Warn when a crate publisher doesn't have a verified email address

See:
rust-lang/crates-io-cargo-teams#8

Author: carols10cents

src/controllers/krate/publish.rs

@@ -64,6 +64,16 @@ pub fn publish(req: &mut dyn Request) -> CargoResult<Response> {
     let categories: Vec<_> = categories.iter().map(|k| &***k).collect();
 
     let conn = req.db_conn()?;
+
+    let mut other_warnings = vec![];
+    if !user.has_verified_email(&conn)? {
+        other_warnings.push(String::from(
+            "You do not currently have a verified email address associated with your crates.io \
+             account. Starting 2019-02-28, a verified email will be required to publish crates. \
+             Visit https://crates.io/me to set and verify your email address.",
+        ));
+    }
+
     // Create a transaction on the database, if there are no errors,
     // commit the transactions to record a new or updated crate.
     conn.transaction(|| {
@@ -199,6 +209,7 @@ pub fn publish(req: &mut dyn Request) -> CargoResult<Response> {
         let warnings = PublishWarnings {
             invalid_categories: ignored_invalid_categories,
             invalid_badges: ignored_invalid_badges,
+            other: other_warnings,
         };
 
         Ok(req.json(&GoodCrate {

src/models/user.rs

@@ -154,6 +154,16 @@ impl User {
         Ok(best)
     }
 
+    pub fn has_verified_email(&self, conn: &PgConnection) -> CargoResult<bool> {
+        use diesel::dsl::exists;
+        let email_exists = diesel::select(exists(
+            emails::table
+                .filter(emails::user_id.eq(self.id))
+                .filter(emails::verified.eq(true)),
+        )).get_result(&*conn)?;
+        Ok(email_exists)
+    }
+
     /// Converts this `User` model into an `EncodablePrivateUser` for JSON serialization.
     pub fn encodable_private(
         self,

src/tests/http-data/krate_new_krate_with_unverified_email_warns

@@ -0,0 +1,73 @@
+[
+  {
+    "request": {
+      "uri": "http://alexcrichton-test.s3.amazonaws.com/crates/foo_unverified_email/foo_unverified_email-1.0.0.crate",
+      "method": "PUT",
+      "headers": [
+        [
+          "accept",
+          "*/*"
+        ],
+        [
+          "content-length",
+          "35"
+        ],
+        [
+          "host",
+          "alexcrichton-test.s3.amazonaws.com"
+        ],
+        [
+          "accept-encoding",
+          "gzip"
+        ],
+        [
+          "user-agent",
+          "reqwest/0.9.1"
+        ],
+        [
+          "content-type",
+          "application/x-tar"
+        ],
+        [
+          "authorization",
+          "AWS AKIAICL5IWUZYWWKA7JA:uDc39eNdF6CcwB+q+JwKsoDLQc4="
+        ],
+        [
+          "date",
+          "Fri, 15 Sep 2017 07:53:06 -0700"
+        ]
+      ],
+      "body": "H4sIAAAAAAAA/+3AAQEAAACCIP+vbkhQwKsBLq+17wAEAAA="
+    },
+    "response": {
+      "status": 200,
+      "headers": [
+        [
+          "x-amz-request-id",
+          "26589A5E52F8395C"
+        ],
+        [
+          "ETag",
+          "\"f9016ad360cebb4fe2e6e96e5949f022\""
+        ],
+        [
+          "date",
+          "Fri, 15 Sep 2017 14:53:07 GMT"
+        ],
+        [
+          "content-length",
+          "0"
+        ],
+        [
+          "x-amz-id-2",
+          "JdIvnNTw53aqXjBIqBLNuN4kxf/w1XWX+xuIiGBDYy7yzOSDuAMtBSrTW4ZWetcCIdqCUHuQ51A="
+        ],
+        [
+          "Server",
+          "AmazonS3"
+        ]
+      ],
+      "body": ""
+    }
+  }
+]

src/tests/http-data/krate_new_krate_with_verified_email_doesnt_warn

@@ -0,0 +1,73 @@
+[
+  {
+    "request": {
+      "uri": "http://alexcrichton-test.s3.amazonaws.com/crates/foo_verified_email/foo_verified_email-1.0.0.crate",
+      "method": "PUT",
+      "headers": [
+        [
+          "accept",
+          "*/*"
+        ],
+        [
+          "content-length",
+          "35"
+        ],
+        [
+          "host",
+          "alexcrichton-test.s3.amazonaws.com"
+        ],
+        [
+          "accept-encoding",
+          "gzip"
+        ],
+        [
+          "user-agent",
+          "reqwest/0.9.1"
+        ],
+        [
+          "content-type",
+          "application/x-tar"
+        ],
+        [
+          "authorization",
+          "AWS AKIAICL5IWUZYWWKA7JA:uDc39eNdF6CcwB+q+JwKsoDLQc4="
+        ],
+        [
+          "date",
+          "Fri, 15 Sep 2017 07:53:06 -0700"
+        ]
+      ],
+      "body": "H4sIAAAAAAAA/+3AAQEAAACCIP+vbkhQwKsBLq+17wAEAAA="
+    },
+    "response": {
+      "status": 200,
+      "headers": [
+        [
+          "x-amz-request-id",
+          "26589A5E52F8395C"
+        ],
+        [
+          "ETag",
+          "\"f9016ad360cebb4fe2e6e96e5949f022\""
+        ],
+        [
+          "date",
+          "Fri, 15 Sep 2017 14:53:07 GMT"
+        ],
+        [
+          "content-length",
+          "0"
+        ],
+        [
+          "x-amz-id-2",
+          "JdIvnNTw53aqXjBIqBLNuN4kxf/w1XWX+xuIiGBDYy7yzOSDuAMtBSrTW4ZWetcCIdqCUHuQ51A="
+        ],
+        [
+          "Server",
+          "AmazonS3"
+        ]
+      ],
+      "body": ""
+    }
+  }
+]

src/tests/http-data/krate_new_krate_without_any_email_warns

@@ -0,0 +1,73 @@
+[
+  {
+    "request": {
+      "uri": "http://alexcrichton-test.s3.amazonaws.com/crates/foo_no_email/foo_no_email-1.0.0.crate",
+      "method": "PUT",
+      "headers": [
+        [
+          "accept",
+          "*/*"
+        ],
+        [
+          "content-length",
+          "35"
+        ],
+        [
+          "host",
+          "alexcrichton-test.s3.amazonaws.com"
+        ],
+        [
+          "accept-encoding",
+          "gzip"
+        ],
+        [
+          "user-agent",
+          "reqwest/0.9.1"
+        ],
+        [
+          "content-type",
+          "application/x-tar"
+        ],
+        [
+          "authorization",
+          "AWS AKIAICL5IWUZYWWKA7JA:uDc39eNdF6CcwB+q+JwKsoDLQc4="
+        ],
+        [
+          "date",
+          "Fri, 15 Sep 2017 07:53:06 -0700"
+        ]
+      ],
+      "body": "H4sIAAAAAAAA/+3AAQEAAACCIP+vbkhQwKsBLq+17wAEAAA="
+    },
+    "response": {
+      "status": 200,
+      "headers": [
+        [
+          "x-amz-request-id",
+          "26589A5E52F8395C"
+        ],
+        [
+          "ETag",
+          "\"f9016ad360cebb4fe2e6e96e5949f022\""
+        ],
+        [
+          "date",
+          "Fri, 15 Sep 2017 14:53:07 GMT"
+        ],
+        [
+          "content-length",
+          "0"
+        ],
+        [
+          "x-amz-id-2",
+          "JdIvnNTw53aqXjBIqBLNuN4kxf/w1XWX+xuIiGBDYy7yzOSDuAMtBSrTW4ZWetcCIdqCUHuQ51A="
+        ],
+        [
+          "Server",
+          "AmazonS3"
+        ]
+      ],
+      "body": ""
+    }
+  }
+]

src/tests/krate.rs

@@ -22,7 +22,7 @@ use cargo_registry::models::krate::MAX_NAME_LENGTH;
 
 use builders::{CrateBuilder, DependencyBuilder, PublishBuilder, VersionBuilder};
 use models::{Category, Crate};
-use schema::{api_tokens, crates, metadata, versions};
+use schema::{api_tokens, crates, emails, metadata, versions};
 use views::{
     EncodableCategory, EncodableCrate, EncodableDependency, EncodableKeyword, EncodableVersion,
     EncodableVersionDownload,
@@ -1020,6 +1020,70 @@ fn new_krate_with_readme() {
     assert_eq!(json.krate.max_version, "1.0.0");
 }
 
+// This warning will soon become a hard error.
+// See https://github.com/rust-lang/crates-io-cargo-teams/issues/8
+#[test]
+fn new_krate_without_any_email_warns() {
+    let (_, _, _, token) = TestApp::with_proxy().with_token();
+
+    let crate_to_publish = PublishBuilder::new("foo_no_email");
+
+    let json = token.publish(crate_to_publish).good();
+    assert_eq!(json.warnings.other.len(), 1);
+    assert_eq!(json.warnings.other[0], "You do not currently have a verified email address \
+    associated with your crates.io account. Starting 2019-02-28, a verified email will be required \
+    to publish crates. Visit https://crates.io/me to set and verify your email address.");
+}
+
+// This warning will soon become a hard error.
+// See https://github.com/rust-lang/crates-io-cargo-teams/issues/8
+#[test]
+fn new_krate_with_unverified_email_warns() {
+    let (app, _, user, token) = TestApp::with_proxy().with_token();
+    let user = user.as_model();
+
+    app.db(|conn| {
+        insert_into(emails::table)
+            .values((
+                emails::user_id.eq(user.id),
+                emails::email.eq("something@example.com"),
+            )).execute(conn)
+            .unwrap();
+    });
+
+    let crate_to_publish = PublishBuilder::new("foo_unverified_email");
+
+    let json = token.publish(crate_to_publish).good();
+    assert_eq!(json.warnings.other.len(), 1);
+    assert_eq!(json.warnings.other[0], "You do not currently have a verified email address \
+    associated with your crates.io account. Starting 2019-02-28, a verified email will be required \
+    to publish crates. Visit https://crates.io/me to set and verify your email address.");
+}
+
+#[test]
+fn new_krate_with_verified_email_doesnt_warn() {
+    let (app, _, user, token) = TestApp::with_proxy().with_token();
+    let user = user.as_model();
+
+    // TODO: Move this to TestApp setup for user so we don't have to do this for every test
+    // that publishes a crate; then edit the test for the user without a verified email to
+    // remove the verified email
+    app.db(|conn| {
+        insert_into(emails::table)
+            .values((
+                emails::user_id.eq(user.id),
+                emails::email.eq("something@example.com"),
+                emails::verified.eq(true),
+            )).execute(conn)
+            .unwrap();
+    });
+
+    let crate_to_publish = PublishBuilder::new("foo_verified_email");
+
+    let json = token.publish(crate_to_publish).good();
+    assert_eq!(json.warnings.other.len(), 0);
+}
+
 #[test]
 fn summary_doesnt_die() {
     let (_, anon) = TestApp::init().empty();

src/views/mod.rs

@@ -221,6 +221,7 @@ pub struct GoodCrate {
 pub struct PublishWarnings {
     pub invalid_categories: Vec<String>,
     pub invalid_badges: Vec<String>,
+    pub other: Vec<String>,
 }
 
 // TODO: Prefix many of these with `Encodable` then clean up the reexports