From ad018c6f39d585f7bc2c7cd79bff774bc3fcf945 Mon Sep 17 00:00:00 2001
From: Julian Herrero <microweb10@gmail.com>
Date: Wed, 13 Apr 2022 13:19:18 +0200
Subject: [PATCH] Send informative email for already confirmed users

Currently the application does not send any email to confirm the
account for already confirmed users. But we show a notice message
that may look like you will recive one:

"If your email address exists in our database, you will receive
 an email with instructions for how to confirm your email address
 in a few minutes."

In this commit we keep the original message, but send an email to
the user informing them that their account is now registered.

This way no one can know if someone else's account is confirmed and
we don't have to worry about GDPR either.

Co-Authored-By: taitus <sebastia.roig@gmail.com>
---
 .../users/confirmations_controller.rb         | 13 ++++++++++
 app/mailers/mailer.rb                         |  9 +++++++
 app/views/mailer/already_confirmed.html.erb   | 17 ++++++++++++
 config/locales/en/mailers.yml                 |  4 +++
 config/locales/es/mailers.yml                 |  4 +++
 spec/system/users_auth_spec.rb                | 26 ++++++++++++++++++-
 6 files changed, 72 insertions(+), 1 deletion(-)
 create mode 100644 app/views/mailer/already_confirmed.html.erb

diff --git a/app/controllers/users/confirmations_controller.rb b/app/controllers/users/confirmations_controller.rb
index 45f9dddf5..71cd3a13d 100644
--- a/app/controllers/users/confirmations_controller.rb
+++ b/app/controllers/users/confirmations_controller.rb
@@ -1,4 +1,17 @@
 class Users::ConfirmationsController < Devise::ConfirmationsController
+  # POST /resource/confirmation
+  def create
+    self.resource = resource_class.send_confirmation_instructions(resource_params)
+    yield resource if block_given?
+
+    if successfully_sent?(resource)
+      Mailer.already_confirmed(resource).deliver_later unless resource.confirmation_required?
+      respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
+    else
+      respond_with(resource)
+    end
+  end
+
   # new action, PATCH does not exist in the default Devise::ConfirmationsController
   # PATCH /resource/confirmation
   def update
diff --git a/app/mailers/mailer.rb b/app/mailers/mailer.rb
index b0c0d3541..1f6707e29 100644
--- a/app/mailers/mailer.rb
+++ b/app/mailers/mailer.rb
@@ -144,6 +144,15 @@ class Mailer < ApplicationMailer
     mail(to: @email_to, subject: t("mailers.machine_learning_success.subject"))
   end
 
+  def already_confirmed(user)
+    @email_to = user.email
+    @user = user
+
+    with_user(@user) do
+      mail(to: @email_to, subject: t("mailers.already_confirmed.subject"))
+    end
+  end
+
   private
 
     def with_user(user, &block)
diff --git a/app/views/mailer/already_confirmed.html.erb b/app/views/mailer/already_confirmed.html.erb
new file mode 100644
index 000000000..f517b8408
--- /dev/null
+++ b/app/views/mailer/already_confirmed.html.erb
@@ -0,0 +1,17 @@
+<td style="padding-bottom: 20px; padding-left: 10px;">
+
+  <h1 style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;">
+    <%= t("mailers.already_confirmed.subject") %>
+  </h1>
+
+  <p style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;font-size: 14px;line-height: 24px;">
+    <%= t("mailers.already_confirmed.info") %>
+  </p>
+
+  <p style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;font-size: 14px;line-height: 24px;">
+    <%= t("mailers.already_confirmed.new_password") %>
+  </p>
+  <p style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;font-size: 14px;font-weight: normal;line-height: 24px;">
+    <%= link_to t("devise_views.shared.links.new_password"), new_password_url(@user), style: "color: #2895F1; text-decoration:none;" %>
+  </p>
+</td>
diff --git a/config/locales/en/mailers.yml b/config/locales/en/mailers.yml
index f70669073..e3601ef90 100644
--- a/config/locales/en/mailers.yml
+++ b/config/locales/en/mailers.yml
@@ -2,6 +2,10 @@ en:
   mailers:
     title: "Open Government"
     no_reply: "This message was sent from an email address that does not accept replies."
+    already_confirmed:
+      info: "We've received a request to send you instructions to confirm your account. However, your account is already confirmed, so there's no need to do so again."
+      new_password: "If you've forgotten your password, you can reset it at the following link:"
+      subject: Your account is already confirmed
     comment:
       hi: Hi
       new_comment_by: There is a new comment from <strong>%{commenter}</strong>
diff --git a/config/locales/es/mailers.yml b/config/locales/es/mailers.yml
index 0cc21c5b5..ada78196f 100644
--- a/config/locales/es/mailers.yml
+++ b/config/locales/es/mailers.yml
@@ -2,6 +2,10 @@ es:
   mailers:
     title: "Gobierno abierto"
     no_reply: "Este mensaje se ha enviado desde una dirección de correo electrónico que no admite respuestas."
+    already_confirmed:
+      info: "Hemos recibido una solicitud para enviarte instrucciones para confirmar tu cuenta. Sin embargo, tu cuenta ya está confirmada, por lo que no es necesario volver a hacerlo."
+      new_password: "Si has olvidado tu contraseña, puedes restablecerla en el siguiente enlace:"
+      subject: Tu cuenta ya está confirmada
     comment:
       hi: Hola
       new_comment_by: Hay un nuevo comentario de <strong>%{commenter}</strong> en
diff --git a/spec/system/users_auth_spec.rb b/spec/system/users_auth_spec.rb
index 08be0a55d..a1e4e7be0 100644
--- a/spec/system/users_auth_spec.rb
+++ b/spec/system/users_auth_spec.rb
@@ -585,7 +585,8 @@ describe "Users" do
   end
 
   scenario "Re-send confirmation instructions" do
-    create(:user, email: "manuela@consul.dev")
+    create(:user, email: "manuela@consul.dev", confirmed_at: nil)
+    ActionMailer::Base.deliveries.clear
 
     visit "/"
     click_link "Sign in"
@@ -596,9 +597,13 @@ describe "Users" do
 
     expect(page).to have_content "If your email address exists in our database, in a few minutes you will "\
                                  "receive an email with instructions on how to confirm your email address."
+    expect(ActionMailer::Base.deliveries.count).to eq(1)
+    expect(ActionMailer::Base.deliveries.first.to).to eq(["manuela@consul.dev"])
+    expect(ActionMailer::Base.deliveries.first.subject).to eq("Confirmation instructions")
   end
 
   scenario "Re-send confirmation instructions with unexisting email" do
+    ActionMailer::Base.deliveries.clear
     visit "/"
     click_link "Sign in"
     click_link "Haven't received instructions to activate your account?"
@@ -608,6 +613,25 @@ describe "Users" do
 
     expect(page).to have_content "If your email address exists in our database, in a few minutes you will "\
                                  "receive an email with instructions on how to confirm your email address."
+    expect(ActionMailer::Base.deliveries.count).to eq(0)
+  end
+
+  scenario "Re-send confirmation instructions with already verified email" do
+    ActionMailer::Base.deliveries.clear
+
+    create(:user, email: "manuela@consul.dev")
+
+    visit new_user_session_path
+    click_link "Haven't received instructions to activate your account?"
+
+    fill_in "user_email", with: "manuela@consul.dev"
+    click_button "Re-send instructions"
+
+    expect(page).to have_content "If your email address exists in our database, in a few minutes you will "\
+                                 "receive an email with instructions on how to confirm your email address."
+    expect(ActionMailer::Base.deliveries.count).to eq(1)
+    expect(ActionMailer::Base.deliveries.first.to).to eq(["manuela@consul.dev"])
+    expect(ActionMailer::Base.deliveries.first.subject).to eq("Your account is already confirmed")
   end
 
   scenario "Sign in, admin with password expired" do