Skip to content

Refactor email change form and confirmation dialog

Alex requested to merge refactor-email-change-confirmation into master

Closes #1582 (closed) Part of #489

What does this MR do?

Changes the way you update your email address. The process of changing the email used to be like this:

  1. You enter a new email address on the profile settings page
  2. You receive a confirmation email to the new address with a link
  3. The link leads to a page where you have to enter your password for confirmation
  4. After submitting this, if the password is correct, your email address is actually changed

The password input (step 3) was probably meant as safety in case the email was sent to a wrong address. The problem is that the password is transmitted in plain text in the url.

I removed the password input from the confirmation, because you have to be logged in to get to that confirmation page anyway. Instead, the change email form (step 1) now contains a second input to repeat your new email address and a password field. The request is sent to a new REST endpoint that does the same as the old Xhr code. Also, I made the login page forward to the referrer again, so that the link will work even if you are not yet logged in.

How confident are you it won't break things if deployed?

Quite sure. This only changes the frontend, i.e. the logic is not altered. Backend should be refactored to REST at some later point.

Links to related issues

How to test

  1. Checkout branch locally
  2. Login as foodsaver
  3. Go to profile settings -> change email
  4. Type in a new email address and submit
  5. See the confirmation email in MailDev http://localhost:18084/
  6. Click the link in the email. This will open the confirmation page. If you are not logged in, you will be redirected to the login page.
  7. Confirm you email
  8. Log out and check that you can log in with your new address

Screenshots (if applicable)

screenshot

screenshot_2

Checklist

  • added a test, or explain why one is not needed/possible...
  • no unrelated changes
  • asked someone for a code review
  • set a "for:" label to indicate who will be affected by this change
  • added to the next milestone (see https://gitlab.com/foodsharing-dev/foodsharing/-/milestones, unless it has a "for:Dev" label)
  • added an entry to CHANGELOG.md
  • added a short text that can be used in the release notes
  • Once your MR has been merged, you are responsible to create a testing issue in the Beta Testing forum: https://foodsharing.de/?page=bezirk&bid=734&sub=forum. Please change the MRs label to "state:Beta testing".
    • Consider writing a detailed description in German.
    • Describe in a few sentences, what should be tested from a user perspective.
    • Also mention different settings (e.g. different browsers, roles, ...) how this change can be tested.
    • Be aware, that also non technical people should understand.

Release notes text in German

Das Formular zum Ändern der eigenen E-Mail-Adresse wurde überarbeitet. In Zukunft wird neben der Bestätigung an die neue Adresse auch eine Benachrichtigung an die alte Adresse gesendet.

Edited by Alex

Merge request reports