Revert "Revert "Provide ability to update email with confirmation #188""

This reverts commit 6c70768.
AtlasOfLivingAustralia · May 22, 2024 · dfeada8 · dfeada8
1 parent 6c70768
commit dfeada8
Show file tree

Hide file tree

Showing 7 changed files with 125 additions and 8 deletions.
diff --git a/userdetails-cognito/src/main/groovy/au/org/ala/userdetails/CognitoUserService.groovy b/userdetails-cognito/src/main/groovy/au/org/ala/userdetails/CognitoUserService.groovy
@@ -41,6 +41,7 @@ import com.amazonaws.services.cognitoidp.model.SchemaAttributeType
 import com.amazonaws.services.cognitoidp.model.SoftwareTokenMfaSettingsType
 import com.amazonaws.services.cognitoidp.model.UserNotFoundException
 import com.amazonaws.services.cognitoidp.model.UserType
+import com.amazonaws.services.cognitoidp.model.VerifyUserAttributeRequest
 import com.nimbusds.oauth2.sdk.token.AccessToken
 import com.amazonaws.services.cognitoidp.model.VerifySoftwareTokenRequest
 import grails.converters.JSON
@@ -875,6 +876,21 @@ class CognitoUserService implements IUserService<UserRecord, UserPropertyRecord,
         return response.status == "SUCCESS"
     }
 
+    @Override
+    boolean verifyUserAttribute(String attribute, String code) {
+        AccessToken accessToken = tokenService.getAuthToken(true)
+
+        if (accessToken == null) {
+            throw new IllegalStateException("No current user available")
+        }
+        VerifyUserAttributeRequest request = new VerifyUserAttributeRequest()
+        request.accessToken = accessToken.value
+        request.attributeName = attribute
+        request.code = code
+        def response= cognitoIdp.verifyUserAttribute(request)
+        return isSuccessful(response)
+    }
+
     @Override
     void enableMfa(String userId, boolean enable) {
         AdminSetUserMFAPreferenceRequest mfaRequest = new AdminSetUserMFAPreferenceRequest().withUserPoolId(poolId)

diff --git a/userdetails-gorm/src/main/groovy/au/org/ala/userdetails/gorm/GormUserService.groovy b/userdetails-gorm/src/main/groovy/au/org/ala/userdetails/gorm/GormUserService.groovy
@@ -747,6 +747,9 @@ class GormUserService implements IUserService<User, UserProperty, Role, UserRole
     @Override
     boolean verifyUserCode(String userCode){}
 
+    @Override
+    boolean verifyUserAttribute(String attribute, String code) {}
+
     @Override
     void enableMfa(String userId, boolean enable){}
 

diff --git a/userdetails-plugin/grails-app/assets/stylesheets/createAccount.css b/userdetails-plugin/grails-app/assets/stylesheets/createAccount.css
@@ -24,18 +24,22 @@
     border-color: rgba(82, 168, 236, 0.8);
 }
 
-#qrcode, #instruction, #secret, #code, #buttonsDiv, #codeLabel {
+#qrcode, #instruction, #secret, #code, #buttonsDiv, #codeLabel, #newEmailMessage, #newEmail, #emailCodeDiv, #emailCode {
     padding-top: 10px;
 }
 
 #secret {
     color: blue;
 }
 
-#code {
+#code, #newEmail, #emailCode {
     width: 20%;
 }
 
+#requestCode, #verifyCode {
+    margin-top: 10px;
+}
+
 #message {
     color: red;
 }
diff --git a/...etails-plugin/grails-app/controllers/au/org/ala/userdetails/RegistrationController.groovy b/...etails-plugin/grails-app/controllers/au/org/ala/userdetails/RegistrationController.groovy
@@ -501,4 +501,20 @@ class RegistrationController {
 
         return isMFAEnabled && !hasMFAUnsupportedRoles
     }
+
+    def verifyAttributeChangeWithCode(String attribute, String code) {
+        try  {
+            def success = userService.verifyUserAttribute(attribute, code)
+            if (success) {
+                render([success: true] as JSON)
+            }
+            else {
+                render([success: false] as JSON)
+            }
+        } catch (e) {
+            def result = [success: false, error: e.message]
+            render result as JSON
+        }
+
+    }
 }
diff --git a/userdetails-plugin/grails-app/i18n/messages.properties b/userdetails-plugin/grails-app/i18n/messages.properties
@@ -381,4 +381,6 @@ application.a11=Yes, you can access ALA restricted APIs using Python and R by im
 application.q12=Where can I learn more?
 application.a12=We have detailed documentation, including a listing of all available endpoints, on our <a href={0} target="_blank">API Docs Portal</a>.
 application.q13=I'm encountering issues. How can I contact the ALA?
-application.a13=For any questions or technical assistance, please contact our dedicated support team at <a href="mailto:[email protected]">[email protected]</a>.
+application.a13=For any questions or technical assistance, please contact our dedicated support team at <a href="mailto:[email protected]">[email protected]</a>.
+update.email=Update your email
+update.email.desc=Please enter your new email to update the email. The new email will receive a code to which needs to be submitted to verify the new email address.
diff --git a/userdetails-plugin/grails-app/views/registration/createAccount.gsp b/userdetails-plugin/grails-app/views/registration/createAccount.gsp
@@ -159,6 +159,21 @@
                         </div>
                     </div>
                 </g:if>
+                <g:if test="${edit && grailsApplication.config.getProperty('userdetails.cognito.auth', boolean, false)}">
+                    <h2><g:message code="update.email" /></h2>
+                    <p>
+                        <g:message code="update.email.desc" />
+                    </p>
+                    <div id="newEmailDiv">
+                        <p id="newEmailMessage" hidden></p>
+                        <input id="newEmail" name="newEmail" type="text" class="form-control" data-validation-engine="validate[required]"/>
+                        <button class="btn btn-default" id="requestCode">Request Code</button>
+                        <div id="emailCodeDiv" hidden="hidden">
+                            <input id="emailCode" name="emailCode" type="text" class="form-control" data-validation-engine="validate[required]"/>
+                            <button class="btn btn-primary" id="verifyCode">Verify Code</button>
+                        </div>
+                    </div>
+                </g:if>
             </div>
         </div>
         <div class="col-md-4 col-md-pull-8">
@@ -179,8 +194,7 @@
                            data-errormessage-value-missing="${message(code:'create.account.email.is.required')}"
                     />
                 </div>
-                %{--TODO: Should come up with a way to verify the new email address before changing it--}%
-                <g:if test="${!edit}">
+                <g:if test="${!edit || !grailsApplication.config.getProperty('userdetails.cognito.auth', boolean, false)}">
                     <div class="form-group">
                         <label for="confirm-email"><g:message code="create.account.confirm.email.address" /></label>
                         <input id="confirm-email" name="confirm-email" type="text" class="form-control" value="${user?.email}"
@@ -313,11 +327,11 @@
     $(function() {
         userdetails.initCountrySelect('.chosen-select', '#country', '#state', "${g.createLink(uri: '/ws/registration/states')}");
 
-        if("${raw(edit)}"){
-            $("#email").attr('disabled','disabled');
+        if(${raw(edit) && grailsApplication.config.getProperty('userdetails.cognito.auth', boolean, false)}){
+            $("#email").attr('readonly','readonly');
         }
         else{
-            $('#email').removeAttr('disabled');
+            $('#email').removeAttr('readonly');
         }
 
         $('#updateAccountForm').validationEngine('attach', { scroll: false });
@@ -410,6 +424,66 @@
              document.getElementById("mfa").hidden = true
          });
 
+         $("#requestCode").click(function(e) {
+             var newEmail = $("#newEmail").val();
+             if(newEmail == null || newEmail === "") {
+                 document.getElementById("newEmailMessage").innerHTML = "Invalid email"
+                 document.getElementById("newEmailMessage").style.color = "red"
+                 document.getElementById("newEmailMessage").hidden = false
+             }
+             else {
+                 $.ajax({
+                 url: "${createLink(action:'update', controller: 'Registration')}?email=" + newEmail,
+                 type: "GET",
+                 success: function(result){
+                     let error = "A user is already registered with the email address"
+                     if(result.includes("Failed to update user profile")){
+                         if(result.includes(error)){
+                             document.getElementById("newEmailMessage").innerHTML = error
+                         }
+                         else {
+                            document.getElementById("newEmailMessage").innerHTML = 'Error please contact us at <a href="mailto:[email protected]">[email protected]</a>'
+                         }
+                         document.getElementById("newEmailMessage").style.color = "red"
+                         document.getElementById("newEmailMessage").hidden = false
+                         document.getElementById("emailCodeDiv").hidden = true
+                    }
+                     else{
+                        document.getElementById("newEmailMessage").innerHTML = "Please enter the code received in your new email"
+                        document.getElementById("newEmailMessage").style.color = "green"
+                        document.getElementById("newEmailMessage").hidden = false
+                        document.getElementById("emailCodeDiv").hidden = false
+                     }
+                }});
+             }
+         });
+
+         $("#verifyCode").click(function(e) {
+            var emailCode = $("#emailCode").val();
+             if(emailCode == null || emailCode === "") {
+                 document.getElementById("newEmailMessage").innerHTML = "Invalid code"
+                 document.getElementById("newEmailMessage").style.color = "red"
+                 document.getElementById("newEmailMessage").hidden = false
+                 document.getElementById("emailCodeDiv").hidden = false
+             }
+             else {
+                 $.ajax({
+                 url: "${createLink(action:'verifyAttributeChangeWithCode', controller: 'Registration')}?attribute=email&code=" + emailCode,
+                 type: "GET",
+                 success: function(result){
+                     if(result.success){
+                        window.location = "${createLink(uri:'/logout')}"
+                    }
+                     else{
+                         document.getElementById("newEmailMessage").innerHTML = result.error
+                         document.getElementById("newEmailMessage").style.color = "red"
+                         document.getElementById("newEmailMessage").hidden = false
+                         document.getElementById("emailCodeDiv").hidden = false
+                     }
+                }});
+             }
+         });
+
     });
 </asset:script>
 </html>
diff --git a/userdetails-plugin/src/main/groovy/au/org/ala/userdetails/IUserService.groovy b/userdetails-plugin/src/main/groovy/au/org/ala/userdetails/IUserService.groovy
@@ -242,6 +242,8 @@ interface IUserService<U extends IUser<? extends Serializable>, P extends IUserP
 
     boolean verifyUserCode(String userCode)
 
+    boolean verifyUserAttribute(String attribute, String code)
+
     void enableMfa(String userId, boolean enable)
 
 //    *********** Property related services *************