use submitted phone number and email in login form

do not use details directly from user object because in the slim chance that the user has phone and email verified and there is a failed email login we display the phone number from the database.
author: Struan Donald <struan@exo.org.uk> 2018-10-23 11:08:18 +0100
committer: Struan Donald <struan@exo.org.uk> 2018-10-23 15:50:20 +0100
commit: a94e6feb1c2da0a2387f4e4c26cd0d6832a15116 (patch)
tree: cc6265a9cefd5ef9c736d3898b058a2545b66c5c
parent: c73e8b5485c4016921777b95582bbe92853f5e4c (diff)
5 files changed, 21 insertions, 4 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm
index f057a31f6..1a1a657a9 100644
--- a/perllib/FixMyStreet/App/Controller/Report/New.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/New.pm
@@ -481,6 +481,9 @@ sub initialize_report : Private {
                 # save the token to delete at the end
                 $c->stash->{partial_token} = $token if $report;
 
+                $c->stash->{email} = $report->user->email;
+                $c->stash->{phone} = $report->user->phone_display;
+
             } else {
                 # no point keeping it if it is done.
                 $token->delete;
@@ -807,6 +810,9 @@ sub process_user : Private {
         $report->user( $user );
         $c->forward('update_user', [ \%params ]);
 
+        $c->stash->{phone} = $report->user->phone_display;
+        $c->stash->{email} = $report->user->email;
+
         if ($c->stash->{contributing_as_body} or $c->stash->{contributing_as_anonymous_user}) {
             $report->name($user->from_body->name);
             $user->name($user->from_body->name) unless $user->name;
@@ -832,6 +838,10 @@ sub process_user : Private {
 
     $c->forward('update_user', [ \%params ]);
 
+    $c->stash->{phone} = Utils::trim_text( $type eq 'phone' ? $report->user->phone_display : $params{phone} );
+    $c->stash->{email} = Utils::trim_text( $type eq 'email' ? $report->user->email : $params{email} );
+
+
     # The user is trying to sign in. We only care about username from the params.
     if ( $c->get_param('submit_sign_in') || $c->get_param('password_sign_in') ) {
         $c->stash->{tfa_data} = {
diff --git a/t/app/controller/report_new.t b/t/app/controller/report_new.t
index 94c7b1231..86d058287 100644
--- a/t/app/controller/report_new.t
+++ b/t/app/controller/report_new.t
@@ -680,6 +680,7 @@ subtest "test password errors for a user who is signing in as they report" => su
         name     => 'Joe Bloggs',
         phone    => '01234 567 890',
         password => 'secret2',
+        phone_verified => 1,
     } ), "set user details";
 
     # submit initial pc form
@@ -715,6 +716,8 @@ subtest "test password errors for a user who is signing in as they report" => su
     is_deeply $mech->page_errors, [
         "There was a problem with your login information. If you cannot remember your password, or do not have one, please fill in the \x{2018}No\x{2019} section of the form.",
     ], "check there were errors";
+
+    $mech->content_lacks('1234', 'phone number not shown');
 };
 
 foreach my $test (
diff --git a/t/app/controller/report_new_text.t b/t/app/controller/report_new_text.t
index cb07e57ee..8b7805c31 100644
--- a/t/app/controller/report_new_text.t
+++ b/t/app/controller/report_new_text.t
@@ -222,6 +222,8 @@ subtest "test password errors for a user who is signing in as they report" => su
         ALLOWED_COBRANDS => [ { fixmystreet => '.' } ],
         MAPIT_URL => 'http://mapit.uk/',
         SMS_AUTHENTICATION => 1,
+        phone_verified => 1,
+        email_verified => 1,
     }, sub {
         $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB', } }, "submit location" );
         $mech->follow_link_ok( { text_regex => qr/skip this step/i, }, "follow 'skip this step' link" );
@@ -245,6 +247,8 @@ subtest "test password errors for a user who is signing in as they report" => su
     is_deeply $mech->page_errors, [
         "There was a problem with your login information. If you cannot remember your password, or do not have one, please fill in the \x{2018}No\x{2019} section of the form.",
     ], "check there were errors";
+
+    $mech->content_lacks($user->email, 'email not displayed');
 };
 
 subtest "test report creation for a user who is signing in as they report" => sub {
diff --git a/templates/web/base/report/new/form_user_loggedout_by_email.html b/templates/web/base/report/new/form_user_loggedout_by_email.html
index 7ede54cd1..73db38795 100644
--- a/templates/web/base/report/new/form_user_loggedout_by_email.html
+++ b/templates/web/base/report/new/form_user_loggedout_by_email.html
@@ -13,12 +13,12 @@
     [% UNLESS c.cobrand.call_hook('disable_phone_number_entry') %]
         <div id="js-hide-if-username-phone">
             <label class="form-focus-hidden" for="form_phone">[% loc('Phone number (optional)') %]</label>
-            <input class="form-control form-focus-hidden" type="text" value="[% report.user.phone_display | html %]" name="phone" id="form_phone">
+            <input class="form-control form-focus-hidden" type="text" value="[% phone | html %]" name="phone" id="form_phone">
         </div>
     [% END %]
     <div id="js-hide-if-username-email">
         <label class="form-focus-hidden" for="form_email">[% loc('Email address (optional)') %]</label>
-        <input class="form-control form-focus-hidden" type="text" value="[% report.user.email | html %]" name="email" id="form_email">
+        <input class="form-control form-focus-hidden" type="text" value="[% email | html %]" name="email" id="form_email">
     </div>
 
     <label class="form-focus-hidden" for="password_register">[% loc('Password (optional)') %]</label>
diff --git a/templates/web/zurich/report/new/fill_in_details_form.html b/templates/web/zurich/report/new/fill_in_details_form.html
index 6d75674c4..bd20efdaa 100644
--- a/templates/web/zurich/report/new/fill_in_details_form.html
+++ b/templates/web/zurich/report/new/fill_in_details_form.html
@@ -54,7 +54,7 @@
                 [% IF field_errors.username %]
                     <p class='form-error'>[% field_errors.username %]</p>
                 [% END %]
-                <input class="form-control" type="email" value="[% report.user.email | html %]" name="username" id="form_username" required>
+                <input class="form-control" type="email" value="[% email | html %]" name="username" id="form_username" required>
 
                 <label for="form_name">[% loc('Name') %] [% loc('(optional)') %]</label>
                 [% IF field_errors.name %]
@@ -66,7 +66,7 @@
                 [% IF field_errors.phone %]
                     <p class='form-error'>[% field_errors.phone %]</p>
                 [% END %]
-                <input class="form-control" type="text" value="[% report.user.phone | html %]" name="phone" id="form_phone" required>
+                <input class="form-control" type="text" value="[% phone | html %]" name="phone" id="form_phone" required>
 
                 <div class="form-txt-submit-box">
                     [%# class of submit_sign_in so name can be optional, name of submit_register so it doesn't try and sign us in %]
author	Struan Donald <struan@exo.org.uk>	2018-10-23 11:08:18 +0100
committer	Struan Donald <struan@exo.org.uk>	2018-10-23 15:50:20 +0100
commit	a94e6feb1c2da0a2387f4e4c26cd0d6832a15116 (patch)
tree	cc6265a9cefd5ef9c736d3898b058a2545b66c5c
parent	c73e8b5485c4016921777b95582bbe92853f5e4c (diff)