Added better verification when a user changes his or her email

1 files changed, 23 insertions, 0 deletions

diff --git a/api/user.go b/api/user.go
index 2d7dd9ab1..4baf4f81f 100644
--- a/api/user.go
+++ b/api/user.go
@@ -888,6 +888,10 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) {
 			} else {
 				team := tresult.Data.(*model.Team)
 				fireAndForgetEmailChangeEmail(rusers[1].Email, team.DisplayName, c.GetTeamURLFromTeam(team), c.GetSiteURL())
+
+				if utils.Cfg.EmailSettings.RequireEmailVerification {
+					fireAndForgetEmailChangeVerifyEmail(rusers[0].Id, rusers[0].Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team))
+				}
 			}
 		}
 
@@ -1340,6 +1344,25 @@ func fireAndForgetEmailChangeEmail(email, teamDisplayName, teamURL, siteURL stri
 	}()
 }
 
+func fireAndForgetEmailChangeVerifyEmail(userId, newUserEmail, teamName, teamDisplayName, siteURL, teamURL string) {
+	go func() {
+
+		link := fmt.Sprintf("%s/verify_email?uid=%s&hid=%s&teamname=%s&email=%s", siteURL, userId, model.HashPassword(userId), teamName, newUserEmail)
+
+		subjectPage := NewServerTemplatePage("email_change_verify_subject")
+		subjectPage.Props["SiteURL"] = siteURL
+		subjectPage.Props["TeamDisplayName"] = teamDisplayName
+		bodyPage := NewServerTemplatePage("email_change_verify_body")
+		bodyPage.Props["SiteURL"] = siteURL
+		bodyPage.Props["TeamDisplayName"] = teamDisplayName
+		bodyPage.Props["VerifyUrl"] = link
+
+		if err := utils.SendMail(newUserEmail, subjectPage.Render(), bodyPage.Render()); err != nil {
+			l4g.Error("Failed to send verification email successfully err=%v", err)
+		}
+	}()
+}
+
 func updateUserNotify(c *Context, w http.ResponseWriter, r *http.Request) {
 	props := model.MapFromJson(r.Body)