API - add endpoint to confirm email change

fittrackee/tests/users/test_auth_api.py

@@ -1866,3 +1866,64 @@ class TestPasswordUpdate(ApiTestCaseMixin):
         data = json.loads(response.data.decode())
         assert data['status'] == 'success'
         assert data['message'] == 'password updated'
+
+
+class TestEmailUpdateWitUnauthenticatedUser(ApiTestCaseMixin):
+    def test_it_returns_error_if_token_is_missing(self, app: Flask) -> None:
+        client = app.test_client()
+
+        response = client.post(
+            '/api/auth/email/update',
+            data=json.dumps(dict()),
+            content_type='application/json',
+        )
+
+        self.assert_400(response)
+
+    def test_it_returns_error_if_token_is_invalid(self, app: Flask) -> None:
+        client = app.test_client()
+
+        response = client.post(
+            '/api/auth/email/update',
+            data=json.dumps(dict(token=random_string())),
+            content_type='application/json',
+        )
+
+        self.assert_400(response)
+
+    def test_it_does_not_update_email_if_token_mismatches(
+        self, app: Flask, user_1: User
+    ) -> None:
+        user_1.confirmation_token = random_string()
+        new_email = 'new.email@example.com'
+        user_1.email_to_confirm = new_email
+        client = app.test_client()
+
+        response = client.post(
+            '/api/auth/email/update',
+            data=json.dumps(dict(token=random_string())),
+            content_type='application/json',
+        )
+
+        self.assert_400(response)
+
+    def test_it_updates_email(self, app: Flask, user_1: User) -> None:
+        token = random_string()
+        user_1.confirmation_token = token
+        new_email = 'new.email@example.com'
+        user_1.email_to_confirm = new_email
+        client = app.test_client()
+
+        response = client.post(
+            '/api/auth/email/update',
+            data=json.dumps(dict(token=token)),
+            content_type='application/json',
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['message'] == 'email updated'
+        assert user_1.email == new_email
+        assert user_1.email_to_confirm is None
+        assert user_1.confirmation_token is None

fittrackee/users/auth.py

@@ -1302,3 +1302,60 @@ def update_password() -> Union[Dict, HttpResponse]:
         }
     except (exc.OperationalError, ValueError) as e:
         return handle_error_and_return_response(e, db=db)
+
+
+@auth_blueprint.route('/auth/email/update', methods=['POST'])
+def update_email() -> Union[Dict, HttpResponse]:
+    """
+    update user email after confirmation
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      POST /api/auth/email/update HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "message": "email updated",
+        "status": "success"
+      }
+
+    :<json string token: password reset token
+
+    :statuscode 200: email updated
+    :statuscode 400: invalid payload
+    :statuscode 500: error, please try again or contact the administrator
+
+    """
+    post_data = request.get_json()
+    if not post_data or post_data.get('token') is None:
+        return InvalidPayloadErrorResponse()
+    token = post_data.get('token')
+
+    try:
+        user = User.query.filter_by(confirmation_token=token).first()
+
+        if not user:
+            return InvalidPayloadErrorResponse()
+
+        user.email = user.email_to_confirm
+        user.email_to_confirm = None
+        user.confirmation_token = None
+
+        db.session.commit()
+
+        response = {
+            'status': 'success',
+            'message': 'email updated',
+        }
+
+        return response
+
+    except (exc.OperationalError, ValueError) as e:
+        return handle_error_and_return_response(e, db=db)