Rework e-mail change

Fixes: #45

Author: MrBartusek

apps/api/src/auth/auth.controller.ts

@@ -4,6 +4,7 @@ import {
 	Controller,
 	HttpCode,
 	Logger,
+	NotFoundException,
 	Post,
 	Req,
 	UseGuards,
@@ -21,6 +22,7 @@ import { ChangePasswordDto } from './dto/change-password.dto';
 import { UserRegisterDto } from './dto/user-register.dto';
 import { AuthenticatedGuard } from './guards/authenticated.guard';
 import { LocalAuthGuard } from './guards/local-auth.guard';
+import { UpdateEmailDto } from './dto/update-email.dto';
 
 @Controller('auth')
 @ApiTags('auth')
@@ -85,4 +87,15 @@ export class AuthController {
 		await this.authService.updateUserPassword(user._id, body.newPassword);
 		return User.toPrivateDto(user);
 	}
+
+	@Post('change-email')
+	async changeEmail(@Req() request: Request, @Body() dto: UpdateEmailDto) {
+		const userId = new Types.ObjectId(request.user.id);
+		const user = await this.authService.validateUserByUserId(userId, dto.password);
+
+		await this.authService.updateUserEmail(user._id, dto.email);
+		await this.authEmailsService.sendEmailConfirmation(user._id);
+
+		return User.toPrivateDto(user);
+	}
 }

apps/api/src/auth/auth.service.ts

@@ -64,6 +64,11 @@ export class AuthService {
 		return this.usersService.findOneByIdAndUpdate(userId, { 'auth.password': hash });
 	}
 
+	async updateUserEmail(userId: Types.ObjectId, email: string): Promise<UserDocument> {
+		await this.usersService.setConfirmed(userId, false);
+		return this.usersService.updateEmail(userId, email);
+	}
+
 	private hashPassword(input: string): Promise<string> {
 		return bcrypt.hash(input, 12);
 	}

apps/api/src/auth/dto/update-email.dto.ts

@@ -0,0 +1,12 @@
+import { IsEmail, Length, Validate } from 'class-validator';
+import { IUpdateEmailDto } from 'shared-types';
+import { EmailNotTakenRule } from '../../rules/email-not-taken.rule';
+
+export class UpdateEmailDto implements IUpdateEmailDto {
+	@Length(4, 32)
+	password: string;
+
+	@IsEmail()
+	@Validate(EmailNotTakenRule)
+	email: string;
+}

apps/api/src/models/users/users.service.ts

@@ -1,4 +1,4 @@
-import { Injectable, Logger, NotFoundException } from '@nestjs/common';
+import { BadRequestException, Injectable, Logger, NotFoundException } from '@nestjs/common';
 import { FilterQuery, Types, UpdateQuery } from 'mongoose';
 import { GravatarService } from '../../gravatar/gravatar.service';
 import { ImagesService } from '../../images/images.service';
@@ -56,6 +56,21 @@ export class UsersService {
 		return await this.userRepository.findOneByIdAndUpdate(id, user);
 	}
 
+	async updateEmail(id: Types.ObjectId, email: string): Promise<UserDocument | null> {
+		const user = await this.findById(id);
+		if (!user) return null;
+
+		if (user.profile.email == email) {
+			throw new BadRequestException('New email address is identical to the current one');
+		}
+
+		return this.userRepository.findOneByIdAndUpdate(id, {
+			$set: {
+				'profile.email': email,
+			},
+		});
+	}
+
 	async delete(id: Types.ObjectId): Promise<UserDocument> {
 		const user = await this.userRepository.deleteOneById(id);
 		this.imagesService.deleteImage(user.profile);

apps/client/src/components/Pages/User/UserEmailChangeTab.tsx

@@ -1,7 +1,10 @@
+import UserEmailChangeForm from '../../User/UserEmailChangeForm';
+
 function UserEmailChangeTab() {
 	return (
 		<div className="mt-8">
-			<h2 className="mb-4 text-3xl">Change E-mail address</h2>
+			<h2 className="mb-6 text-3xl">Change E-mail address</h2>
+			<UserEmailChangeForm />
 		</div>
 	);
 }

apps/client/src/components/Pages/User/UserPasswordChangeTab.tsx

@@ -3,7 +3,7 @@ import UserChangePasswordForm from '../../User/UserChangePasswordForm';
 function UserPasswordChangeTab() {
 	return (
 		<div className="mt-8">
-			<h2 className="mb-4 text-3xl">Change password</h2>
+			<h2 className="mb-6 text-3xl">Change password</h2>
 			<UserChangePasswordForm />
 		</div>
 	);

apps/client/src/components/Pages/User/UserSecurityTab.tsx

@@ -1,4 +1,4 @@
-import { BsShieldLock } from 'react-icons/bs';
+import { BsEnvelopeAt, BsShieldLock } from 'react-icons/bs';
 import IconButton from '../../IconButton';
 import UserDangerZone from '../../User/UserDangerZone';
 import { Link } from 'react-router-dom';
@@ -10,9 +10,14 @@ function UserSecurityTab() {
 			<p className="mb-6 text-muted">
 				Manage options to secure your account and protect your privacy.
 			</p>
-			<Link to="../change-password">
-				<IconButton icon={BsShieldLock}>Change password</IconButton>
-			</Link>
+			<div className="flex gap-4">
+				<Link to="../change-password">
+					<IconButton icon={BsShieldLock}>Change password</IconButton>
+				</Link>
+				<Link to="../change-email">
+					<IconButton icon={BsEnvelopeAt}>Change E-mail</IconButton>
+				</Link>
+			</div>
 
 			<UserDangerZone />
 		</div>

apps/client/src/components/User/UserEmailChangeForm.tsx

@@ -0,0 +1,78 @@
+import axios from 'axios';
+import { useContext, useState } from 'react';
+import { useForm } from 'react-hook-form';
+import toast from 'react-hot-toast';
+import { IChangePasswordDto, IUpdateEmailDto } from 'shared-types';
+import { UserContext } from '../../context/UserContext';
+import { Utils } from '../../utils/utils';
+import Form from '../Form/Form';
+import FormField from '../Form/FormField';
+import FormInput from '../Form/FormInput';
+import FormSubmitButton from '../Form/FormSubmitButton';
+import Alert from '../Helpers/Alert';
+import { useNavigate } from 'react-router-dom';
+
+type Inputs = {
+	password: string;
+	email: string;
+};
+
+function UserEmailChangeForm() {
+	const { register, handleSubmit } = useForm<Inputs>();
+	const [loading, setLoading] = useState(false);
+	const [error, setError] = useState<string | null>(null);
+
+	const navigate = useNavigate();
+
+	function onSubmit(inputs: Inputs) {
+		setLoading(true);
+		setError(null);
+
+		const dto: IUpdateEmailDto = inputs;
+
+		axios
+			.post<void>(`/api/auth/change-email`, dto)
+			.then(async () => {
+				navigate('..');
+				toast.success(`Successfully changed e-mail address`);
+			})
+			.catch((err) => setError(Utils.requestErrorToString(err)))
+			.finally(() => setLoading(false));
+	}
+
+	return (
+		<Form
+			onSubmit={handleSubmit(onSubmit)}
+			loading={loading}
+		>
+			{error && <Alert>{error}</Alert>}
+
+			<FormField
+				label="Current password"
+				hint="Confirm your current password"
+				required
+			>
+				<FormInput
+					type="password"
+					required
+					{...register('password', { required: true })}
+				/>
+			</FormField>
+
+			<FormField
+				label="New E-mail address"
+				required
+			>
+				<FormInput
+					type="email"
+					required
+					{...register('email', { required: true })}
+				/>
+			</FormField>
+
+			<FormSubmitButton>Change E-mail address</FormSubmitButton>
+			<span className="ms-4 text-muted">(You will need to confirm this e-mail)</span>
+		</Form>
+	);
+}
+export default UserEmailChangeForm;

packages/shared-types/src/index.ts

@@ -25,6 +25,7 @@ import { ProductDto } from './product/ProductDto';
 import { ICreateSecurityRuleDto } from './security/ICreateSecurityRuleDto';
 import { IDeleteSecurityRuleDto } from './security/IDeleteSecurityRoleDto';
 import { IUpdateSecurityRuleDto } from './security/IUpdateSecurityRuleDto';
+import { IUpdateEmailDto } from './user/IUpdateEmailDto';
 import { IUpdateUserDto } from './user/IUpdateUserDto';
 import { PrivateUserDto } from './user/PrivateUserDto';
 import { UserDto } from './user/UserDto';
@@ -69,6 +70,7 @@ export {
     UserLoginDto,
     WarehouseDto,
     IResetPasswordDto,
-    IChangePasswordDto
+    IChangePasswordDto,
+    IUpdateEmailDto
 };
 

packages/shared-types/src/user/IUpdateEmailDto.ts

@@ -0,0 +1,5 @@
+
+export interface IUpdateEmailDto {
+    password: string;
+    email: string;
+}