Log user in with new email when updating email

chriscarrollsmith · chriscarrollsmith · commit 4e0f3640d0ee · 2024-12-26T20:21:43.000-05:00
diff --git a/routers/authentication.py b/routers/authentication.py
@@ -357,19 +357,31 @@ async def confirm_email_update(
     if not user or not update_token:
         raise AuthenticationError()
 
-    # Get the new email from the most recent unconfirmed token
-    if update_token.is_expired():
-        raise HTTPException(
-            status_code=400,
-            detail="Token has expired"
-        )
-
     # Update email and mark token as used
     user.email = new_email
     update_token.used = True
     session.commit()
 
-    return RedirectResponse(
-        url="/login?email_updated=true",
+    # Create new tokens with the updated email
+    access_token = create_access_token(data={"sub": new_email})
+    refresh_token = create_refresh_token(data={"sub": new_email})
+
+    response = RedirectResponse(
+        url="/profile?email_updated=true",
         status_code=303
     )
+    response.set_cookie(
+        key="access_token",
+        value=access_token,
+        httponly=True,
+        secure=True,
+        samesite="strict"
+    )
+    response.set_cookie(
+        key="refresh_token",
+        value=refresh_token,
+        httponly=True,
+        secure=True,
+        samesite="strict"
+    )
+    return response
diff --git a/templates/authentication/login.html b/templates/authentication/login.html
@@ -6,13 +6,6 @@
 
 {% block auth_content %}
 <div class="login-form">
-
-    {% if email_updated == "true" %}
-    <div class="alert alert-success" role="alert">
-        Your email address has been successfully updated. Please login with your new email address.
-    </div>
-    {% endif %}
-
     <form method="POST" action="{{ url_for('login') }}" class="needs-validation" novalidate>
         <!-- Email Input -->
         <div class="mb-3">
diff --git a/templates/users/profile.html b/templates/users/profile.html
@@ -14,6 +14,12 @@ <h1 class="mb-4">User Profile</h1>
     </div>
     {% endif %}
 
+    {% if email_updated == "true" %}
+    <div class="alert alert-success" role="alert">
+        Your email address has been successfully updated.
+    </div>
+    {% endif %}
+
     <!-- Basic Information -->
     <div class="card mb-4" id="basic-info">
         <div class="card-header">
