derive change-email phase from token context

2026-03-01 12:55:13 +00:00 · 2026-02-27 19:00:22 +08:00
parent 7d5eb7b807
commit df63c9d313
4 changed files with 8 additions and 14 deletions
--- a/api/controllers/console/workspace/account.py
+++ b/api/controllers/console/workspace/account.py
@@ -133,7 +133,6 @@ class EducationAutocompleteQuery(BaseModel):
 class ChangeEmailSendPayload(BaseModel):
    email: EmailStr
    language: str | None = None
-    phase: str | None = None
    token: str | None = None


@@ -548,10 +547,8 @@ class ChangeEmailSendEmailApi(Resource):
        user_email = None
        email_for_sending = args.email.lower()
        send_phase = AccountService.CHANGE_EMAIL_PHASE_OLD
-        if args.phase is not None and args.phase == AccountService.CHANGE_EMAIL_PHASE_NEW:
+        if args.token is not None:
            send_phase = AccountService.CHANGE_EMAIL_PHASE_NEW
-            if args.token is None:
-                raise InvalidTokenError()

            reset_data = AccountService.get_change_email_data(args.token)
            if reset_data is None:
--- a/api/tests/unit_tests/controllers/console/test_workspace_account.py
+++ b/api/tests/unit_tests/controllers/console/test_workspace_account.py
@@ -53,7 +53,7 @@ class TestChangeEmailSend:
    @patch("controllers.console.workspace.account.extract_remote_ip", return_value="127.0.0.1")
    @patch("libs.login.check_csrf_token", return_value=None)
    @patch("controllers.console.wraps.FeatureService.get_system_features")
-    def test_should_normalize_new_email_phase(
+    def test_should_infer_new_email_phase_from_token(
        self,
        mock_features,
        mock_csrf,
@@ -78,7 +78,7 @@ class TestChangeEmailSend:
        with app.test_request_context(
            "/account/change-email",
            method="POST",
-            json={"email": "New@Example.com", "language": "en-US", "phase": "new_email", "token": "token-123"},
+            json={"email": "New@Example.com", "language": "en-US", "token": "token-123"},
        ):
            _set_logged_in_user(_build_account("tester@example.com", "tester"))
            response = ChangeEmailSendEmailApi().post()
@@ -105,7 +105,7 @@ class TestChangeEmailSend:
    @patch("controllers.console.workspace.account.extract_remote_ip", return_value="127.0.0.1")
    @patch("libs.login.check_csrf_token", return_value=None)
    @patch("controllers.console.wraps.FeatureService.get_system_features")
-    def test_should_force_old_email_phase_for_legacy_or_unexpected_phase_input(
+    def test_should_ignore_client_phase_and_use_old_phase_when_token_missing(
        self,
        mock_features,
        mock_csrf,
@@ -135,7 +135,7 @@ class TestChangeEmailSend:
        with app.test_request_context(
            "/account/change-email",
            method="POST",
-            json={"email": "old@example.com", "language": "en-US", "phase": "old_email_verified"},
+            json={"email": "old@example.com", "language": "en-US", "phase": "new_email"},
        ):
            _set_logged_in_user(_build_account("tester@example.com", "tester"))
            response = ChangeEmailSendEmailApi().post()
@@ -185,7 +185,7 @@ class TestChangeEmailSend:
        with app.test_request_context(
            "/account/change-email",
            method="POST",
-            json={"email": "New@Example.com", "language": "en-US", "phase": "new_email", "token": "token-123"},
+            json={"email": "New@Example.com", "language": "en-US", "token": "token-123"},
        ):
            _set_logged_in_user(_build_account("tester@example.com", "tester"))
            with pytest.raises(InvalidTokenError):
--- a/web/app/account/(commonLayout)/account-page/email-change-modal.tsx
+++ b/web/app/account/(commonLayout)/account-page/email-change-modal.tsx
@@ -58,11 +58,10 @@ const EmailChangeModal = ({ onClose, email, show }: Props) => {
    }, 1000)
  }

-  const sendEmail = async (email: string, isOrigin: boolean, token?: string) => {
+  const sendEmail = async (email: string, token?: string) => {
    try {
      const res = await sendVerifyCode({
        email,
-        phase: isOrigin ? 'old_email' : 'new_email',
        token,
      })
      startCount()
@@ -106,7 +105,6 @@ const EmailChangeModal = ({ onClose, email, show }: Props) => {
  const sendCodeToOriginEmail = async () => {
    await sendEmail(
      email,
-      true,
    )
    setStep(STEP.verifyOrigin)
  }
@@ -162,7 +160,6 @@ const EmailChangeModal = ({ onClose, email, show }: Props) => {
    }
    await sendEmail(
      mail,
-      false,
      stepToken,
    )
    setStep(STEP.verifyNew)
--- a/web/service/common.ts
+++ b/web/service/common.ts
@@ -372,7 +372,7 @@ export const submitDeleteAccountFeedback = (body: { feedback: string, email: str
 export const getDocDownloadUrl = (doc_name: string): Promise<{ url: string }> =>
  get<{ url: string }>('/compliance/download', { params: { doc_name } }, { silent: true })

-export const sendVerifyCode = (body: { email: string, phase: string, token?: string }): Promise<CommonResponse & { data: string }> =>
+export const sendVerifyCode = (body: { email: string, token?: string }): Promise<CommonResponse & { data: string }> =>
  post<CommonResponse & { data: string }>('/account/change-email', { body })

 export const verifyEmail = (body: { email: string, code: string, token: string }): Promise<CommonResponse & { is_valid: boolean, email: string, token: string }> =>