From ed89380152f7c902da7191e11a88a8aadc0824d6 Mon Sep 17 00:00:00 2001 From: Emi Matchu Date: Sun, 7 Apr 2024 08:42:41 -0700 Subject: [PATCH] Oops, allow NeoPass to be disconnected if you have no email address That is, you're required to add a password *or* an email before disconnecting your NeoPass, but idk, I think it's rude to demand an email from someone for the sake of *disconnection*. Email is no longer required for accounts that already exist! --- app/models/auth_user.rb | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/app/models/auth_user.rb b/app/models/auth_user.rb index 3c9ce87b..15edcf19 100644 --- a/app/models/auth_user.rb +++ b/app/models/auth_user.rb @@ -33,7 +33,29 @@ class AuthUser < AuthRecord end def email_required? - !uses_omniauth? + # Email is required when creating a new account from scratch, but it isn't + # required when creating a new account via third-party login (e.g. it's + # already taken). It's also okay to remove your email address, though this + if new_record? + # When creating a new account, email is required when building it from + # scratch, but not required when using third-party login. This is mainly + # because third-party login can't reliably offer an unused email! + !uses_omniauth? + else + # TODO: I had wanted to make email required if you already have one, to + # make it harder to accidentally remove? I expected + # `email_before_last_save` to be the way to check this, but it + # seemed to be `nil` when calling this, go figure! For now, we're + # allowing email to be removed. + # + # NOTE: This is important for the case where you're disconnecting a + # NeoPass, but you don't have an email set, because your NeoPass + # email already belonged to another account. I don't think it makes + # sense to require people to add an alternate real email address in + # order to be able to disconnect a NeoPass from a DTI account they + # maybe even created by accident! + false + end end def password_required?