feat(my-account): add pending email change state (#3763)

This PR adds a pending change state to email updates in my account.

Author: chickenn00dle

includes/reader-revenue/my-account/class-woocommerce-my-account.php

@@ -22,6 +22,7 @@ class WooCommerce_My_Account {
 	const DELETE_ACCOUNT_FORM          = 'delete-account-form';
 	const SEND_MAGIC_LINK_PARAM        = 'magic-link';
 	const AFTER_ACCOUNT_DELETION_PARAM = 'account-deleted';
+	const PENDING_EMAIL_CHANGE_META    = 'newspack_pending_email_change';
 
 	/**
 	 * Initialize.
@@ -47,6 +48,7 @@ public static function init() {
 			\add_action( 'template_redirect', [ __CLASS__, 'handle_magic_link_request' ] );
 			\add_action( 'template_redirect', [ __CLASS__, 'redirect_to_account_details' ] );
 			\add_action( 'template_redirect', [ __CLASS__, 'edit_account_prevent_email_update' ] );
+			\add_action( 'woocommerce_save_account_details', [ __CLASS__, 'handle_email_change_request' ] );
 			\add_action( 'init', [ __CLASS__, 'restrict_account_content' ], 100 );
 			\add_filter( 'woocommerce_save_account_details_required_fields', [ __CLASS__, 'remove_required_fields' ] );
 			\add_action( 'template_redirect', [ __CLASS__, 'verify_saved_account_details' ] );
@@ -633,7 +635,6 @@ public static function edit_account_prevent_email_update() {
 			empty( $_POST['account_email'] ) // phpcs:ignore WordPress.Security.NonceVerification.Missing
 			|| ! \is_user_logged_in()
 			|| ! Reader_Activation::is_enabled()
-			|| self::is_email_change_enabled()
 		) {
 			return;
 		}
@@ -785,6 +786,62 @@ public static function is_email_change_enabled() {
 		 */
 		return \apply_filters( 'newspack_email_change_enabled', $is_enabled );
 	}
+
+	/**
+	 * Handle email change request.
+	 *
+	 * @param int $user_id User ID.
+	 */
+	public static function handle_email_change_request( $user_id ) {
+		$new_email = filter_input( INPUT_POST, 'newspack_account_email', FILTER_SANITIZE_EMAIL );
+		if (
+			empty( $new_email )
+			|| ! \is_user_logged_in()
+			|| ! Reader_Activation::is_enabled()
+			|| ! self::is_email_change_enabled()
+		) {
+			return;
+		}
+		$old_email = \wp_get_current_user()->user_email;
+		if ( $new_email === $old_email ) {
+			return;
+		}
+		if ( ! \is_email( $new_email ) ) {
+			\wc_add_notice( __( 'Please enter a valid email address.', 'newspack-plugin' ), 'error' );
+		} elseif ( \email_exists( $new_email ) ) {
+			\wc_add_notice( __( 'This email address is already in use.', 'newspack-plugin' ), 'error' );
+		} else {
+			\update_user_meta( $user_id, self::PENDING_EMAIL_CHANGE_META, $new_email );
+			// TODO: Update email with custom template.
+			\wp_mail( // phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.wp_mail_wp_mail
+				$new_email,
+				__( 'Please verify your new email address', 'newspack-plugin' ),
+				\wp_kses_post(
+					sprintf(
+						// Translators: %s is the verification link.
+						__( 'Please verify your new email address by clicking the following link: %s', 'newspack-plugin' ),
+						\add_query_arg(
+							[
+								'newspack_verify_email' => $new_email,
+								'nonce'                 => \wp_create_nonce( 'newspack_verify_email' ),
+							],
+							\home_url()
+						)
+					)
+				)
+			);
+			\wc_add_notice(
+				sprintf(
+					// Translators: %s is the new email address.
+					__( 'A verification email has been sent to %s. Please verify to complete the change.', 'newspack-plugin' ),
+					$new_email
+				)
+			);
+		}
+		// Redirect and exit ahead of Woo so only our notice is displayed.
+		\wp_safe_redirect( \wc_get_endpoint_url( 'edit-account', '', \wc_get_page_permalink( 'myaccount' ) ) );
+		exit;
+	}
 }
 
 WooCommerce_My_Account::init();

includes/reader-revenue/templates/myaccount-edit-account.php

@@ -32,6 +32,8 @@
 $without_password        = true === Reader_Activation::is_reader_without_password( $user );
 $is_reader               = true === Reader_Activation::is_user_reader( $user );
 $is_email_change_enabled = true === WooCommerce_My_Account::is_email_change_enabled();
+$is_pending_email_change = $user->get( WooCommerce_My_Account::PENDING_EMAIL_CHANGE_META ) ? true : false;
+$display_email           = $is_pending_email_change ? $user->get( WooCommerce_My_Account::PENDING_EMAIL_CHANGE_META ) : $user->user_email;
 ?>
 
 <?php
@@ -65,7 +67,8 @@ class="woocommerce-Input woocommerce-Input--text input-text"
 	<p class="woocommerce-form-row woocommerce-form-row--wide form-row form-row-wide mt0">
 		<label for="account_email_display"><?php \esc_html_e( 'Email address', 'newspack-plugin' ); ?>
 		<?php if ( $is_email_change_enabled ) : ?>
-		<input type="email" class="woocommerce-Input woocommerce-Input--email input-text" name="account_email" id="account_email" autocomplete="email" value="<?php echo \esc_attr( $user->user_email ); ?>" />
+		<input type="email" class="woocommerce-Input woocommerce-Input--email input-text" name="newspack_account_email" id="newspack_account_email" autocomplete="email" <?php echo \esc_attr( $is_pending_email_change ? 'disabled' : '' ); ?> value="<?php echo \esc_attr( $display_email ); ?>" />
+		<input type="hidden" class="woocommerce-Input woocommerce-Input--email input-text" name="account_email" id="account_email" autocomplete="email" value="<?php echo \esc_attr( $user->user_email ); ?>" />
 		<?php else : ?>
 		<input type="email" class="woocommerce-Input woocommerce-Input--email input-text" name="account_email_display" id="account_email_display" autocomplete="email" disabled value="<?php echo \esc_attr( $user->user_email ); ?>" />
 		<input type="hidden" class="woocommerce-Input woocommerce-Input--email input-text" name="account_email" id="account_email" autocomplete="email" value="<?php echo \esc_attr( $user->user_email ); ?>" />