kmx.io/kmxgit

Browse

Commit f18846ed2825e21ae697fa44397d56f2da714700

Thomas de Grivel 2021-12-28T07:13:44

email security notifications 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

diff --git a/lib/kmxgit/user_manager.ex b/lib/kmxgit/user_manager.ex
index 219b7d1..e09de07 100644
--- a/lib/kmxgit/user_manager.ex
+++ b/lib/kmxgit/user_manager.ex
@@ -75,11 +75,12 @@ defmodule Kmxgit.UserManager do
   end
 
   def update_user_email(user, token) do
+    old = user.email
     context = "change:#{user.email}"
-
     with {:ok, query} <- UserToken.verify_change_email_token_query(token, context),
          %UserToken{sent_to: email} <- Repo.one(query),
-         {:ok, _} <- Repo.transaction(user_email_multi(user, email, context)) do
+         {:ok, _} <- Repo.transaction(user_email_multi(user, email, context)),
+         _ <- UserNotifier.deliver_email_changed_email(old, email) do
       :ok
     else
       _ -> :error
@@ -117,8 +118,10 @@ defmodule Kmxgit.UserManager do
     |> Ecto.Multi.delete_all(:tokens, UserToken.user_and_contexts_query(user, :all))
     |> Repo.transaction()
     |> case do
-      {:ok, %{user: user}} -> {:ok, user}
-      {:error, :user, changeset, _} -> {:error, changeset}
+         {:ok, %{user: user}} ->
+           UserNotifier.deliver_password_changed_email(user)
+           {:ok, user}
+         {:error, :user, changeset, _} -> {:error, changeset}
     end
   end
 
@@ -202,9 +205,17 @@ defmodule Kmxgit.UserManager do
   end
 
   def update_user(%User{} = user, attrs) do
-    user
-    |> User.changeset(attrs)
-    |> Repo.update()
+    old_login = user.login
+    case user
+         |> User.changeset(attrs)
+         |> Repo.update() do
+      {:ok, u} ->
+        if u.login != old_login do
+          UserNotifier.deliver_login_changed_email(u, old_login, u.login)
+        end
+        {:ok, u}
+      x -> x
+    end
   end
 
   def admin_update_user(%User{} = user, attrs) do
diff --git a/lib/kmxgit/user_manager/user_notifier.ex b/lib/kmxgit/user_manager/user_notifier.ex
index c03bae7..a971577 100644
--- a/lib/kmxgit/user_manager/user_notifier.ex
+++ b/lib/kmxgit/user_manager/user_notifier.ex
@@ -22,9 +22,6 @@ defmodule Kmxgit.UserManager.UserNotifier do
   """
   def deliver_confirmation_instructions(user, url) do
     deliver(user.email, "Confirmation instructions", """
-
-    ==============================
-
     Hi #{user.email},
 
     You can confirm your account by visiting the URL below:
@@ -32,8 +29,6 @@ defmodule Kmxgit.UserManager.UserNotifier do
     #{url}
 
     If you didn't create an account with us, please ignore this.
-
-    ==============================
     """)
   end
 
@@ -42,9 +37,6 @@ defmodule Kmxgit.UserManager.UserNotifier do
   """
   def deliver_reset_password_instructions(user, url) do
     deliver(user.email, "Reset password instructions", """
-
-    ==============================
-
     Hi #{user.email},
 
     You can reset your password by visiting the URL below:
@@ -52,8 +44,6 @@ defmodule Kmxgit.UserManager.UserNotifier do
     #{url}
 
     If you didn't request this change, please ignore this.
-
-    ==============================
     """)
   end
 
@@ -62,9 +52,6 @@ defmodule Kmxgit.UserManager.UserNotifier do
   """
   def deliver_update_email_instructions(user, url) do
     deliver(user.email, "Update email instructions", """
-
-    ==============================
-
     Hi #{user.email},
 
     You can change your email by visiting the URL below:
@@ -72,8 +59,42 @@ defmodule Kmxgit.UserManager.UserNotifier do
     #{url}
 
     If you didn't request this change, please ignore this.
+    """)
+  end
+
+  def deliver_login_changed_email(user, old_login, new_login) do
+    deliver(user.email, "Your login was changed", """
+    Hi #{user.email},
+
+    Your login was changed from #{old_login} to #{new_login}.
+
+    If you didn't request this change, please reply to this e-mail.
+    """)
+  end
+
+  defp email_changed_email_body(email, old, new) do
+    """
+    Hi #{email},
+
+    Your e-mail address was changed from #{old} to #{new}.
+
+    If you didn't request this change, please reply to this e-mail.
+    """
+  end
+
+  def deliver_email_changed_email(old, new) do
+    subject = "Your email address was changed"
+    deliver(old, subject, email_changed_email_body(old, old, new))
+    deliver(new, subject, email_changed_email_body(new, old, new))
+  end
+
+  def deliver_password_changed_email(user) do
+    deliver(user.email, "Your password was changed", """
+    Hi #{user.email},
+
+    Your password was changed.
 
-    ==============================
+    If you didn't request this change, please reply to this e-mail.
     """)
   end
 end
kmx.io     mail     discord kmxgit v0.4.0