Class: UsersEmailController

Inherits:
ApplicationController show all
Defined in:
app/controllers/users_email_controller.rb

Constant Summary

Constants inherited from ApplicationController

ApplicationController::CHALLENGE_KEY, ApplicationController::HONEYPOT_KEY, ApplicationController::LEGACY_NO_THEMES, ApplicationController::LEGACY_NO_UNOFFICIAL_PLUGINS, ApplicationController::NO_PLUGINS, ApplicationController::NO_THEMES, ApplicationController::NO_UNOFFICIAL_PLUGINS, ApplicationController::SAFE_MODE

Constants included from CanonicalURL::ControllerExtensions

CanonicalURL::ControllerExtensions::ALLOWED_CANONICAL_PARAMS

Instance Attribute Summary

Attributes inherited from ApplicationController

#theme_id

Instance Method Summary collapse

Methods inherited from ApplicationController

#application_layout, #can_cache_content?, #clear_notifications, #conditionally_allow_site_embedding, #current_homepage, #discourse_expires_in, #dont_cache_page, #ember_cli_required?, #fetch_user_from_params, #guardian, #handle_permalink, #handle_theme, #handle_unverified_request, #has_escaped_fragment?, #immutable_for, #login_method, #no_cookies, #perform_refresh_session, #post_ids_including_replies, #preload_json, #rate_limit_second_factor!, #redirect_with_client_support, #render_json_dump, #render_serialized, requires_plugin, #rescue_discourse_actions, #resolve_safe_mode, #secure_session, #serialize_data, #set_current_user_for_logs, #set_layout, #set_mobile_view, #set_mp_snapshot_fields, #show_browser_update?, #store_preloaded, #use_crawler_layout?, #with_resolved_locale

Methods included from VaryHeader

#ensure_vary_header

Methods included from ThemeResolver

resolve_theme_id

Methods included from ReadOnlyMixin

#add_readonly_header, #allowed_in_staff_writes_only_mode?, #block_if_readonly_mode, #check_readonly_mode, #get_or_check_readonly_mode, #get_or_check_staff_writes_only_mode, included, #staff_writes_only_mode?

Methods included from Hijack

#hijack

Methods included from GlobalPath

#cdn_path, #cdn_relative_path, #full_cdn_url, #path, #upload_cdn_path

Methods included from JsonError

#create_errors_json

Methods included from CanonicalURL::ControllerExtensions

#canonical_url, #default_canonical, included

Methods included from CurrentUser

#clear_current_user, #current_user, has_auth_cookie?, #is_api?, #is_user_api?, #log_off_user, #log_on_user, lookup_from_env, #refresh_session

Instance Method Details

#confirm_new_emailObject



56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# File 'app/controllers/users_email_controller.rb', line 56

def confirm_new_email
  change_request = load_change_request(:new)

  result =
    run_second_factor!(SecondFactor::Actions::ConfirmEmail, target_user: change_request.user)

  if result.no_second_factors_enabled? || result.second_factor_auth_completed?
    updater = EmailUpdater.new
    if updater.confirm(params[:token]) == :complete
      updater.user.user_stat.reset_bounce_score!
      render json: success_json
    else
      render json: { error: I18n.t("change_email.already_done") }, status: 400
    end
  end
end

#confirm_old_emailObject



85
86
87
88
89
90
91
92
93
94
# File 'app/controllers/users_email_controller.rb', line 85

def confirm_old_email
  load_change_request(:old)

  updater = EmailUpdater.new
  if updater.confirm(params[:token]) == :authorizing_new
    render json: success_json
  else
    render json: { error: I18n.t("change_email.already_done") }, status: 400
  end
end

#createObject



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# File 'app/controllers/users_email_controller.rb', line 20

def create
  return render json: failed_json, status: 410 if !SiteSetting.enable_secondary_emails

  params.require(:email)
  user = fetch_user_from_params

  RateLimiter.new(user, "email-hr-#{request.remote_ip}", 6, 1.hour).performed!
  RateLimiter.new(user, "email-min-#{request.remote_ip}", 3, 1.minute).performed!

  updater = EmailUpdater.new(guardian: guardian, user: user)
  updater.change_to(params[:email], add: true)

  return render_json_error(updater.errors.full_messages) if updater.errors.present?

  render body: nil
rescue RateLimiter::LimitExceeded
  render_json_error(I18n.t("rate_limiter.slow_down"))
end

#indexObject



17
18
# File 'app/controllers/users_email_controller.rb', line 17

def index
end

#show_confirm_new_emailObject



73
74
75
76
77
78
79
80
81
82
83
# File 'app/controllers/users_email_controller.rb', line 73

def show_confirm_new_email
  return render "default/empty" if request.format.html?

  change_request = load_change_request(:new)

  render json: {
           new_email: change_request.new_email,
           old_email: change_request.old_email,
           token: params[:token],
         }
end

#show_confirm_old_emailObject



96
97
98
99
100
101
102
103
104
105
106
# File 'app/controllers/users_email_controller.rb', line 96

def show_confirm_old_email
  return render "default/empty" if request.format.html?

  change_request = load_change_request(:old)

  render json: {
           new_email: change_request.new_email,
           old_email: change_request.old_email,
           token: params[:token],
         }
end

#updateObject



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'app/controllers/users_email_controller.rb', line 39

def update
  params.require(:email)
  user = fetch_user_from_params

  RateLimiter.new(user, "email-hr-#{request.remote_ip}", 6, 1.hour).performed!
  RateLimiter.new(user, "email-min-#{request.remote_ip}", 3, 1.minute).performed!

  updater = EmailUpdater.new(guardian: guardian, user: user)
  updater.change_to(params[:email])

  return render_json_error(updater.errors.full_messages) if updater.errors.present?

  render body: nil
rescue RateLimiter::LimitExceeded
  render_json_error(I18n.t("rate_limiter.slow_down"))
end