From 5a041e89c4c01cd347e1e287753d47339d304575 Mon Sep 17 00:00:00 2001
From: rgarcia <voodoorai2000@gmail.com>
Date: Fri, 2 Mar 2018 17:00:56 +0100
Subject: [PATCH] Fix change email address
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Not sure how this error creeped in 😕 probably a new gem version or
other conflicting code

The problem was we were getting an `unpermitted param email` when
updating a user’s email address

This stackoverflow solution seems to work nicely 😌
https://stackoverflow.com/questions/17384289/unpermitted-parameters-addi
ng-new-fields-to-devise-in-rails-4-0#answer-19036427
---
 .../users/registrations_controller.rb         |  5 +++
 spec/features/account_spec.rb                 | 34 +++++++++++++++++++
 2 files changed, 39 insertions(+)

diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
index 17262cd96..ed8f3d0c4 100644
--- a/app/controllers/users/registrations_controller.rb
+++ b/app/controllers/users/registrations_controller.rb
@@ -1,5 +1,6 @@
 class Users::RegistrationsController < Devise::RegistrationsController
   prepend_before_action :authenticate_scope!, only: [:edit, :update, :destroy, :finish_signup, :do_finish_signup]
+  before_filter :configure_permitted_parameters
 
   invisible_captcha only: [:create], honeypot: :family_name, scope: :user
 
@@ -64,6 +65,10 @@ class Users::RegistrationsController < Devise::RegistrationsController
                                    :redeemable_code)
     end
 
+    def configure_permitted_parameters
+      devise_parameter_sanitizer.for(:account_update).push(:email)
+    end
+
     def erase_params
       params.require(:user).permit(:erase_reason)
     end
diff --git a/spec/features/account_spec.rb b/spec/features/account_spec.rb
index fdb98b37d..2713815ae 100644
--- a/spec/features/account_spec.rb
+++ b/spec/features/account_spec.rb
@@ -50,6 +50,40 @@ feature 'Account' do
     expect(find("#account_email_on_direct_message")).not_to be_checked
   end
 
+  scenario 'Edit email address' do
+    visit account_path
+
+    click_link "Change my credentials"
+    fill_in "user_email", with: "new_user_email@example.com"
+    fill_in "user_password", with: "new_password"
+    fill_in "user_password_confirmation", with: "new_password"
+    fill_in "user_current_password", with: "judgmentday"
+
+    click_button "Update"
+
+    notice = 'Your account has been updated successfully;'\
+             ' however, we need to verify your new email address.'\
+             ' Please check your email and click on the link to'\
+             ' complete the confirmation of your new email address.'
+    expect(page).to have_content notice
+
+    email = open_last_email
+    visit_in_email("Confirm my account")
+
+    logout
+    visit root_path
+    click_link "Sign in"
+    fill_in "user_login", with: "new_user_email@example.com"
+    fill_in "user_password", with: "new_password"
+    click_button "Enter"
+
+    expect(page).to have_content "You have been signed in successfully."
+
+    visit account_path
+    click_link "Change my credentials"
+    expect(page).to have_selector("input[value='new_user_email@example.com']")
+  end
+
   scenario 'Edit Organization' do
     create(:organization, user: @user, name: "Manuela Corp")
     visit account_path