From 50e73145353ab0df76582de4292b1ea01a546966 Mon Sep 17 00:00:00 2001
From: Benjamin Neff <benjamin@coding4coffee.ch>
Date: Fri, 2 Sep 2016 21:09:18 +0200
Subject: [PATCH] Cleanup invalid unconfirmed emails

Also remove confirm_email_token when unconfirmed_email is removed.

Fixes #7048

closes #7051
---
 app/models/user.rb                                       | 2 +-
 .../20160902180630_remove_invalid_unconfirmed_emails.rb  | 9 +++++++++
 db/schema.rb                                             | 2 +-
 spec/models/user_spec.rb                                 | 7 ++++---
 4 files changed, 15 insertions(+), 5 deletions(-)
 create mode 100644 db/migrate/20160902180630_remove_invalid_unconfirmed_emails.rb

diff --git a/app/models/user.rb b/app/models/user.rb
index e2243d73b..2b32a3622 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -466,7 +466,7 @@ class User < ActiveRecord::Base
 
   # Whenever email is set, clear all unconfirmed emails which match
   def remove_invalid_unconfirmed_emails
-    User.where(unconfirmed_email: email).update_all(unconfirmed_email: nil) if email_changed?
+    User.where(unconfirmed_email: email).update_all(unconfirmed_email: nil, confirm_email_token: nil) if email_changed?
   end
 
   # Generate public/private keys for User and associated Person
diff --git a/db/migrate/20160902180630_remove_invalid_unconfirmed_emails.rb b/db/migrate/20160902180630_remove_invalid_unconfirmed_emails.rb
new file mode 100644
index 000000000..086531c16
--- /dev/null
+++ b/db/migrate/20160902180630_remove_invalid_unconfirmed_emails.rb
@@ -0,0 +1,9 @@
+class RemoveInvalidUnconfirmedEmails < ActiveRecord::Migration
+  class User < ActiveRecord::Base
+  end
+
+  def up
+    User.joins("INNER JOIN users as valid_user ON users.unconfirmed_email = valid_user.email")
+        .where("users.id != valid_user.id").update_all(unconfirmed_email: nil, confirm_email_token: nil)
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index f911b7660..9a0326974 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20160901072443) do
+ActiveRecord::Schema.define(version: 20160902180630) do
 
   create_table "account_deletions", force: :cascade do |t|
     t.string   "diaspora_handle", limit: 255
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 2d636647f..eaaaf6caf 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -306,11 +306,12 @@ describe User, :type => :model do
         expect(alice).not_to be_valid
       end
 
-      it "resets a matching unconfirmed_email on save" do
-        eve.update_attribute :unconfirmed_email, "new@example.com"
-        alice.update_attribute :email, "new@example.com"
+      it "resets a matching unconfirmed_email and confirm_email_token on save" do
+        eve.update_attributes(unconfirmed_email: "new@example.com", confirm_email_token: SecureRandom.hex(15))
+        alice.update_attribute(:email, "new@example.com")
         eve.reload
         expect(eve.unconfirmed_email).to eql(nil)
+        expect(eve.confirm_email_token).to eql(nil)
       end
     end