-
Notifications
You must be signed in to change notification settings - Fork 7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: show dialog when changing email after using Google Login #9611
feat: show dialog when changing email after using Google Login #9611
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
1 Ignored Deployment
|
@JaideepGuntupalli is attempting to deploy a commit to the cal Team on Vercel. A member of the Team first needs to authorize it. |
📦 Next.js Bundle Analysis for @calcom/webThis analysis was generated by the Next.js Bundle Analysis action. 🤖 This PR introduced no changes to the JavaScript bundle! 🙌 |
oh hell yeah. this is a super common issue we have and will ease the pain for our customer support team! |
Thank you for following the naming conventions! 🙏 |
…ription of the change
@PeerRich I have made the change, now the user will be logged out as soon as the request to change the email goes through. I have also added clear messaging on the logout screen too. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fundamentally this is fine; ideally this should be modified to be google agnostic - this issue also affects SAML users for example - by generalising it (given some suggestions) this can easily be achieved. Let me know what you think 👍
packages/trpc/server/routers/loggedInViewer/updateProfile.handler.ts
Outdated
Show resolved
Hide resolved
So shall I make it generalized so that not only people who log in with Google, every other user who makes their account using different methods than CAL will need to go through this process? @emrysal Shall I hold off on changes related to generalization till others give in their input? Another concern I have with this approach is, disconnecting accounts from SAML will not cause any issues right? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
-
I still get unauthorised in this PR when i change email and reset password email is sent and then i am redirected to logout screen. I fixed this unauthorised bug here fix: email update bug #10306. you would resolve the conflicts and update the branch and we should only signout when changed other provider(like gmail) to CAL.
-
I know you removed the identity provider id in update profile but if i try to login with gmail ( the provider) after changing my provider to CAL. I am still able to login for some reason and the DB removes the password field and sets identity provider id.
-
E2E tests are failing
Left few more comments in the code
/bonus 10 @JaideepGuntupalli would you mind addressing the comments by @Udit-takkar and fix the small merge conflict? |
sure currently outside but will do by tomorrow. this week i hv been busy. |
A bonus of $10 has been added by PeerRich. |
Hey @PeerRich @Udit-takkar, sorry for the delay. I am actually busy moving back to college. I will try to get this done as soon as I can. |
# Conflicts: # apps/web/pages/auth/logout.tsx # apps/web/pages/settings/my-account/profile.tsx
Reviewing now... |
Fixed conflicts. Removed delay as it's not needed. Made some type fixes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your contribution 🙏 Will block to make some adjustments
packages/trpc/server/routers/loggedInViewer/updateProfile.handler.ts
Outdated
Show resolved
Hide resolved
packages/trpc/server/routers/loggedInViewer/updateProfile.handler.ts
Outdated
Show resolved
Hide resolved
.status(201) | ||
.json({ message: "If this email exists in our system, you should receive a Reset email." }); | ||
// Don't leak info about whether the user exists | ||
if (!user) return res.status(201).json({ message: "password_reset_email_sent" }); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need to send a localized error message here. The client should handle it. Just double checked and we don't actually use this message in the frontend anyways.
@@ -40,8 +38,6 @@ export default function ForgotPassword({ csrfToken }: { csrfToken: string }) { | |||
const json = await res.json(); | |||
if (!res.ok) { | |||
setError(json); | |||
} else if ("resetLink" in json) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was needed for forgot-password E2E test but we don't rely on this anymore
const message = () => { | ||
if (props.query?.passReset === "true") return "reset_your_password"; | ||
if (props.query?.emailChange === "true") return "email_change"; | ||
return "hope_to_see_you_soon"; | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
More legible than a ternary if you ask me. No need for constants either.
@@ -84,6 +84,7 @@ | |||
"event_awaiting_approval_recurring": "A recurring event is waiting for your approval", | |||
"someone_requested_an_event": "Someone has requested to schedule an event on your calendar.", | |||
"someone_requested_password_reset": "Someone has requested a link to change your password.", | |||
"password_reset_email_sent": "If this email exists in our system, you should receive a reset email.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Restored the original message
language: t, | ||
user, | ||
resetLink, | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed the return as we don't need it anymore
const userToUpdate = await prisma.user.findUnique({ | ||
where: { | ||
id: user.id, | ||
}, | ||
}); | ||
|
||
if (!userToUpdate) { | ||
throw new TRPCError({ code: "NOT_FOUND", message: "User not found" }); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We already fetch on user context. This extra query is not needed.
@@ -98,12 +94,26 @@ export const updateProfileHandler = async ({ ctx, input }: UpdateProfileOptions) | |||
}); | |||
} | |||
} | |||
const hasEmailBeenChanged = userToUpdate.email !== data.email; | |||
const hasEmailBeenChanged = data.email && user.email !== data.email; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was true even if there was no email in data/input.
// check if we are changing email and identity provider is not CAL | ||
const hasEmailChangedOnNonCalProvider = | ||
hasEmailBeenChanged && user.identityProvider !== IdentityProvider.CAL; | ||
const hasEmailChangedOnCalProvider = hasEmailBeenChanged && user.identityProvider === IdentityProvider.CAL; | ||
|
||
if (hasEmailChangedOnNonCalProvider) { | ||
// Only validate if we're changing email | ||
data.identityProvider = IdentityProvider.CAL; | ||
data.identityProviderId = null; | ||
} else if (hasEmailChangedOnCalProvider) { | ||
// when the email changes, the user needs to sign in again. | ||
signOutUser = true; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Split the behavior before updating and added again after updating.
if (hasEmailChangedOnNonCalProvider) { | ||
// Because the email has changed, we are now attempting to use the CAL provider- | ||
// which has no password yet. We have to send the reset password email. | ||
await passwordResetRequest(updatedUser); | ||
signOutUser = true; | ||
passwordReset = true; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here we handle after updating.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested and it's working locally. Thank you for your contribution 🙏
What does this PR do?
Improves the process of changing email after using Google Sign-In. Shows dialog as mentioned in #9515. Also changes ID provider from GOOGLE to CAL. Also sends a reset password mail.
Fixes #9515
https://www.loom.com/share/a99b5442c1524f0e8dfe4e43bdfe9946?sid=7c355736-03d6-4c76-b1ed-85bae506fe99
PS: I have fixed the toast issues
Type of change
How should this be tested?
Mandatory Tasks
Questions I still have?