="row">
-            <div class="col-md-8 mr-md-auto ml-md-auto">
+            <div class="col-lg-8 mr-lg-auto ml-lg-auto">
                 <div class="card">
                     <div class="card-header">
                         <ul class="nav nav-tabs card-header-tabs">
@@ -14,6 +14,17 @@
                         </ul>
                     </div>
                     <div class="card-body">
+                        @if ($user->is_email_change_in_progress)
+                            <div class="alert alert-warning mb-4" role="alert">
+                                <p>@lang('gallery.user_settings.change_email_in_progress', ['new_email_address' => $user->new_email_address])</p>
+                                <form action="{{ route('userSettings.resetEmailChangeState') }}" method="post">
+                                    {{ csrf_field() }}
+                                    <button type="submit" class="btn btn-outline-info" name="resend_email">@lang('gallery.user_settings.change_email_resend')</button>
+                                    <button type="submit" class="btn btn-outline-info" name="cancel_change">@lang('gallery.user_settings.cancel_email_change')</button>
+                                </form>
+                            </div>
+                        @endif
+
                         <form action="{{ route('saveUserSettings') }}" method="post">
                             {{ csrf_field() }}
 
diff --git a/routes/web.php b/routes/web.php
index 3bc1377..ac76124 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -117,6 +117,12 @@ Route::get('label/{labelAlias}', 'Gallery\LabelController@show')
 Route::get('u/{idOrAlias}', 'Gallery\UserController@show')
     ->name('viewUser')
     ->where('idOrAlias', '.*');
+Route::get('me/confirm-email-change', 'Gallery\UserController@confirmEmailChangeState')
+    ->name('userSettings.confirmEmailChangeState')
+    ->middleware('auth');
+Route::post('me/reset-email-change', 'Gallery\UserController@resetEmailChangeState')
+    ->name('userSettings.resetEmailChangeState')
+    ->middleware('auth');
 Route::get('me/settings', 'Gallery\UserController@settings')
     ->name('userSettings')
     ->middleware('auth');