Send notif email to old email address on email change.

2019-01-24 14:47:22 -05:00 · 2019-01-24 14:47:22 -05:00 · 3654bcb854
parent 69fefdb2ea
commit 3654bcb854
6 changed files with 43 additions and 1 deletions
--- a/admin/src/components/Emails/emails.ts
+++ b/admin/src/components/Emails/emails.ts
@ -21,6 +21,11 @@ export default [
    title: 'Change email confirmation',
    description: 'Sent when the user has changed their email, to confirm their new one',
  },
+  {
+    id: 'change_email_old',
+    title: 'Change email notification (Old email)',
+    description: 'Sent when the user has changed their email, in case of compromise',
+  },
  {
    id: 'change_password',
    title: 'Change password confirmation',
--- a/backend/grant/admin/example_emails.py
+++ b/backend/grant/admin/example_emails.py
@ -50,6 +50,10 @@ example_email_args = {
        'display_name': user.display_name,
        'confirm_url': 'http://someconfirmurl.com',
    },
+    'change_email_old': {
+        'display_name': user.display_name,
+        'contact_url': 'http://somecontacturl.com',
+    },
    'change_password': {
        'display_name': user.display_name,
        'recover_url': 'http://somerecoverurl.com',
--- a/backend/grant/email/send.py
+++ b/backend/grant/email/send.py
@ -46,6 +46,14 @@ def change_email_info(email_args):
    }


+def change_email_old_info(email_args):
+    return {
+        'subject': 'Your email has been changed',
+        'title': 'Email changed',
+        'preview': 'Your email address has been updated on ZF Grants'
+    }
+
+
 def change_password_info(email_args):
    return {
        'subject': 'Your password has been changed',
@ -135,6 +143,7 @@ get_info_lookup = {
    'team_invite': team_invite_info,
    'recover': recover_info,
    'change_email': change_email_info,
+    'change_email_old': change_email_old_info,
    'change_password': change_password_info,
    'proposal_approved': proposal_approved,
    'proposal_rejected': proposal_rejected,
--- a/backend/grant/templates/emails/change_email_old.html
+++ b/backend/grant/templates/emails/change_email_old.html
@ -0,0 +1,14 @@
+<p style="margin: 0 0 20px;">
+    Hey {{ args.display_name }}, you just changed your email. Your new email
+    address was also sent an email to confirm your new one. If you did this,
+    you can safely delete this message.
+  </p>
+  
+  <p style="margin: 0;">
+    If it wasn't you who did this, you should
+    <a href="{{ args.contact_url }}"  target="_blank" style="color: #CF8A00;">
+      contact support
+    </a>
+    immediately.
+  </p>
+  
--- a/backend/grant/templates/emails/change_email_old.txt
+++ b/backend/grant/templates/emails/change_email_old.txt
@ -0,0 +1,5 @@
+Hey {{ args.display_name }}, you just changed your email. Your new email address was also sent an email to confirm your new one. If you did this, you can safely delete this message.
+
+If it wasn't you who did this, you should contact support immediately.
+
+{{ args.contact_url }}
--- a/backend/grant/user/models.py
+++ b/backend/grant/user/models.py
@ -188,6 +188,7 @@ class User(db.Model, UserMixin):

    def set_email(self, email: str):
        # Update email address
+        old_email = self.email_address
        self.email_address = email
        # Delete old verification(s?)
        old_evs = EmailVerification.query.filter_by(user_id=self.id).all()
@ -196,8 +197,12 @@ class User(db.Model, UserMixin):
        # Generate a new one
        ev = EmailVerification(user_id=self.id)
        db.session.add(ev)
-        # Save changes & send a verification email
+        # Save changes & send notification & verification emails
        db.session.commit()
+        send_email(old_email, 'change_email_old', {
+            'display_name': self.display_name,
+            'contact_url': make_url('/contact')
+        })
        send_email(self.email_address, 'change_email', {
            'display_name': self.display_name,
            'confirm_url': make_url(f'/email/verify?code={ev.code}')