fix: prevent email from being altered (#1863)

f0ssel · web-flow · commit 5598ac05dc8e · 2022-05-27T22:25:04.000Z
diff --git a/coderd/users.go b/coderd/users.go
@@ -254,19 +254,12 @@ func (api *API) putUserProfile(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 	existentUser, err := api.Database.GetUserByEmailOrUsername(r.Context(), database.GetUserByEmailOrUsernameParams{
-		Email:    params.Email,
 		Username: params.Username,
 	})
 	isDifferentUser := existentUser.ID != user.ID
 
 	if err == nil && isDifferentUser {
 		responseErrors := []httpapi.Error{}
-		if existentUser.Email == params.Email {
-			responseErrors = append(responseErrors, httpapi.Error{
-				Field:  "email",
-				Detail: "this value is already in use and should be unique",
-			})
-		}
 		if existentUser.Username == params.Username {
 			responseErrors = append(responseErrors, httpapi.Error{
 				Field:  "username",
@@ -288,7 +281,7 @@ func (api *API) putUserProfile(rw http.ResponseWriter, r *http.Request) {
 
 	updatedUserProfile, err := api.Database.UpdateUserProfile(r.Context(), database.UpdateUserProfileParams{
 		ID:        user.ID,
-		Email:     params.Email,
+		Email:     user.Email,
 		Username:  params.Username,
 		UpdatedAt: database.Now(),
 	})
diff --git a/coderd/users_test.go b/coderd/users_test.go
@@ -259,7 +259,6 @@ func TestUpdateUserProfile(t *testing.T) {
 		coderdtest.CreateFirstUser(t, client)
 		_, err := client.UpdateUserProfile(context.Background(), uuid.New().String(), codersdk.UpdateUserProfileRequest{
 			Username: "newusername",
-			Email:    "newemail@coder.com",
 		})
 		var apiErr *codersdk.Error
 		require.ErrorAs(t, err, &apiErr)
@@ -268,25 +267,6 @@ func TestUpdateUserProfile(t *testing.T) {
 		require.Equal(t, http.StatusBadRequest, apiErr.StatusCode())
 	})
 
-	t.Run("ConflictingEmail", func(t *testing.T) {
-		t.Parallel()
-		client := coderdtest.New(t, nil)
-		user := coderdtest.CreateFirstUser(t, client)
-		existentUser, _ := client.CreateUser(context.Background(), codersdk.CreateUserRequest{
-			Email:          "bruno@coder.com",
-			Username:       "bruno",
-			Password:       "password",
-			OrganizationID: user.OrganizationID,
-		})
-		_, err := client.UpdateUserProfile(context.Background(), codersdk.Me, codersdk.UpdateUserProfileRequest{
-			Username: "newusername",
-			Email:    existentUser.Email,
-		})
-		var apiErr *codersdk.Error
-		require.ErrorAs(t, err, &apiErr)
-		require.Equal(t, http.StatusConflict, apiErr.StatusCode())
-	})
-
 	t.Run("ConflictingUsername", func(t *testing.T) {
 		t.Parallel()
 		client := coderdtest.New(t, nil)
@@ -300,38 +280,22 @@ func TestUpdateUserProfile(t *testing.T) {
 		require.NoError(t, err)
 		_, err = client.UpdateUserProfile(context.Background(), codersdk.Me, codersdk.UpdateUserProfileRequest{
 			Username: existentUser.Username,
-			Email:    "newemail@coder.com",
 		})
 		var apiErr *codersdk.Error
 		require.ErrorAs(t, err, &apiErr)
 		require.Equal(t, http.StatusConflict, apiErr.StatusCode())
 	})
 
-	t.Run("UpdateUsernameAndEmail", func(t *testing.T) {
+	t.Run("UpdateUsername", func(t *testing.T) {
 		t.Parallel()
 		client := coderdtest.New(t, nil)
 		coderdtest.CreateFirstUser(t, client)
+		_, _ = client.User(context.Background(), codersdk.Me)
 		userProfile, err := client.UpdateUserProfile(context.Background(), codersdk.Me, codersdk.UpdateUserProfileRequest{
 			Username: "newusername",
-			Email:    "newemail@coder.com",
 		})
 		require.NoError(t, err)
 		require.Equal(t, userProfile.Username, "newusername")
-		require.Equal(t, userProfile.Email, "newemail@coder.com")
-	})
-
-	t.Run("UpdateUsername", func(t *testing.T) {
-		t.Parallel()
-		client := coderdtest.New(t, nil)
-		coderdtest.CreateFirstUser(t, client)
-		me, _ := client.User(context.Background(), codersdk.Me)
-		userProfile, err := client.UpdateUserProfile(context.Background(), codersdk.Me, codersdk.UpdateUserProfileRequest{
-			Username: me.Username,
-			Email:    "newemail@coder.com",
-		})
-		require.NoError(t, err)
-		require.Equal(t, userProfile.Username, me.Username)
-		require.Equal(t, userProfile.Email, "newemail@coder.com")
 	})
 }
 
diff --git a/codersdk/users.go b/codersdk/users.go
@@ -60,7 +60,6 @@ type CreateUserRequest struct {
 }
 
 type UpdateUserProfileRequest struct {
-	Email    string `json:"email" validate:"required,email"`
 	Username string `json:"username" validate:"required,username"`
 }
 
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts
@@ -12,7 +12,7 @@ export interface AgentGitSSHKey {
   readonly private_key: string
 }
 
-// From codersdk/users.go:152:6
+// From codersdk/users.go:151:6
 export interface AuthMethods {
   readonly password: boolean
   readonly github: boolean
@@ -44,7 +44,7 @@ export interface CreateFirstUserResponse {
   readonly organization_id: string
 }
 
-// From codersdk/users.go:147:6
+// From codersdk/users.go:146:6
 export interface CreateOrganizationRequest {
   readonly name: string
 }
@@ -100,7 +100,7 @@ export interface CreateWorkspaceRequest {
   readonly parameter_values?: CreateParameterRequest[]
 }
 
-// From codersdk/users.go:143:6
+// From codersdk/users.go:142:6
 export interface GenerateAPIKeyResponse {
   readonly key: string
 }
@@ -118,13 +118,13 @@ export interface GoogleInstanceIdentityToken {
   readonly json_web_token: string
 }
 
-// From codersdk/users.go:132:6
+// From codersdk/users.go:131:6
 export interface LoginWithPasswordRequest {
   readonly email: string
   readonly password: string
 }
 
-// From codersdk/users.go:138:6
+// From codersdk/users.go:137:6
 export interface LoginWithPasswordResponse {
   readonly session_token: string
 }
@@ -276,20 +276,19 @@ export interface UpdateActiveTemplateVersion {
   readonly id: string
 }
 
-// From codersdk/users.go:72:6
+// From codersdk/users.go:71:6
 export interface UpdateRoles {
   readonly roles: string[]
 }
 
-// From codersdk/users.go:67:6
+// From codersdk/users.go:66:6
 export interface UpdateUserPasswordRequest {
   readonly old_password: string
   readonly password: string
 }
 
 // From codersdk/users.go:62:6
 export interface UpdateUserProfileRequest {
-  readonly email: string
   readonly username: string
 }
 
@@ -320,29 +319,29 @@ export interface User {
   readonly roles: Role[]
 }
 
-// From codersdk/users.go:97:6
+// From codersdk/users.go:96:6
 export interface UserAuthorization {
   readonly object: UserAuthorizationObject
   readonly action: string
 }
 
-// From codersdk/users.go:113:6
+// From codersdk/users.go:112:6
 export interface UserAuthorizationObject {
   readonly resource_type: string
   readonly owner_id?: string
   readonly organization_id?: string
   readonly resource_id?: string
 }
 
-// From codersdk/users.go:86:6
+// From codersdk/users.go:85:6
 export interface UserAuthorizationRequest {
   readonly checks: Record<string, UserAuthorization>
 }
 
-// From codersdk/users.go:81:6
+// From codersdk/users.go:80:6
 export type UserAuthorizationResponse = Record<string, boolean>
 
-// From codersdk/users.go:76:6
+// From codersdk/users.go:75:6
 export interface UserRoles {
   readonly roles: string[]
   readonly organization_roles: Record<string, string[]>
diff --git a/site/src/components/SettingsAccountForm/SettingsAccountForm.tsx b/site/src/components/SettingsAccountForm/SettingsAccountForm.tsx
@@ -8,25 +8,23 @@ import { LoadingButton } from "../LoadingButton/LoadingButton"
 import { Stack } from "../Stack/Stack"
 
 interface AccountFormValues {
-  email: string
   username: string
 }
 
 export const Language = {
   usernameLabel: "Username",
   emailLabel: "Email",
-  emailInvalid: "Please enter a valid email address.",
-  emailRequired: "Please enter an email address.",
   updateSettings: "Update settings",
 }
 
 const validationSchema = Yup.object({
-  email: Yup.string().trim().email(Language.emailInvalid).required(Language.emailRequired),
   username: nameValidator(Language.usernameLabel),
 })
 
 export type AccountFormErrors = FormikErrors<AccountFormValues>
+
 export interface AccountFormProps {
+  email: string
   isLoading: boolean
   initialValues: AccountFormValues
   onSubmit: (values: AccountFormValues) => void
@@ -35,6 +33,7 @@ export interface AccountFormProps {
 }
 
 export const AccountForm: React.FC<AccountFormProps> = ({
+  email,
   isLoading,
   onSubmit,
   initialValues,
@@ -52,14 +51,7 @@ export const AccountForm: React.FC<AccountFormProps> = ({
     <>
       <form onSubmit={form.handleSubmit}>
         <Stack>
-          <TextField
-            {...getFieldHelpers("email")}
-            onChange={onChangeTrimmed(form)}
-            autoComplete="email"
-            fullWidth
-            label={Language.emailLabel}
-            variant="outlined"
-          />
+          <TextField disabled fullWidth label={Language.emailLabel} value={email} variant="outlined" />
           <TextField
             {...getFieldHelpers("username")}
             onChange={onChangeTrimmed(form)}
diff --git a/site/src/pages/SettingsPages/AccountPage/AccountPage.test.tsx b/site/src/pages/SettingsPages/AccountPage/AccountPage.test.tsx
@@ -17,13 +17,11 @@ const renderPage = () => {
 }
 
 const newData = {
-  email: "user@coder.com",
   username: "user",
 }
 
 const fillAndSubmitForm = async () => {
-  await waitFor(() => screen.findByLabelText("Email"))
-  fireEvent.change(screen.getByLabelText("Email"), { target: { value: newData.email } })
+  await waitFor(() => screen.findByLabelText("Username"))
   fireEvent.change(screen.getByLabelText("Username"), { target: { value: newData.username } })
   fireEvent.click(screen.getByText(AccountForm.Language.updateSettings))
 }
@@ -34,6 +32,7 @@ describe("AccountPage", () => {
       jest.spyOn(API, "updateProfile").mockImplementationOnce((userId, data) =>
         Promise.resolve({
           id: userId,
+          email: "user@coder.com",
           created_at: new Date().toString(),
           status: "active",
           organization_ids: ["123"],
@@ -51,25 +50,6 @@ describe("AccountPage", () => {
     })
   })
 
-  describe("when the email is already taken", () => {
-    it("shows an error", async () => {
-      jest.spyOn(API, "updateProfile").mockRejectedValueOnce({
-        isAxiosError: true,
-        response: {
-          data: { message: "Invalid profile", errors: [{ detail: "Email is already in use", field: "email" }] },
-        },
-      })
-
-      const { user } = renderPage()
-      await fillAndSubmitForm()
-
-      const errorMessage = await screen.findByText("Email is already in use")
-      expect(errorMessage).toBeDefined()
-      expect(API.updateProfile).toBeCalledTimes(1)
-      expect(API.updateProfile).toBeCalledWith(user.id, newData)
-    })
-  })
-
   describe("when the username is already taken", () => {
     it("shows an error", async () => {
       jest.spyOn(API, "updateProfile").mockRejectedValueOnce({
diff --git a/site/src/pages/SettingsPages/AccountPage/AccountPage.tsx b/site/src/pages/SettingsPages/AccountPage/AccountPage.tsx
@@ -26,10 +26,11 @@ export const AccountPage: React.FC = () => {
   return (
     <Section title={Language.title}>
       <AccountForm
+        email={me.email}
         error={hasUnknownError ? Language.unknownError : undefined}
         formErrors={formErrors}
         isLoading={authState.matches("signedIn.profile.updatingProfile")}
-        initialValues={{ username: me.username, email: me.email }}
+        initialValues={{ username: me.username }}
         onSubmit={(data) => {
           authSend({
             type: "UPDATE_PROFILE",

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,6 @@ type CreateUserRequest struct {`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`type UpdateUserProfileRequest struct {`
`63`		- Email string `json:"email" validate:"required,email"`
`64`	`63`	Username string `json:"username" validate:"required,username"`
`65`	`64`	`}`
`66`	`65`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ export interface AgentGitSSHKey {`
`12`	`12`	`readonly private_key: string`
`13`	`13`	`}`
`14`	`14`
`15`		`-// From codersdk/users.go:152:6`
	`15`	`+// From codersdk/users.go:151:6`
`16`	`16`	`export interface AuthMethods {`
`17`	`17`	`readonly password: boolean`
`18`	`18`	`readonly github: boolean`
`@@ -44,7 +44,7 @@ export interface CreateFirstUserResponse {`
`44`	`44`	`readonly organization_id: string`
`45`	`45`	`}`
`46`	`46`
`47`		`-// From codersdk/users.go:147:6`
	`47`	`+// From codersdk/users.go:146:6`
`48`	`48`	`export interface CreateOrganizationRequest {`
`49`	`49`	`readonly name: string`
`50`	`50`	`}`
`@@ -100,7 +100,7 @@ export interface CreateWorkspaceRequest {`
`100`	`100`	`readonly parameter_values?: CreateParameterRequest[]`
`101`	`101`	`}`
`102`	`102`
`103`		`-// From codersdk/users.go:143:6`
	`103`	`+// From codersdk/users.go:142:6`
`104`	`104`	`export interface GenerateAPIKeyResponse {`
`105`	`105`	`readonly key: string`
`106`	`106`	`}`
`@@ -118,13 +118,13 @@ export interface GoogleInstanceIdentityToken {`
`118`	`118`	`readonly json_web_token: string`
`119`	`119`	`}`
`120`	`120`
`121`		`-// From codersdk/users.go:132:6`
	`121`	`+// From codersdk/users.go:131:6`
`122`	`122`	`export interface LoginWithPasswordRequest {`
`123`	`123`	`readonly email: string`
`124`	`124`	`readonly password: string`
`125`	`125`	`}`
`126`	`126`
`127`		`-// From codersdk/users.go:138:6`
	`127`	`+// From codersdk/users.go:137:6`
`128`	`128`	`export interface LoginWithPasswordResponse {`
`129`	`129`	`readonly session_token: string`
`130`	`130`	`}`
`@@ -276,20 +276,19 @@ export interface UpdateActiveTemplateVersion {`
`276`	`276`	`readonly id: string`
`277`	`277`	`}`
`278`	`278`
`279`		`-// From codersdk/users.go:72:6`
	`279`	`+// From codersdk/users.go:71:6`
`280`	`280`	`export interface UpdateRoles {`
`281`	`281`	`readonly roles: string[]`
`282`	`282`	`}`
`283`	`283`
`284`		`-// From codersdk/users.go:67:6`
	`284`	`+// From codersdk/users.go:66:6`
`285`	`285`	`export interface UpdateUserPasswordRequest {`
`286`	`286`	`readonly old_password: string`
`287`	`287`	`readonly password: string`
`288`	`288`	`}`
`289`	`289`
`290`	`290`	`// From codersdk/users.go:62:6`
`291`	`291`	`export interface UpdateUserProfileRequest {`
`292`		`- readonly email: string`
`293`	`292`	`readonly username: string`
`294`	`293`	`}`
`295`	`294`
`@@ -320,29 +319,29 @@ export interface User {`
`320`	`319`	`readonly roles: Role[]`
`321`	`320`	`}`
`322`	`321`
`323`		`-// From codersdk/users.go:97:6`
	`322`	`+// From codersdk/users.go:96:6`
`324`	`323`	`export interface UserAuthorization {`
`325`	`324`	`readonly object: UserAuthorizationObject`
`326`	`325`	`readonly action: string`
`327`	`326`	`}`
`328`	`327`
`329`		`-// From codersdk/users.go:113:6`
	`328`	`+// From codersdk/users.go:112:6`
`330`	`329`	`export interface UserAuthorizationObject {`
`331`	`330`	`readonly resource_type: string`
`332`	`331`	`readonly owner_id?: string`
`333`	`332`	`readonly organization_id?: string`
`334`	`333`	`readonly resource_id?: string`
`335`	`334`	`}`
`336`	`335`
`337`		`-// From codersdk/users.go:86:6`
	`336`	`+// From codersdk/users.go:85:6`
`338`	`337`	`export interface UserAuthorizationRequest {`
`339`	`338`	`readonly checks: Record<string, UserAuthorization>`
`340`	`339`	`}`
`341`	`340`
`342`		`-// From codersdk/users.go:81:6`
	`341`	`+// From codersdk/users.go:80:6`
`343`	`342`	`export type UserAuthorizationResponse = Record<string, boolean>`
`344`	`343`
`345`		`-// From codersdk/users.go:76:6`
	`344`	`+// From codersdk/users.go:75:6`
`346`	`345`	`export interface UserRoles {`
`347`	`346`	`readonly roles: string[]`
`348`	`347`	`readonly organization_roles: Record<string, string[]>`