Oops, allow NeoPass to be disconnected if you have no email address

That is, you're required to add a password *or* an email before disconnecting your NeoPass, but idk, I think it's rude to demand an email from someone for the sake of *disconnection*. Email is no longer required for accounts that already exist!
2024-04-07 08:42:41 -07:00 · 2024-04-07 08:42:41 -07:00 · ed89380152
commit ed89380152
parent b5e203c0e5
1 changed files with 23 additions and 1 deletions
--- a/app/models/auth_user.rb
+++ b/app/models/auth_user.rb
@ -33,7 +33,29 @@ class AuthUser < AuthRecord
  end

  def email_required?
-    !uses_omniauth?
+    # Email is required when creating a new account from scratch, but it isn't
+    # required when creating a new account via third-party login (e.g. it's
+    # already taken). It's also okay to remove your email address, though this
+    if new_record?
+      # When creating a new account, email is required when building it from
+      # scratch, but not required when using third-party login. This is mainly
+      # because third-party login can't reliably offer an unused email!
+      !uses_omniauth?
+    else
+      # TODO: I had wanted to make email required if you already have one, to
+      #       make it harder to accidentally remove? I expected
+      #       `email_before_last_save` to be the way to check this, but it
+      #       seemed to be `nil` when calling this, go figure! For now, we're
+      #       allowing email to be removed.
+      #
+      # NOTE: This is important for the case where you're disconnecting a
+      #       NeoPass, but you don't have an email set, because your NeoPass
+      #       email already belonged to another account. I don't think it makes
+      #       sense to require people to add an alternate real email address in
+      #       order to be able to disconnect a NeoPass from a DTI account they
+      #       maybe even created by accident!
+      false
+    end
  end

  def password_required?