LG-1499 Update email address column after delete (#3064)

**Why**: To make sure the email address on the user model is an email the user actually has
18F · Jul 2, 2019 · 2cc78e0 · 2cc78e0
1 parent dcfaeb3
commit 2cc78e0
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 0 deletions.
diff --git a/app/forms/delete_user_email_form.rb b/app/forms/delete_user_email_form.rb
@@ -17,10 +17,29 @@ def submit
 
   private
 
+  # When the user deletes an email address, we need to make sure we update the email columns on the
+  # user model with the values from an email address record to make sure they are not occupied by
+  # the email address the user deleted
+  #
+  # In order to do this, we need to update the columns without running the callbacks. Running the
+  # callback will cause the code that updates the email address table when there are changes to
+  # the user model to run
+  #
+  # rubocop:disable Rails/SkipsModelValidations
+  def update_user_email_column
+    new_email_address = user.confirmed_email_addresses.take
+    user.update_columns(
+      encrypted_email: new_email_address.encrypted_email,
+      email_fingerprint: new_email_address.email_fingerprint,
+    )
+  end
+  # rubocop:enable Rails/SkipsModelValidations
+
   def email_address_destroyed
     return false unless EmailPolicy.new(@user).can_delete_email?(@email_address)
     return false if email_address.destroy == false
     user.email_addresses.reload
+    update_user_email_column
     true
   end
 end
diff --git a/db/schema.rb b/db/schema.rb
@@ -331,6 +331,7 @@
     t.string "encrypted_recovery_code_digest", default: ""
     t.datetime "remember_device_revoked_at"
     t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
+    t.index ["email_fingerprint"], name: "index_users_on_email_fingerprint", unique: true
     t.index ["encrypted_otp_secret_key"], name: "index_users_on_encrypted_otp_secret_key", unique: true
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
     t.index ["unconfirmed_email"], name: "index_users_on_unconfirmed_email"

diff --git a/spec/features/multiple_emails/email_management_spec.rb b/spec/features/multiple_emails/email_management_spec.rb
@@ -66,6 +66,25 @@
       expect(UserMailer).to have_received(:email_deleted).twice
     end
 
+    it 'allows a user to create an account with the old email address' do
+      user = create(:user, :signed_up)
+      original_email = user.email
+      original_email_address = user.email_addresses.first
+      create(:email_address, user: user)
+
+      sign_in_and_2fa_user(user)
+
+      visit manage_email_confirm_delete_url(id: original_email_address.id)
+      click_button t('forms.email.buttons.delete')
+
+      Capybara.reset_session!
+
+      sign_up_with(original_email)
+      open_last_email
+      click_email_link_matching(/confirmation_token/)
+      expect(page).to have_content(t('devise.confirmations.confirmed'))
+    end
+
     def delete_link_not_displayed(email)
       delete_link_path = manage_email_confirm_delete_url(id: email.id)
       expect(page).to_not have_link(t('forms.buttons.delete'), href: delete_link_path)