Allow change account email (baserow#4329)

Author: bram2w

backend/src/baserow/api/user/errors.py

@@ -79,3 +79,15 @@
     HTTP_400_BAD_REQUEST,
     "The provided refresh token is already blacklisted.",
 )
+
+ERROR_CHANGE_EMAIL_NOT_ALLOWED = (
+    "ERROR_CHANGE_EMAIL_NOT_ALLOWED",
+    HTTP_400_BAD_REQUEST,
+    "Email changes are only allowed for password-based accounts.",
+)
+
+ERROR_EMAIL_ALREADY_CHANGED = (
+    "ERROR_EMAIL_ALREADY_CHANGED",
+    HTTP_400_BAD_REQUEST,
+    "The email address has already been changed to the requested address.",
+)

backend/src/baserow/api/user/serializers.py

@@ -246,6 +246,22 @@ class ChangePasswordBodyValidationSerializer(serializers.Serializer):
     new_password = serializers.CharField(validators=[password_validation])
 
 
+class SendChangeEmailConfirmationSerializer(serializers.Serializer):
+    new_email = serializers.EmailField(help_text="The new email address to change to.")
+    password = serializers.CharField(
+        help_text="The current password of the user for verification."
+    )
+    base_url = serializers.URLField(
+        help_text="The base URL where the user can confirm the email change. The "
+        "confirmation token is going to be appended to the base_url "
+        "(base_url '/token')."
+    )
+
+
+class ChangeEmailSerializer(serializers.Serializer):
+    token = serializers.CharField(help_text="The confirmation token.")
+
+
 class VerifyEmailAddressSerializer(serializers.Serializer):
     token = serializers.CharField()
 

backend/src/baserow/api/user/urls.py

@@ -3,13 +3,15 @@
 from .views import (
     AccountView,
     BlacklistJSONWebToken,
+    ChangeEmailView,
     ChangePasswordView,
     DashboardView,
     ObtainJSONWebToken,
     RedoView,
     RefreshJSONWebToken,
     ResetPasswordView,
     ScheduleAccountDeletionView,
+    SendChangeEmailConfirmationView,
     SendResetPasswordEmailView,
     SendVerifyEmailView,
     ShareOnboardingDetailsWithBaserowView,
@@ -43,6 +45,12 @@
     re_path(
         r"^change-password/$", ChangePasswordView.as_view(), name="change_password"
     ),
+    re_path(
+        r"^send-change-email-confirmation/$",
+        SendChangeEmailConfirmationView.as_view(),
+        name="send_change_email_confirmation",
+    ),
+    re_path(r"^change-email/$", ChangeEmailView.as_view(), name="change_email"),
     re_path(
         r"^send-verify-email/$", SendVerifyEmailView.as_view(), name="send_verify_email"
     ),

backend/src/baserow/api/user/views.py

@@ -57,18 +57,22 @@
 from baserow.core.handler import CoreHandler
 from baserow.core.models import Settings, Template, WorkspaceInvitation
 from baserow.core.user.actions import (
+    ChangeEmailActionType,
     ChangeUserPasswordActionType,
     CreateUserActionType,
     ResetUserPasswordActionType,
     ScheduleUserDeletionActionType,
+    SendChangeEmailConfirmationActionType,
     SendResetUserPasswordActionType,
     SendVerifyEmailAddressActionType,
     UpdateUserActionType,
     VerifyEmailAddressActionType,
 )
 from baserow.core.user.exceptions import (
+    ChangeEmailNotAllowed,
     DeactivatedUserException,
     DisabledSignupError,
+    EmailAlreadyChanged,
     EmailAlreadyVerified,
     InvalidPassword,
     InvalidVerificationToken,
@@ -84,10 +88,12 @@
 from .errors import (
     ERROR_ALREADY_EXISTS,
     ERROR_AUTH_PROVIDER_DISABLED,
+    ERROR_CHANGE_EMAIL_NOT_ALLOWED,
     ERROR_CLIENT_SESSION_ID_HEADER_NOT_SET,
     ERROR_DEACTIVATED_USER,
     ERROR_DISABLED_RESET_PASSWORD,
     ERROR_DISABLED_SIGNUP,
+    ERROR_EMAIL_ALREADY_CHANGED,
     ERROR_EMAIL_ALREADY_VERIFIED,
     ERROR_EMAIL_VERIFICATION_REQUIRED,
     ERROR_INVALID_CREDENTIALS,
@@ -107,10 +113,12 @@
 )
 from .serializers import (
     AccountSerializer,
+    ChangeEmailSerializer,
     ChangePasswordBodyValidationSerializer,
     DashboardSerializer,
     RegisterSerializer,
     ResetPasswordBodyValidationSerializer,
+    SendChangeEmailConfirmationSerializer,
     SendResetPasswordEmailBodyValidationSerializer,
     SendVerifyEmailAddressSerializer,
     ShareOnboardingDetailsWithBaserowSerializer,
@@ -482,6 +490,104 @@ def post(self, request, data):
         return Response(status=204)
 
 
+class SendChangeEmailConfirmationView(APIView):
+    permission_classes = (IsAuthenticated,)
+
+    @extend_schema(
+        tags=["User"],
+        request=SendChangeEmailConfirmationSerializer,
+        operation_id="send_change_email_confirmation",
+        description=(
+            "Sends an email to the new email address containing a confirmation link. "
+            "The user must provide their current password to initiate this request. "
+            f"The link is going to be valid for "
+            f"{int(settings.CHANGE_EMAIL_TOKEN_MAX_AGE / 60 / 60)} hours."
+        ),
+        responses={
+            204: None,
+            400: get_error_schema(
+                [
+                    "ERROR_REQUEST_BODY_VALIDATION",
+                    "ERROR_HOSTNAME_IS_NOT_ALLOWED",
+                    "ERROR_INVALID_OLD_PASSWORD",
+                    "ERROR_ALREADY_EXISTS",
+                    "ERROR_CHANGE_EMAIL_NOT_ALLOWED",
+                    "ERROR_AUTH_PROVIDER_DISABLED",
+                ]
+            ),
+        },
+    )
+    @transaction.atomic
+    @map_exceptions(
+        {
+            BaseURLHostnameNotAllowed: ERROR_HOSTNAME_IS_NOT_ALLOWED,
+            InvalidPassword: ERROR_INVALID_OLD_PASSWORD,
+            UserAlreadyExist: ERROR_ALREADY_EXISTS,
+            AuthProviderDisabled: ERROR_AUTH_PROVIDER_DISABLED,
+            ChangeEmailNotAllowed: ERROR_CHANGE_EMAIL_NOT_ALLOWED,
+        }
+    )
+    @validate_body(SendChangeEmailConfirmationSerializer)
+    def post(self, request, data):
+        """
+        Sends a confirmation email to the new email address if the password is correct.
+        """
+
+        action_type_registry.get(SendChangeEmailConfirmationActionType.type).do(
+            request.user, data["new_email"], data["password"], data["base_url"]
+        )
+
+        return Response(status=204)
+
+
+class ChangeEmailView(APIView):
+    permission_classes = (AllowAny,)
+
+    @extend_schema(
+        tags=["User"],
+        request=ChangeEmailSerializer,
+        operation_id="change_email",
+        description=(
+            "Changes the email address of a user if the confirmation token is valid. "
+            "The **send_change_email_confirmation** endpoint sends an email to the "
+            "new address containing the token. That token can be used to change the "
+            "email address here."
+        ),
+        responses={
+            204: None,
+            400: get_error_schema(
+                [
+                    "BAD_TOKEN_SIGNATURE",
+                    "EXPIRED_TOKEN_SIGNATURE",
+                    "ERROR_USER_NOT_FOUND",
+                    "ERROR_ALREADY_EXISTS",
+                    "ERROR_EMAIL_ALREADY_CHANGED",
+                    "ERROR_REQUEST_BODY_VALIDATION",
+                ]
+            ),
+        },
+        auth=[],
+    )
+    @transaction.atomic
+    @map_exceptions(
+        {
+            BadSignature: BAD_TOKEN_SIGNATURE,
+            BadTimeSignature: BAD_TOKEN_SIGNATURE,
+            SignatureExpired: EXPIRED_TOKEN_SIGNATURE,
+            UserNotFound: ERROR_USER_NOT_FOUND,
+            UserAlreadyExist: ERROR_ALREADY_EXISTS,
+            EmailAlreadyChanged: ERROR_EMAIL_ALREADY_CHANGED,
+        }
+    )
+    @validate_body(ChangeEmailSerializer)
+    def post(self, request, data):
+        """Changes the user's email address if the provided token is valid."""
+
+        action_type_registry.get(ChangeEmailActionType.type).do(data["token"])
+
+        return Response(status=204)
+
+
 class AccountView(APIView):
     permission_classes = (IsAuthenticated,)
 

backend/src/baserow/config/settings/base.py

@@ -779,6 +779,7 @@ def __setitem__(self, key, value):
 
 FROM_EMAIL = os.getenv("FROM_EMAIL", "no-reply@localhost")
 RESET_PASSWORD_TOKEN_MAX_AGE = 60 * 60 * 48  # 48 hours
+CHANGE_EMAIL_TOKEN_MAX_AGE = 60 * 60 * 12  # 12 hours
 
 ROW_PAGE_SIZE_LIMIT = int(os.getenv("BASEROW_ROW_PAGE_SIZE_LIMIT", 200))
 BATCH_ROWS_SIZE_LIMIT = int(

backend/src/baserow/contrib/builder/locale/en/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-11-17 15:17+0000\n"
+"POT-Creation-Date: 2025-11-25 13:02+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -46,7 +46,7 @@ msgstr ""
 msgid "Last name"
 msgstr ""
 
-#: src/baserow/contrib/builder/data_providers/data_provider_types.py:619
+#: src/baserow/contrib/builder/data_providers/data_provider_types.py:621
 #, python-format
 msgid "%(user_source_name)s member"
 msgstr ""

backend/src/baserow/core/apps.py

@@ -323,10 +323,12 @@ def ready(self):
 
         from baserow.core.user.actions import (
             CancelUserDeletionActionType,
+            ChangeEmailActionType,
             ChangeUserPasswordActionType,
             CreateUserActionType,
             ResetUserPasswordActionType,
             ScheduleUserDeletionActionType,
+            SendChangeEmailConfirmationActionType,
             SendResetUserPasswordActionType,
             SendVerifyEmailAddressActionType,
             SignInUserActionType,
@@ -344,6 +346,8 @@ def ready(self):
         action_type_registry.register(ResetUserPasswordActionType())
         action_type_registry.register(SendVerifyEmailAddressActionType())
         action_type_registry.register(VerifyEmailAddressActionType())
+        action_type_registry.register(SendChangeEmailConfirmationActionType())
+        action_type_registry.register(ChangeEmailActionType())
 
         from baserow.core.action.scopes import (
             ApplicationActionScopeType,

backend/src/baserow/core/locale/en/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-11-17 15:17+0000\n"
+"POT-Creation-Date: 2025-11-25 13:02+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -108,8 +108,8 @@ msgstr ""
 #, python-format
 msgid ""
 "Application \"%(application_name)s\" (%(application_id)s) of type "
-"%(application_type)s duplicated from \"%(original_application_name)s\" "
-"(%(original_application_id)s)"
+"%(application_type)s duplicated from "
+"\"%(original_application_name)s\" (%(original_application_id)s)"
 msgstr ""
 
 #: src/baserow/core/actions.py:709
@@ -130,8 +130,8 @@ msgstr ""
 #: src/baserow/core/actions.py:796
 #, python-format
 msgid ""
-"Group invitation created for \"%(email)s\" to join \"%(group_name)s\" "
-"(%(group_id)s) as %(permissions)s."
+"Group invitation created for \"%(email)s\" to join "
+"\"%(group_name)s\" (%(group_id)s) as %(permissions)s."
 msgstr ""
 
 #: src/baserow/core/actions.py:851
@@ -242,7 +242,7 @@ msgstr ""
 msgid "Decimal number"
 msgstr ""
 
-#: src/baserow/core/handler.py:2187 src/baserow/core/user/handler.py:267
+#: src/baserow/core/handler.py:2187 src/baserow/core/user/handler.py:269
 #, python-format
 msgid "%(name)s's workspace"
 msgstr ""
@@ -341,6 +341,7 @@ msgstr[1] ""
 #: src/baserow/core/templates/baserow/core/user/account_deleted.html:188
 #: src/baserow/core/templates/baserow/core/user/account_deletion_cancelled.html:188
 #: src/baserow/core/templates/baserow/core/user/account_deletion_scheduled.html:193
+#: src/baserow/core/templates/baserow/core/user/change_email_confirmation.html:211
 #: src/baserow/core/templates/baserow/core/user/reset_password.html:211
 #: src/baserow/core/templates/baserow/core/workspace_invitation.html:215
 msgid ""
@@ -389,6 +390,30 @@ msgid ""
 "just have to login again."
 msgstr ""
 
+#: src/baserow/core/templates/baserow/core/user/change_email_confirmation.html:176
+msgid "Confirm email address change"
+msgstr ""
+
+#: src/baserow/core/templates/baserow/core/user/change_email_confirmation.html:181
+#, python-format
+msgid ""
+"A request was made to change the email address for your Baserow account from "
+"%(old_email)s to %(new_email)s on Baserow "
+"(%(baserow_embedded_share_hostname)s). If you did not authorize this, you "
+"may simply ignore this email."
+msgstr ""
+
+#: src/baserow/core/templates/baserow/core/user/change_email_confirmation.html:186
+#, python-format
+msgid ""
+"To confirm your email address change, simply click the button below. This "
+"link will expire in %(hours)s hours."
+msgstr ""
+
+#: src/baserow/core/templates/baserow/core/user/change_email_confirmation.html:195
+msgid "Confirm email change"
+msgstr ""
+
 #: src/baserow/core/templates/baserow/core/user/email_pending_verification.html:181
 msgid "Thank you for using Baserow"
 msgstr ""
@@ -496,8 +521,9 @@ msgstr ""
 #: src/baserow/core/user/actions.py:27
 #, python-format
 msgid ""
-"User \"%(user_email)s\" (%(user_id)s) created via \"%(auth_provider_type)s\" "
-"(%(auth_provider_id)s) auth provider (invitation: %(with_invitation_token)s)"
+"User \"%(user_email)s\" (%(user_id)s) created via "
+"\"%(auth_provider_type)s\" (%(auth_provider_id)s) auth provider (invitation: "
+"%(with_invitation_token)s)"
 msgstr ""
 
 #: src/baserow/core/user/actions.py:119
@@ -587,6 +613,28 @@ msgstr ""
 msgid "User \"%(user_email)s\" (%(user_id)s) verify email"
 msgstr ""
 
+#: src/baserow/core/user/actions.py:510
+msgid "Send change email confirmation"
+msgstr ""
+
+#: src/baserow/core/user/actions.py:512
+#, python-format
+msgid ""
+"User \"%(user_email)s\" (%(user_id)s) requested to change email to "
+"\"%(new_email)s\""
+msgstr ""
+
+#: src/baserow/core/user/actions.py:558
+msgid "Change email"
+msgstr ""
+
+#: src/baserow/core/user/actions.py:560
+#, python-format
+msgid ""
+"User \"%(old_email)s\" (%(user_id)s) changed email to \"%(new_email)s\" by "
+"using the token."
+msgstr ""
+
 #: src/baserow/core/user/emails.py:16
 msgid "Reset password - Baserow"
 msgstr ""
@@ -602,3 +650,7 @@ msgstr ""
 #: src/baserow/core/user/emails.py:74
 msgid "Account deletion cancelled - Baserow"
 msgstr ""
+
+#: src/baserow/core/user/emails.py:94
+msgid "Confirm email address change - Baserow"
+msgstr ""