Confirm account password before adding/removing email addresses

Author: sandhose

frontend/locales/en.json

@@ -5,6 +5,7 @@
     "clear": "Clear",
     "close": "Close",
     "collapse": "Collapse",
+    "confirm": "Confirm",
     "continue": "Continue",
     "edit": "Edit",
     "expand": "Expand",
@@ -27,6 +28,7 @@
     "e2ee": "End-to-end encryption",
     "loading": "Loading…",
     "next": "Next",
+    "password": "Password",
     "previous": "Previous",
     "saved": "Saved",
     "saving": "Saving…"
@@ -57,7 +59,9 @@
       "email_field_help": "Add an alternative email you can use to access this account.",
       "email_field_label": "Add email",
       "email_in_use_error": "The entered email is already in use",
-      "email_invalid_error": "The entered email is invalid"
+      "email_invalid_error": "The entered email is invalid",
+      "incorrect_password_error": "Incorrect password, please try again",
+      "password_confirmation": "Confirm your account password to add this email address"
     },
     "browser_session_details": {
       "current_badge": "Current"
@@ -258,7 +262,9 @@
     "user_email": {
       "delete_button_confirmation_modal": {
         "action": "Delete email",
-        "body": "Delete this email?"
+        "body": "Delete this email?",
+        "incorrect_password": "Incorrect password, please try again",
+        "password_confirmation": "Confirm your account password to delete this email address"
       },
       "delete_button_title": "Remove email address",
       "email": "Email"

frontend/src/components/PasswordConfirmation.tsx

@@ -0,0 +1,97 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+import { Button, Form } from "@vector-im/compound-web";
+import type React from "react";
+import { useCallback, useImperativeHandle, useRef, useState } from "react";
+import { useTranslation } from "react-i18next";
+import * as Dialog from "./Dialog";
+
+type ModalRef = {
+  prompt: () => Promise<string>;
+};
+
+type Props = {
+  title: string;
+  destructive?: boolean;
+  ref: React.Ref<ModalRef>;
+};
+
+export const usePasswordConfirmation = () => {
+  const ref = useRef<ModalRef>(null);
+
+  const prompt = useCallback(() => {
+    if (ref.current === null) {
+      throw new Error("PasswordConfirmationModal not mounted");
+    }
+    return ref.current.prompt();
+  }, []);
+
+  return [prompt, ref] as const;
+};
+
+const PasswordConfirmationModal: React.FC<Props> = ({
+  title,
+  destructive,
+  ref,
+}) => {
+  const [open, setOpen] = useState(false);
+  const { t } = useTranslation();
+  const resolversRef = useRef<PromiseWithResolvers<string>>(null);
+
+  useImperativeHandle(ref, () => ({
+    prompt: () => {
+      setOpen(true);
+      if (resolversRef.current === null) {
+        resolversRef.current = Promise.withResolvers();
+      }
+      return resolversRef.current.promise;
+    },
+  }));
+
+  const onOpenChange = useCallback((open: boolean) => {
+    setOpen(open);
+    if (!open) {
+      resolversRef.current?.reject(new Error("User cancelled password prompt"));
+      resolversRef.current = null;
+    }
+  }, []);
+
+  const onSubmit = useCallback((e: React.FormEvent<HTMLFormElement>) => {
+    e.preventDefault();
+    const data = new FormData(e.currentTarget);
+    console.log(data);
+    const password = data.get("password");
+    if (typeof password !== "string") {
+      throw new Error();
+    }
+    resolversRef.current?.resolve(password);
+    resolversRef.current = null;
+    setOpen(false);
+  }, []);
+
+  return (
+    <Dialog.Dialog open={open} onOpenChange={onOpenChange}>
+      <Dialog.Title>{title}</Dialog.Title>
+
+      <Form.Root onSubmit={onSubmit}>
+        <Form.Field name="password">
+          <Form.Label>{t("common.password")}</Form.Label>
+          <Form.PasswordControl autoFocus autoComplete="current-password" />
+        </Form.Field>
+
+        <Button type="submit" kind="primary" destructive={destructive}>
+          {t("action.confirm")}
+        </Button>
+      </Form.Root>
+
+      <Dialog.Close asChild>
+        <Button kind="tertiary">{t("action.cancel")}</Button>
+      </Dialog.Close>
+    </Dialog.Dialog>
+  );
+};
+
+export default PasswordConfirmationModal;

frontend/src/components/UserEmail/UserEmail.module.css

@@ -38,6 +38,7 @@ button[disabled] .user-email-delete-icon {
   display: flex;
   align-items: center;
   gap: var(--cpd-space-4x);
+  border-radius: var(--cpd-space-4x);
   border: 1px solid var(--cpd-color-gray-400);
   padding: var(--cpd-space-3x);
   font: var(--cpd-font-body-md-semibold);

frontend/src/components/UserEmail/UserEmail.tsx

@@ -7,16 +7,25 @@
 import { useMutation, useQueryClient } from "@tanstack/react-query";
 import IconDelete from "@vector-im/compound-design-tokens/assets/web/icons/delete";
 import IconEmail from "@vector-im/compound-design-tokens/assets/web/icons/email";
-import { Button, Form, IconButton, Tooltip } from "@vector-im/compound-web";
-import type { ComponentProps, ReactNode } from "react";
+import {
+  Button,
+  ErrorMessage,
+  Form,
+  IconButton,
+  Tooltip,
+} from "@vector-im/compound-web";
+import { type ReactNode, useCallback, useState } from "react";
 import { Translation, useTranslation } from "react-i18next";
 import { type FragmentType, graphql, useFragment } from "../../gql";
 import { graphqlRequest } from "../../graphql";
 import { Close, Description, Dialog, Title } from "../Dialog";
+import LoadingSpinner from "../LoadingSpinner";
+import PasswordConfirmationModal, {
+  usePasswordConfirmation,
+} from "../PasswordConfirmation";
 import styles from "./UserEmail.module.css";
 
-// This component shows a single user email address, with controls to verify it,
-// resend the verification email, remove it, and set it as the primary email address.
+// This component shows a single user email address, with controls to remove it
 
 export const FRAGMENT = graphql(/* GraphQL */ `
   fragment UserEmail_email on UserEmail {
@@ -25,15 +34,9 @@ export const FRAGMENT = graphql(/* GraphQL */ `
   }
 `);
 
-export const CONFIG_FRAGMENT = graphql(/* GraphQL */ `
-  fragment UserEmail_siteConfig on SiteConfig {
-    emailChangeAllowed
-  }
-`);
-
 const REMOVE_EMAIL_MUTATION = graphql(/* GraphQL */ `
-  mutation RemoveEmail($id: ID!) {
-    removeEmail(input: { userEmailId: $id }) {
+  mutation RemoveEmail($id: ID!, $password: String) {
+    removeEmail(input: { userEmailId: $id, password: $password }) {
       status
 
       user {
@@ -64,92 +67,135 @@ const DeleteButton: React.FC<{ disabled?: boolean; onClick?: () => void }> = ({
   </Translation>
 );
 
-const DeleteButtonWithConfirmation: React.FC<
-  ComponentProps<typeof DeleteButton> & { email: string }
-> = ({ email, onClick, ...rest }) => {
-  const { t } = useTranslation();
-  const onConfirm = (): void => {
-    onClick?.();
-  };
-
-  // NOOP function, otherwise we dont render a cancel button
-  const onDeny = (): void => {};
-
-  return (
-    <Dialog trigger={<DeleteButton {...rest} />}>
-      <Title>
-        {t("frontend.user_email.delete_button_confirmation_modal.body")}
-      </Title>
-      <Description className={styles.emailModalBox}>
-        <IconEmail />
-        <div>{email}</div>
-      </Description>
-      <div className="flex flex-col gap-4">
-        <Close asChild>
-          <Button
-            kind="primary"
-            destructive
-            onClick={onConfirm}
-            Icon={IconDelete}
-          >
-            {t("frontend.user_email.delete_button_confirmation_modal.action")}
-          </Button>
-        </Close>
-        <Close asChild>
-          <Button kind="tertiary" onClick={onDeny}>
-            {t("action.cancel")}
-          </Button>
-        </Close>
-      </div>
-    </Dialog>
-  );
-};
-
 const UserEmail: React.FC<{
   email: FragmentType<typeof FRAGMENT>;
   canRemove?: boolean;
+  shouldPromptPassword?: boolean;
   onRemove?: () => void;
-}> = ({ email, canRemove, onRemove }) => {
+}> = ({ email, canRemove, shouldPromptPassword, onRemove }) => {
   const { t } = useTranslation();
+  const [open, setOpen] = useState(false);
   const data = useFragment(FRAGMENT, email);
   const queryClient = useQueryClient();
+  const [promptPassword, passwordConfirmationRef] = usePasswordConfirmation();
 
   const removeEmail = useMutation({
-    mutationFn: (id: string) =>
-      graphqlRequest({ query: REMOVE_EMAIL_MUTATION, variables: { id } }),
-    onSuccess: (_data) => {
-      onRemove?.();
+    mutationFn: ({ id, password }: { id: string; password?: string }) =>
+      graphqlRequest({
+        query: REMOVE_EMAIL_MUTATION,
+        variables: { id, password },
+      }),
+
+    onSuccess: (data) => {
       queryClient.invalidateQueries({ queryKey: ["currentUserGreeting"] });
       queryClient.invalidateQueries({ queryKey: ["userEmails"] });
+
+      // Don't close the modal unless the mutation was successful removed (or not found)
+      if (
+        data.removeEmail.status !== "NOT_FOUND" &&
+        data.removeEmail.status !== "REMOVED"
+      ) {
+        return;
+      }
+
+      onRemove?.();
+      setOpen(false);
     },
   });
 
-  const onRemoveClick = (): void => {
-    removeEmail.mutate(data.id);
-  };
+  const onRemoveClick = useCallback(
+    async (_e: React.MouseEvent<HTMLButtonElement>): Promise<void> => {
+      let password = undefined;
+      if (shouldPromptPassword) {
+        password = await promptPassword();
+      }
+      removeEmail.mutate({ id: data.id, password });
+    },
+    [data.id, promptPassword, shouldPromptPassword, removeEmail.mutate],
+  );
+
+  const onOpenChange = useCallback(
+    (open: boolean) => {
+      // Don't change the modal state if the mutation is pending
+      if (removeEmail.isPending) return;
+      removeEmail.reset();
+      setOpen(open);
+    },
+    [removeEmail.isPending, removeEmail.reset],
+  );
+
+  const status = removeEmail.data?.removeEmail.status ?? null;
 
   return (
-    <Form.Root>
-      <Form.Field name="email">
-        <Form.Label>{t("frontend.user_email.email")}</Form.Label>
-
-        <div className="flex items-center gap-2">
-          <Form.TextControl
-            type="email"
-            readOnly
-            value={data.email}
-            className={styles.userEmailField}
-          />
-          {canRemove && (
-            <DeleteButtonWithConfirmation
-              email={data.email}
-              disabled={removeEmail.isPending}
-              onClick={onRemoveClick}
+    <>
+      <PasswordConfirmationModal
+        title={t(
+          "frontend.user_email.delete_button_confirmation_modal.password_confirmation",
+        )}
+        destructive
+        ref={passwordConfirmationRef}
+      />
+      <Form.Root>
+        <Form.Field name="email">
+          <Form.Label>{t("frontend.user_email.email")}</Form.Label>
+
+          <div className="flex items-center gap-2">
+            <Form.TextControl
+              type="email"
+              readOnly
+              value={data.email}
+              className={styles.userEmailField}
             />
-          )}
-        </div>
-      </Form.Field>
-    </Form.Root>
+            {canRemove && (
+              <Dialog
+                trigger={<DeleteButton />}
+                open={open}
+                onOpenChange={onOpenChange}
+              >
+                <Title>
+                  {t(
+                    "frontend.user_email.delete_button_confirmation_modal.body",
+                  )}
+                </Title>
+                <Description className={styles.emailModalBox}>
+                  <IconEmail />
+                  <div>{data.email}</div>
+                </Description>
+
+                {status === "INCORRECT_PASSWORD" && (
+                  <ErrorMessage>
+                    {t(
+                      "frontend.user_email.delete_button_confirmation_modal.incorrect_password",
+                    )}
+                  </ErrorMessage>
+                )}
+
+                <div className="flex flex-col gap-4">
+                  <Button
+                    kind="primary"
+                    type="button"
+                    destructive
+                    onClick={onRemoveClick}
+                    disabled={removeEmail.isPending}
+                    Icon={removeEmail.isPending ? undefined : IconDelete}
+                  >
+                    {!!removeEmail.isPending && <LoadingSpinner inline />}
+                    {t(
+                      "frontend.user_email.delete_button_confirmation_modal.action",
+                    )}
+                  </Button>
+                  <Close asChild>
+                    <Button disabled={removeEmail.isPending} kind="tertiary">
+                      {t("action.cancel")}
+                    </Button>
+                  </Close>
+                </div>
+              </Dialog>
+            )}
+          </div>
+        </Form.Field>
+      </Form.Root>
+    </>
   );
 };