Add an option to disable the requirement for email verification before publishing

JWorthe · JWorthe · commit 3b983b056ee1 · 2020-12-03T12:31:46.000+02:00
diff --git a/.env.sample b/.env.sample
@@ -60,3 +60,7 @@ export GH_CLIENT_SECRET=
 # Credentials for connecting to the Sentry error reporting service.
 # export SENTRY_DSN_API=
 export SENTRY_ENV_API=local
+
+# If you don't require users to complete email verification before
+# they can publish a crate, uncomment this line.
+# export DISABLE_EMAIL_VERIFICATION_REQUIREMENT=1
diff --git a/src/config.rs b/src/config.rs
@@ -18,6 +18,7 @@ pub struct Config {
     pub blocked_traffic: Vec<(String, Vec<String>)>,
     pub domain_name: String,
     pub allowed_origins: Vec<String>,
+    pub require_email_verification: bool,
 }
 
 impl Default for Config {
@@ -44,6 +45,8 @@ impl Default for Config {
     /// - `READ_ONLY_REPLICA_URL`: The URL of an optional postgres read-only replica database.
     /// - `BLOCKED_TRAFFIC`: A list of headers and environment variables to use for blocking
     ///.  traffic. See the `block_traffic` module for more documentation.
+    /// - `DISABLE_EMAIL_VERIFICATION_REQUIREMENT`: Disable the requirement that email must be
+    ///.  verified before publishing a crate.
     fn default() -> Config {
         let api_protocol = String::from("https");
         let mirror = if dotenv::var("MIRROR").is_ok() {
@@ -142,6 +145,7 @@ impl Default for Config {
             blocked_traffic: blocked_traffic(),
             domain_name: domain_name(),
             allowed_origins,
+            require_email_verification: require_email_verification(),
         }
     }
 }
@@ -150,6 +154,10 @@ pub(crate) fn domain_name() -> String {
     dotenv::var("DOMAIN_NAME").unwrap_or_else(|_| "crates.io".into())
 }
 
+fn require_email_verification() -> bool {
+    !dotenv::var("DISABLE_EMAIL_VERIFICATION_REQUIREMENT").is_ok()
+}
+
 fn blocked_traffic() -> Vec<(String, Vec<String>)> {
     let pattern_list = dotenv::var("BLOCKED_TRAFFIC").unwrap_or_default();
     parse_traffic_patterns(&pattern_list)
diff --git a/src/controllers/krate/publish.rs b/src/controllers/krate/publish.rs
@@ -49,14 +49,25 @@ pub fn publish(req: &mut dyn RequestExt) -> EndpointResult {
     let api_token_id = ids.api_token_id();
     let user = ids.user();
 
-    let verified_email_address = user.verified_email(&conn)?;
-    let verified_email_address = verified_email_address.ok_or_else(|| {
-        cargo_err(&format!(
-            "A verified email address is required to publish crates to crates.io. \
-             Visit https://{}/me to set and verify your email address.",
-            app.config.domain_name,
-        ))
-    })?;
+    let email_address = if app.config.require_email_verification {
+        let verified_email_address = user.verified_email(&conn)?;
+        verified_email_address.ok_or_else(|| {
+            cargo_err(&format!(
+                "A verified email address is required to publish crates to crates.io. \
+                 Visit https://{}/me to set and verify your email address.",
+                app.config.domain_name,
+            ))
+        })?
+    } else {
+        let email_address = user.email(&conn)?;
+        email_address.ok_or_else(|| {
+            cargo_err(&format!(
+                "An email address is required to publish crates to crates.io. \
+                 Visit https://{}/me to set and verify your email address.",
+                app.config.domain_name,
+            ))
+        })?
+    };
 
     // Create a transaction on the database, if there are no errors,
     // commit the transactions to record a new or updated crate.
@@ -151,7 +162,7 @@ pub fn publish(req: &mut dyn RequestExt) -> EndpointResult {
             file_length as i32,
             user.id,
         )?
-        .save(&conn, &new_crate.authors, &verified_email_address)?;
+        .save(&conn, &new_crate.authors, &email_address)?;
 
         insert_version_owner_action(
             &conn,
diff --git a/src/tests/all.rs b/src/tests/all.rs
@@ -140,6 +140,7 @@ fn simple_config() -> Config {
         blocked_traffic: Default::default(),
         domain_name: "crates.io".into(),
         allowed_origins: Vec::new(),
+        require_email_verification: true,
     }
 }
 
diff --git a/src/tests/http-data/krate_publish_new_krate_records_with_unverified_email_if_email_verification_disabled b/src/tests/http-data/krate_publish_new_krate_records_with_unverified_email_if_email_verification_disabled
@@ -0,0 +1,69 @@
+[
+  {
+    "request": {
+      "uri": "http://alexcrichton-test.s3.amazonaws.com/crates/foo_unverified_email/foo_unverified_email-1.0.0.crate",
+      "method": "PUT",
+      "headers": [
+        [
+          "accept",
+          "*/*"
+        ],
+        [
+          "content-length",
+          "35"
+        ],
+        [
+          "host",
+          "alexcrichton-test.s3.amazonaws.com"
+        ],
+        [
+          "accept-encoding",
+          "gzip"
+        ],
+        [
+          "content-type",
+          "application/x-tar"
+        ],
+        [
+          "authorization",
+          "AWS AKIAICL5IWUZYWWKA7JA:uDc39eNdF6CcwB+q+JwKsoDLQc4="
+        ],
+        [
+          "date",
+          "Fri, 15 Sep 2017 07:53:06 -0700"
+        ]
+      ],
+      "body": "H4sIAAAAAAAA/+3AAQEAAACCIP+vbkhQwKsBLq+17wAEAAA="
+    },
+    "response": {
+      "status": 200,
+      "headers": [
+        [
+          "x-amz-request-id",
+          "26589A5E52F8395C"
+        ],
+        [
+          "ETag",
+          "\"f9016ad360cebb4fe2e6e96e5949f022\""
+        ],
+        [
+          "date",
+          "Fri, 15 Sep 2017 14:53:07 GMT"
+        ],
+        [
+          "content-length",
+          "0"
+        ],
+        [
+          "x-amz-id-2",
+          "JdIvnNTw53aqXjBIqBLNuN4kxf/w1XWX+xuIiGBDYy7yzOSDuAMtBSrTW4ZWetcCIdqCUHuQ51A="
+        ],
+        [
+          "Server",
+          "AmazonS3"
+        ]
+      ],
+      "body": ""
+    }
+  }
+]
diff --git a/src/tests/krate/publish.rs b/src/tests/krate/publish.rs
@@ -619,6 +619,32 @@ fn new_krate_with_unverified_email_fails() {
     );
 }
 
+#[test]
+fn new_krate_records_with_unverified_email_if_email_verification_disabled() {
+    let (app, _, _, token) = TestApp::full()
+        .with_config(|c| c.require_email_verification = false)
+        .with_token();
+
+    app.db(|conn| {
+        update(emails::table)
+            .set((emails::verified.eq(false),))
+            .execute(conn)
+            .unwrap();
+    });
+
+    let crate_to_publish = PublishBuilder::new("foo_unverified_email");
+
+    token.enqueue_publish(crate_to_publish).good();
+
+    app.db(|conn| {
+        let email: String = versions_published_by::table
+            .select(versions_published_by::email)
+            .first(conn)
+            .unwrap();
+        assert_eq!(email, "something@example.com");
+    });
+}
+
 #[test]
 fn new_krate_records_verified_email() {
     let (app, _, _, token) = TestApp::full().with_token();

Original file line number	Diff line number	Diff line change
`@@ -140,6 +140,7 @@ fn simple_config() -> Config {`
`140`	`140`	`blocked_traffic: Default::default(),`
`141`	`141`	`domain_name: "crates.io".into(),`
`142`	`142`	`allowed_origins: Vec::new(),`
	`143`	`+ require_email_verification: true,`
`143`	`144`	`}`
`144`	`145`	`}`
`145`	`146`