Add "add email" button to admin user profile

Vlad0n20 · Vlad0n20 · commit b44a442b3ac9 · 2026-01-06T15:49:03.000+02:00
diff --git a/admin/templates/users/add_email.html b/admin/templates/users/add_email.html
@@ -0,0 +1,27 @@
+{% if perms.osf.change_osfuser %}
+    <a data-toggle="modal" data-target="#addEmailModal" class="btn btn-default">Add email</a>
+    <div class="modal" id="addEmailModal">
+        <div class="modal-dialog">
+            <div class="modal-content">
+                <form class="well" method="post" action="{% url 'users:add-email' guid=user.guid %}">
+                    <div class="modal-header">
+                        <button type="button" class="close" data-dismiss="modal">x</button>
+                        <h3>Add email to user</h3>
+                    </div>
+                    <div class="modal-body">
+                        <h4>User: {{ user.guid }}</h4>
+                        {% csrf_token %}
+                        <label for="id_new_email">Email address</label>
+                        <input type="email" name="new_email" id="id_new_email" class="form-control" required />
+                    </div>
+                    <div class="modal-footer">
+                        <input class="btn btn-primary" type="submit" value="Add and send confirmation" />
+                        <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+{% endif %}
+
+
diff --git a/admin/templates/users/user.html b/admin/templates/users/user.html
@@ -20,6 +20,7 @@
             <div class="btn-group" role="group">
                 <a href="{% url 'users:search' %}" class="btn btn-default"><i class="fa fa-search"></i></a>
                 {% include "users/reset_password.html" with user=user %}
+                {% include "users/add_email.html" with user=user %}
                 {%  if perms.osf.change_osfuser %}
                     <a href="{% url 'users:get-reset-password' guid=user.guid %}" data-toggle="modal" data-target="#getResetModal" class="btn btn-default">Get password reset link</a>
                     {% if user.confirmed %}
diff --git a/admin/users/forms.py b/admin/users/forms.py
@@ -19,3 +19,11 @@ class UserSearchForm(forms.Form):
 
 class MergeUserForm(forms.Form):
     user_guid_to_be_merged = forms.CharField(label='user_guid_to_be_merged', min_length=5, max_length=5, required=True)  # TODO: Move max to 6 when needed
+
+
+class AddSystemTagForm(forms.Form):
+    system_tag_to_add = forms.CharField(label='system_tag_to_add', min_length=1, max_length=1024, required=True)
+
+
+class AddEmailForm(forms.Form):
+    new_email = forms.EmailField(label='new_email', required=True)
diff --git a/admin/users/urls.py b/admin/users/urls.py
@@ -26,6 +26,7 @@
     re_path(r'^(?P<guid>[a-z0-9]+)/get_reset_password/$', views.GetPasswordResetLink.as_view(), name='get-reset-password'),
     re_path(r'^(?P<guid>[a-z0-9]+)/reindex_elastic_user/$', views.UserReindexElastic.as_view(),
         name='reindex-elastic-user'),
+    re_path(r'^(?P<guid>[a-z0-9]+)/add_email/$', views.UserAddEmail.as_view(), name='add-email'),
     re_path(r'^(?P<guid>[a-z0-9]+)/reindex_share_user/$', views.UserShareReindex.as_view(),
         name='reindex-share-user'),
     re_path(r'^(?P<guid>[a-z0-9]+)/merge_accounts/$', views.UserMergeAccounts.as_view(), name='merge-accounts'),
diff --git a/admin/users/views.py b/admin/users/views.py
@@ -43,7 +43,8 @@
 from admin.users.forms import (
     EmailResetForm,
     UserSearchForm,
-    MergeUserForm
+    MergeUserForm,
+    AddEmailForm
 )
 from admin.nodes.views import NodeAddSystemTag, NodeRemoveSystemTag
 from admin.base.views import GuidView
@@ -396,6 +397,35 @@ class UserRemoveSystemTag(UserMixin, NodeRemoveSystemTag):
     permission_required = 'osf.change_osfuser'
 
 
+class UserAddEmail(UserMixin, FormView):
+    """Allows authorized users to add an email to a user's account and trigger confirmation."""
+    permission_required = 'osf.change_osfuser'
+    raise_exception = True
+    form_class = AddEmailForm
+
+    def form_valid(self, form):
+        from osf.exceptions import BlockedEmailError
+        from django.core.exceptions import ValidationError as DjangoValidationError
+        from framework.auth.views import send_confirm_email_async
+        from django.utils import timezone
+
+        user = self.get_object()
+        address = form.cleaned_data['new_email'].strip().lower()
+        try:
+            user.add_unconfirmed_email(address)
+
+            send_confirm_email_async(user, email=address)
+            user.email_last_sent = timezone.now()
+            user.save()
+            messages.success(self.request, f'Added unconfirmed email {address} and sent confirmation email.')
+        except (DjangoValidationError, ValueError) as e:
+            messages.error(self.request, f'Invalid email: {getattr(e, "message", str(e))}')
+        except BlockedEmailError:
+            messages.error(self.request, 'This email address domain is blocked.')
+
+        return super().form_valid(form)
+
+
 class UserMergeAccounts(UserMixin, FormView):
     """ Allows authorized users to merge a user's accounts using their guid.
     """
