Merge pull request #1664 from mstriemer/no-more-changing-email-fxa-1612

Prevent Firefox Accounts users from changing their email (fixes #1612)
mozilla · Feb 10, 2016 · fdd2649 · fdd2649
2 parents 0cddc78 + d101414
commit fdd2649
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 1 deletion.
diff --git a/src/olympia/users/forms.py b/src/olympia/users/forms.py
@@ -15,6 +15,7 @@
 from tower import ugettext as _, ugettext_lazy as _lazy
 
 from olympia import amo
+from olympia.accounts.views import fxa_error_message
 from olympia.amo.fields import ReCaptchaField
 from olympia.users import notifications as email
 from olympia.amo.urlresolvers import reverse
@@ -395,6 +396,14 @@ def __init__(self, *args, **kwargs):
             if not self.instance.is_developer:
                 choices = email.NOTIFICATIONS_CHOICES_NOT_DEV
 
+            if self.instance.fxa_migrated():
+                self.fields['email'].required = False
+                self.fields['email'].widget = forms.EmailInput(
+                    attrs={'readonly': 'readonly'})
+                self.fields['email'].help_text = fxa_error_message(
+                    _(u'Firefox Accounts users cannot currently change their '
+                      u'email address.'))
+
             # Append a "NEW" message to new notification options.
             saved = self.instance.notifications.values_list('notification_id',
                                                             flat=True)
@@ -433,6 +442,16 @@ def clean(self):
         super(UserEditForm, self).clean()
         return data
 
+    def clean_email(self):
+        email = self.cleaned_data.get('email')
+        if self.instance.fxa_migrated():
+            if not email or email == self.instance.email:
+                return self.instance.email
+            else:
+                raise forms.ValidationError(_(u'Email cannot be changed.'))
+        else:
+            return email
+
     def clean_photo(self):
         photo = self.cleaned_data['photo']
 

diff --git a/src/olympia/users/templates/users/edit.html b/src/olympia/users/templates/users/edit.html
@@ -41,8 +41,14 @@ <h2>{{ _('Please set your display name') }}</h2>
               {{ form.username.errors }}
             </li>
             <li{% if form.email.errors %} class="error"{% endif %}>
-              <label for="id_email">{{ _('Email Address') }} {{ required() }}</label>
+              <label for="id_email">
+                {{ _('Email Address') }}
+                {% if not is_fxa_user %}{{ required() }}{% endif %}
+              </label>
               {{ form.email }}
+              {% if form.email.help_text %}
+                <small class="note">{{ form.email.help_text }}</small>
+              {% endif %}
               {{ form.email.errors }}
             </li>
             <li>

diff --git a/src/olympia/users/tests/test_forms.py b/src/olympia/users/tests/test_forms.py
@@ -326,6 +326,34 @@ def test_existing_email(self):
         self.assertFormError(r, 'form', 'email',
                              [u'User profile with this Email already exists.'])
 
+    def test_change_email_fxa_migrated(self):
+        self.user.update(fxa_id='1a2b3c', email='me@example.com')
+        assert self.user.fxa_migrated()
+        response = self.client.post(self.url, {'email': 'noway@example.com'})
+        self.assertFormError(
+            response, 'form', 'email',
+            ['Email cannot be changed.'])
+
+    def test_email_matches_fxa_migrated(self):
+        self.user.update(fxa_id='1a2b3c', email='me@example.com')
+        assert self.user.fxa_migrated()
+        response = self.client.post(self.url, {
+            'email': 'me@example.com',
+            'lang': 'en-US',
+        })
+        assert self.user.reload().email == 'me@example.com'
+        self.assertNoFormErrors(response)
+
+    def test_no_change_email_fxa_migrated(self):
+        self.user.update(fxa_id='1a2b3c', email='me@example.com')
+        assert self.user.fxa_migrated()
+        response = self.client.post(self.url, {
+            'username': 'wat',
+            'lang': 'en-US',
+        })
+        assert self.user.reload().email == 'me@example.com'
+        self.assertNoFormErrors(response)
+
 
 class TestAdminUserEditForm(UserFormBase):
     fixtures = ['base/users']

diff --git a/static/css/impala/forms.less b/static/css/impala/forms.less
@@ -439,3 +439,11 @@ button.loading-submit:after {
         padding: 0;
     }
 }
+
+.prettyform {
+    input[readonly],
+    input[disabled] {
+        box-shadow: none;
+        background: #eee;
+    }
+}