From 1cf2619393d4a89de7c6d99dc4fbe2051f770933 Mon Sep 17 00:00:00 2001
From: sam <sam@vulpine.solutions>
Date: Fri, 13 Dec 2024 21:25:41 +0100
Subject: [PATCH] feat: add email to existing account, change password

---
 .../Authentication/EmailAuthController.cs     |  7 +-
 .../Mailables/AccountCreationMailable.cs      |  1 +
 .../Mailables/AddEmailMailable.cs             |  1 +
 .../Views/Mail/AccountCreation.cshtml         |  2 +-
 Foxnouns.Backend/Views/Mail/AddEmail.cshtml   |  2 +-
 .../components/settings/AuthMethodRow.svelte  |  2 +-
 .../components/settings/EmailSettings.svelte  | 73 +++++++++++++++++++
 .../components/settings/NewAuthMethod.svelte  |  2 +
 .../src/lib/i18n/locales/en.json              |  7 +-
 .../src/routes/settings/auth/+page.server.ts  | 39 +++++++++-
 .../src/routes/settings/auth/+page.svelte     | 18 ++---
 .../settings/auth/add-email/+page.server.ts   | 44 +++++++++++
 .../settings/auth/add-email/+page.svelte      | 49 +++++++++++++
 13 files changed, 227 insertions(+), 20 deletions(-)
 create mode 100644 Foxnouns.Frontend/src/lib/components/settings/EmailSettings.svelte
 create mode 100644 Foxnouns.Frontend/src/routes/settings/auth/add-email/+page.server.ts
 create mode 100644 Foxnouns.Frontend/src/routes/settings/auth/add-email/+page.svelte

diff --git a/Foxnouns.Backend/Controllers/Authentication/EmailAuthController.cs b/Foxnouns.Backend/Controllers/Authentication/EmailAuthController.cs
index 1587f87..bbf41f5 100644
--- a/Foxnouns.Backend/Controllers/Authentication/EmailAuthController.cs
+++ b/Foxnouns.Backend/Controllers/Authentication/EmailAuthController.cs
@@ -183,7 +183,7 @@ public class EmailAuthController(
         return NoContent();
     }
 
-    [HttpPost("add-email")]
+    [HttpPost("add-account")]
     [Authorize("*")]
     public async Task<IActionResult> AddEmailAddressAsync([FromBody] AddEmailAddressRequest req)
     {
@@ -208,6 +208,9 @@ public class EmailAuthController(
         }
         else
         {
+            ValidationUtils.Validate(
+                [("password", ValidationUtils.ValidatePassword(req.Password))]
+            );
             await authService.SetUserPasswordAsync(CurrentUser!, req.Password);
             await db.SaveChangesAsync();
         }
@@ -232,7 +235,7 @@ public class EmailAuthController(
         return NoContent();
     }
 
-    [HttpPost("add-email/callback")]
+    [HttpPost("add-account/callback")]
     [Authorize("*")]
     public async Task<IActionResult> AddEmailCallbackAsync([FromBody] EmailCallbackRequest req)
     {
diff --git a/Foxnouns.Backend/Mailables/AccountCreationMailable.cs b/Foxnouns.Backend/Mailables/AccountCreationMailable.cs
index 9c33213..41a6609 100644
--- a/Foxnouns.Backend/Mailables/AccountCreationMailable.cs
+++ b/Foxnouns.Backend/Mailables/AccountCreationMailable.cs
@@ -32,6 +32,7 @@ public class AccountCreationMailable(Config config, AccountCreationMailableView
     {
         To(view.To)
             .From(config.EmailAuth.From!)
+            .Subject("Create an account")
             .View("~/Views/Mail/AccountCreation.cshtml", view)
             .Text(PlainText());
     }
diff --git a/Foxnouns.Backend/Mailables/AddEmailMailable.cs b/Foxnouns.Backend/Mailables/AddEmailMailable.cs
index 1d29d0f..1c381f2 100644
--- a/Foxnouns.Backend/Mailables/AddEmailMailable.cs
+++ b/Foxnouns.Backend/Mailables/AddEmailMailable.cs
@@ -32,6 +32,7 @@ public class AddEmailMailable(Config config, AddEmailMailableView view)
     {
         To(view.To)
             .From(config.EmailAuth.From!)
+            .Subject("Confirm adding this email address to an existing account")
             .View("~/Views/Mail/AddEmail.cshtml", view)
             .Text(PlainText());
     }
diff --git a/Foxnouns.Backend/Views/Mail/AccountCreation.cshtml b/Foxnouns.Backend/Views/Mail/AccountCreation.cshtml
index cf8d1bc..fb85a65 100644
--- a/Foxnouns.Backend/Views/Mail/AccountCreation.cshtml
+++ b/Foxnouns.Backend/Views/Mail/AccountCreation.cshtml
@@ -3,7 +3,7 @@
 <p>
     Please continue creating a new pronouns.cc account by using the following link:
     <br />
-    <a href="@Model.BaseUrl/auth/callback/email/@Model.Code">Confirm your email address</a>
+    <a href="@Model.BaseUrl/auth/callback/email/@Model.Code">@Model.BaseUrl/auth/callback/email/@Model.Code</a>
     <br />
     Note that this link will expire in one hour.
 </p>
diff --git a/Foxnouns.Backend/Views/Mail/AddEmail.cshtml b/Foxnouns.Backend/Views/Mail/AddEmail.cshtml
index 2423434..fcdd2b2 100644
--- a/Foxnouns.Backend/Views/Mail/AddEmail.cshtml
+++ b/Foxnouns.Backend/Views/Mail/AddEmail.cshtml
@@ -3,7 +3,7 @@
 <p>
     Hello @@@Model.Username, please confirm adding this email address to your account by using the following link:
     <br />
-    <a href="@Model.BaseUrl/auth/callback/email/@Model.Code">Confirm your email address</a>
+    <a href="@Model.BaseUrl/auth/callback/email/@Model.Code">@Model.BaseUrl/auth/callback/email/@Model.Code</a>
     <br />
     Note that this link will expire in one hour.
 </p>
diff --git a/Foxnouns.Frontend/src/lib/components/settings/AuthMethodRow.svelte b/Foxnouns.Frontend/src/lib/components/settings/AuthMethodRow.svelte
index 62c5d6f..692146a 100644
--- a/Foxnouns.Frontend/src/lib/components/settings/AuthMethodRow.svelte
+++ b/Foxnouns.Frontend/src/lib/components/settings/AuthMethodRow.svelte
@@ -8,7 +8,7 @@
 	let name = $derived(
 		method.type === "EMAIL" ? method.remote_id : (method.remote_username ?? method.remote_id),
 	);
-	let showId = $derived(method.type !== "FEDIVERSE");
+	let showId = $derived(method.type !== "EMAIL");
 </script>
 
 <div class="list-group-item">
diff --git a/Foxnouns.Frontend/src/lib/components/settings/EmailSettings.svelte b/Foxnouns.Frontend/src/lib/components/settings/EmailSettings.svelte
new file mode 100644
index 0000000..29a1197
--- /dev/null
+++ b/Foxnouns.Frontend/src/lib/components/settings/EmailSettings.svelte
@@ -0,0 +1,73 @@
+<script lang="ts">
+	import type { RawApiError } from "$api/error";
+	import type { MeUser } from "$api/models";
+	import FormStatusMarker from "$components/editor/FormStatusMarker.svelte";
+	import { t } from "$lib/i18n";
+	import AuthMethodRow from "./AuthMethodRow.svelte";
+	import EnvelopePlusFill from "svelte-bootstrap-icons/lib/EnvelopePlusFill.svelte";
+
+	type Props = {
+		user: MeUser;
+		canRemove: boolean;
+		max: number;
+		form: { error: RawApiError | null; ok: boolean } | null;
+	};
+	let { user, canRemove, max, form }: Props = $props();
+
+	let emails = $derived(user.auth_methods.filter((a) => a.type === "EMAIL"));
+</script>
+
+<h3>{$t("auth.email-password-title")}</h3>
+
+{#if emails.length > 0}
+	<div class="row">
+		<div class="col-md">
+			<h4>Your email addresses</h4>
+			<div class="list-group">
+				{#each emails as method (method.id)}
+					<AuthMethodRow {method} {canRemove} />
+				{/each}
+				{#if emails.length < max}
+					<a class="list-group-item" href="/settings/auth/add-email">
+						<EnvelopePlusFill /> <strong>{$t("auth.add-email-address")}</strong>
+					</a>
+				{/if}
+			</div>
+		</div>
+		<div class="col-md">
+			<FormStatusMarker {form} />
+			<h4>Change password</h4>
+			<form method="POST" action="?/password">
+				<div class="mb-1">
+					<label for="current" class="form-label">Current password</label>
+					<input type="password" id="current" name="current" class="form-control" required />
+				</div>
+				<div class="mb-1">
+					<label for="password" class="form-label">New password</label>
+					<input type="password" id="password" name="password" class="form-control" required />
+				</div>
+				<div class="mb-1">
+					<label for="confirm-password" class="form-label">Confirm new password</label>
+					<input
+						type="password"
+						id="confirm-password"
+						name="confirm-password"
+						class="form-control"
+						required
+					/>
+				</div>
+				<div>
+					<button type="submit" class="btn btn-secondary mt-2">Change password</button>
+				</div>
+			</form>
+		</div>
+	</div>
+{:else}
+	<p>{$t("auth.no-email-addresses")}</p>
+	<p>
+		<a class="btn btn-outline-secondary" href="/settings/auth/add-email">
+			<EnvelopePlusFill />
+			{$t("auth.add-email-address")}
+		</a>
+	</p>
+{/if}
diff --git a/Foxnouns.Frontend/src/lib/components/settings/NewAuthMethod.svelte b/Foxnouns.Frontend/src/lib/components/settings/NewAuthMethod.svelte
index 32018a6..73405bc 100644
--- a/Foxnouns.Frontend/src/lib/components/settings/NewAuthMethod.svelte
+++ b/Foxnouns.Frontend/src/lib/components/settings/NewAuthMethod.svelte
@@ -19,6 +19,8 @@
 				return $t("auth.successful-link-tumblr");
 			case "FEDIVERSE":
 				return $t("auth.successful-link-fedi");
+			case "EMAIL":
+				return $t("auth.successful-link-email");
 			default:
 				return "<you shouldn't see this!>";
 		}
diff --git a/Foxnouns.Frontend/src/lib/i18n/locales/en.json b/Foxnouns.Frontend/src/lib/i18n/locales/en.json
index 659007e..cd45d49 100644
--- a/Foxnouns.Frontend/src/lib/i18n/locales/en.json
+++ b/Foxnouns.Frontend/src/lib/i18n/locales/en.json
@@ -56,7 +56,12 @@
 		"register-with-google": "Register with a Google account",
 		"remote-google-account-label": "Your Google account",
 		"register-with-tumblr": "Register with a Tumblr account",
-		"remote-tumblr-account-label": "Your Tumblr account"
+		"remote-tumblr-account-label": "Your Tumblr account",
+		"email-password-title": "Email and password",
+		"add-email-address": "Add email address",
+		"no-email-addresses": "You haven't linked any email addresses yet.",
+		"check-inbox-for-link-hint": "Check your inbox for a link!",
+		"successful-link-email": "Your account has successfully been linked to the following email address:"
 	},
 	"error": {
 		"bad-request-header": "Something was wrong with your input",
diff --git a/Foxnouns.Frontend/src/routes/settings/auth/+page.server.ts b/Foxnouns.Frontend/src/routes/settings/auth/+page.server.ts
index 4fe52f7..65be131 100644
--- a/Foxnouns.Frontend/src/routes/settings/auth/+page.server.ts
+++ b/Foxnouns.Frontend/src/routes/settings/auth/+page.server.ts
@@ -1,7 +1,44 @@
-import { apiRequest } from "$api";
+import { apiRequest, fastRequest } from "$api";
+import ApiError, { ErrorCode, type RawApiError } from "$api/error.js";
 import type { AuthUrls } from "$api/models/auth";
+import log from "$lib/log";
 
 export const load = async ({ fetch }) => {
 	const urls = await apiRequest<AuthUrls>("POST", "/auth/urls", { fetch, isInternal: true });
 	return { urls };
 };
+
+export const actions = {
+	password: async ({ request, fetch, cookies }) => {
+		const body = await request.formData();
+		const current = body.get("current") as string | null;
+		const password = body.get("password") as string | null;
+		const password2 = body.get("confirm-password") as string | null;
+
+		if (password !== password2) {
+			return {
+				ok: false,
+				error: {
+					status: 400,
+					code: ErrorCode.BadRequest,
+					message: "Passwords do not match",
+				} as RawApiError,
+			};
+		}
+
+		try {
+			await fastRequest("POST", "/auth/email/change-password", {
+				body: { current, new: password },
+				isInternal: true,
+				fetch,
+				cookies,
+			});
+
+			return { ok: true, error: null };
+		} catch (e) {
+			if (e instanceof ApiError) return { ok: false, error: e.obj };
+			log.error("error changing password:", e);
+			throw e;
+		}
+	},
+};
diff --git a/Foxnouns.Frontend/src/routes/settings/auth/+page.svelte b/Foxnouns.Frontend/src/routes/settings/auth/+page.svelte
index ca0cf27..c0d6056 100644
--- a/Foxnouns.Frontend/src/routes/settings/auth/+page.svelte
+++ b/Foxnouns.Frontend/src/routes/settings/auth/+page.svelte
@@ -1,14 +1,13 @@
 <script lang="ts">
 	import AuthMethodList from "$components/settings/AuthMethodList.svelte";
-	import AuthMethodRow from "$components/settings/AuthMethodRow.svelte";
-	import type { PageData } from "./$types";
+	import EmailSettings from "$components/settings/EmailSettings.svelte";
+	import type { ActionData, PageData } from "./$types";
 
-	type Props = { data: PageData };
-	let { data }: Props = $props();
+	type Props = { data: PageData; form: ActionData };
+	let { data, form }: Props = $props();
 
 	let max = $derived(data.meta.limits.max_auth_methods);
 	let canRemove = $derived(data.user.auth_methods.length > 1);
-	let emails = $derived(data.user.auth_methods.filter((m) => m.type === "EMAIL"));
 	let discordAccounts = $derived(data.user.auth_methods.filter((m) => m.type === "DISCORD"));
 	let googleAccounts = $derived(data.user.auth_methods.filter((m) => m.type === "GOOGLE"));
 	let tumblrAccounts = $derived(data.user.auth_methods.filter((m) => m.type === "TUMBLR"));
@@ -16,14 +15,7 @@
 </script>
 
 {#if data.urls.email_enabled}
-	<h3>Email addresses</h3>
-	<AuthMethodList
-		methods={emails}
-		{canRemove}
-		{max}
-		buttonLink="/settings/auth/add-email"
-		buttonText="Add email address"
-	/>
+	<EmailSettings user={data.user} {canRemove} {max} {form} />
 {/if}
 {#if data.urls.discord}
 	<h3>Discord accounts</h3>
diff --git a/Foxnouns.Frontend/src/routes/settings/auth/add-email/+page.server.ts b/Foxnouns.Frontend/src/routes/settings/auth/add-email/+page.server.ts
new file mode 100644
index 0000000..4ad86f6
--- /dev/null
+++ b/Foxnouns.Frontend/src/routes/settings/auth/add-email/+page.server.ts
@@ -0,0 +1,44 @@
+import { fastRequest } from "$api";
+import ApiError, { ErrorCode, type RawApiError } from "$api/error.js";
+import log from "$lib/log.js";
+import { redirect } from "@sveltejs/kit";
+
+export const load = async ({ parent }) => {
+	const { user } = await parent();
+	return { firstEmail: user.auth_methods.filter((a) => a.type === "EMAIL").length === 0 };
+};
+
+export const actions = {
+	add: async ({ request, fetch, cookies }) => {
+		const body = await request.formData();
+		const email = body.get("email") as string;
+		const password = body.get("password") as string | null;
+		const password2 = body.get("confirm-password") as string | null;
+
+		if (password2 && password !== password2) {
+			return {
+				ok: false,
+				error: {
+					status: 400,
+					code: ErrorCode.BadRequest,
+					message: "Passwords do not match",
+				} as RawApiError,
+			};
+		}
+
+		try {
+			await fastRequest("POST", "/auth/email/add-account", {
+				body: { email, password },
+				isInternal: true,
+				fetch,
+				cookies,
+			});
+
+			return { ok: true, error: null };
+		} catch (e) {
+			if (e instanceof ApiError) return { ok: false, error: e.obj };
+			log.error("error adding email address to account:", e);
+			throw e;
+		}
+	},
+};
diff --git a/Foxnouns.Frontend/src/routes/settings/auth/add-email/+page.svelte b/Foxnouns.Frontend/src/routes/settings/auth/add-email/+page.svelte
new file mode 100644
index 0000000..fb97c1d
--- /dev/null
+++ b/Foxnouns.Frontend/src/routes/settings/auth/add-email/+page.svelte
@@ -0,0 +1,49 @@
+<script lang="ts">
+	import { t } from "$lib/i18n";
+	import { Button } from "@sveltestrap/sveltestrap";
+	import type { ActionData, PageData } from "./$types";
+	import FormStatusMarker from "$components/editor/FormStatusMarker.svelte";
+
+	type Props = { data: PageData; form: ActionData };
+	let { data, form }: Props = $props();
+</script>
+
+<div class="mx-auto w-lg-75">
+	<h3>Link a new email address</h3>
+
+	<FormStatusMarker {form} successMessage={$t("auth.check-inbox-for-link-hint")} />
+
+	<form method="POST" action="?/add">
+		<div class="mb-1">
+			<label for="email" class="form-label">{$t("auth.log-in-form-email-label")}</label>
+			<input
+				type="email"
+				id="email"
+				name="email"
+				placeholder="me@example.com"
+				class="form-control"
+				required
+			/>
+		</div>
+		<div class="mb-1">
+			<label for="password" class="form-label">{$t("auth.log-in-form-password-label")}</label>
+			<input type="password" id="password" name="password" class="form-control" required />
+		</div>
+		{#if data.firstEmail}
+			<div class="mb-1">
+				<label for="confirm-password" class="form-label">
+					{$t("auth.confirm-password-label")}
+				</label>
+				<input
+					type="password"
+					id="confirm-password"
+					name="confirm-password"
+					class="form-control"
+					required
+				/>
+			</div>
+		{/if}
+
+		<button type="submit" class="btn btn-secondary mt-2">{$t("auth.add-email-address")}</button>
+	</form>
+</div>