Merge pull request #14526 from overleaf/jlm-improve-confirmed-email-check

Check confirmation on subscription new and create GitOrigin-RevId: daf95be86d529427a128973f8185b2cf91ec940b
2024-11-21 20:47:08 -05:00 · 2023-08-27 11:00:01 +01:00 · 2023-08-27 11:00:01 +01:00 · 401f9d6297
commit 401f9d6297
parent c648448949
3 changed files with 45 additions and 37 deletions
--- a/services/web/app/src/Features/Subscription/SubscriptionController.js
+++ b/services/web/app/src/Features/Subscription/SubscriptionController.js
@ -205,21 +205,6 @@ async function paymentPage(req, res) {
        currency = recommendedCurrency
      }

-      // Prevent checkout for users without a confirmed primary email address
-      const userData = await UserGetter.promises.getUser(user._id, {
-        email: 1,
-        emails: 1,
-      })
-      const userPrimaryEmail = userData.emails.find(
-        emailEntry => emailEntry.email === userData.email
-      )
-      if (userPrimaryEmail?.confirmedAt == null) {
-        return res.render('subscriptions/unconfirmed-primary-email', {
-          title: 'confirm_email',
-          email: userData.email,
-        })
-      }
-
      // Block web sales to restricted countries
      if (['CU', 'IR', 'KP', 'RU', 'SY', 'VE'].includes(countryCode)) {
        return res.render('subscriptions/restricted-country', {
@ -243,6 +228,22 @@ async function paymentPage(req, res) {
  }
 }

+async function requireConfirmedPrimaryEmailAddress(req, res, next) {
+  const userData = await UserGetter.promises.getUser(req.user._id, {
+    email: 1,
+    emails: 1,
+  })
+  const userPrimaryEmail = userData.emails.find(
+    emailEntry => emailEntry.email === userData.email
+  )
+  if (userPrimaryEmail?.confirmedAt != null) return next()
+
+  res.status(422).render('subscriptions/unconfirmed-primary-email', {
+    title: 'confirm_email',
+    email: userData.email,
+  })
+}
+
 function formatGroupPlansDataForDash() {
  return {
    plans: [...groupPlanModalOptions.plan_codes],
@ -849,4 +850,7 @@ module.exports = {
  recurlyNotificationParser,
  refreshUserFeatures: expressify(refreshUserFeatures),
  redirectToHostedPage: expressify(redirectToHostedPage),
+  requireConfirmedPrimaryEmailAddress: expressify(
+    requireConfirmedPrimaryEmailAddress
+  ),
 }
--- a/services/web/app/src/Features/Subscription/SubscriptionRouter.js
+++ b/services/web/app/src/Features/Subscription/SubscriptionRouter.js
@ -30,6 +30,7 @@ module.exports = {
    webRouter.get(
      '/user/subscription/new',
      AuthenticationController.requireLogin(),
+      SubscriptionController.requireConfirmedPrimaryEmailAddress,
      SubscriptionController.paymentPage
    )

@ -93,6 +94,7 @@ module.exports = {
      '/user/subscription/create',
      AuthenticationController.requireLogin(),
      PermissionsController.requirePermission('start-subscription'),
+      SubscriptionController.requireConfirmedPrimaryEmailAddress,
      SubscriptionController.createSubscription
    )
    webRouter.post(
--- a/services/web/test/unit/src/Subscription/SubscriptionControllerTests.js
+++ b/services/web/test/unit/src/Subscription/SubscriptionControllerTests.js
@ -388,28 +388,6 @@ describe('SubscriptionController', function () {
      })
    })

-    describe('with a user that has not confirmed their primary email address', function () {
-      beforeEach(function () {
-        this.LimitationsManager.promises.userHasV1OrV2Subscription.resolves(
-          false
-        )
-        this.PlansLocator.findLocalPlanInSettings.returns({})
-        this.UserGetter.promises.getUser.resolves({
-          email: 'test@example.com',
-          emails: [{ email: 'test@example.com' }],
-        })
-      })
-
-      it('should not render the checkout and instead show the unconfirmed primary email page', function (done) {
-        this.res.render = (page, opts) => {
-          page.should.equal('subscriptions/unconfirmed-primary-email')
-          opts.email.should.equal('test@example.com')
-          done()
-        }
-        this.SubscriptionController.paymentPage(this.req, this.res, done)
-      })
-    })
-
    describe('with a user from a restricted country', function () {
      beforeEach(function () {
        this.LimitationsManager.promises.userHasV1OrV2Subscription.resolves(
@ -997,4 +975,28 @@ describe('SubscriptionController', function () {
      this.SubscriptionController.processUpgradeToAnnualPlan(this.req, this.res)
    })
  })
+
+  describe('requireConfirmedPrimaryEmailAddress', function () {
+    describe('when user does not have confirmed email address', function () {
+      beforeEach(function () {
+        this.req.user = { _id: 'testing' }
+        this.UserGetter.promises.getUser.resolves({
+          email: 'test@example.com',
+          emails: [{ email: 'test@example.com' }],
+        })
+      })
+
+      it('should show unconfirmed primary email page', function (done) {
+        this.res.render = (page, opts) => {
+          page.should.equal('subscriptions/unconfirmed-primary-email')
+          opts.email.should.equal('test@example.com')
+          done()
+        }
+        this.SubscriptionController.requireConfirmedPrimaryEmailAddress(
+          this.req,
+          this.res
+        )
+      })
+    })
+  })
 })