Allow unauthenticated report form.

app/lib/frontend/handlers/report.dart

@@ -6,12 +6,11 @@ import 'dart:async';
 
 import 'package:_pub_shared/data/account_api.dart';
 import 'package:clock/clock.dart';
-import 'package:pub_dev/account/backend.dart';
-import 'package:pub_dev/frontend/email_sender.dart';
-import 'package:pub_dev/frontend/handlers/account.dart';
-import 'package:pub_dev/frontend/handlers/cache_control.dart';
 import 'package:shelf/shelf.dart' as shelf;
 
+import '../../account/backend.dart';
+import '../../frontend/email_sender.dart';
+import '../../frontend/handlers/cache_control.dart';
 import '../../shared/email.dart';
 import '../../shared/exceptions.dart';
 import '../../shared/handlers.dart';
@@ -24,11 +23,6 @@ Future<shelf.Response> reportPageHandler(shelf.Request request) async {
   if (!requestContext.experimentalFlags.isReportPageEnabled) {
     return notFoundHandler(request);
   }
-  // TODO: Final report page cannot require authentication!
-  final unauthenticatedRs = await checkAuthenticatedPageRequest(request);
-  if (unauthenticatedRs != null) {
-    return unauthenticatedRs;
-  }
 
   return htmlResponse(
     renderReportPage(
@@ -44,11 +38,22 @@ Future<String> processReportPageHandler(
   if (!requestContext.experimentalFlags.isReportPageEnabled) {
     throw NotFoundException('Experimental flag is not enabled.');
   }
-  final user = await requireAuthenticatedWebUser();
-
   final now = clock.now().toUtc();
   final id = '${now.toIso8601String().split('T').first}/${createUuid()}';
 
+  final isAuthenticated = requestContext.sessionData?.isAuthenticated ?? false;
+  final user = isAuthenticated ? await requireAuthenticatedWebUser() : null;
+  final userEmail = user?.email ?? form.email;
+
+  if (!isAuthenticated) {
+    InvalidInputException.check(
+      userEmail != null && isValidEmail(userEmail),
+      'Email is invalid or missing.',
+    );
+  } else {
+    InvalidInputException.checkNull(form.email, 'email');
+  }
+
   InvalidInputException.checkStringLength(
     form.description,
     'description',
@@ -63,7 +68,7 @@ Future<String> processReportPageHandler(
 
   await emailSender.sendMessage(createReportPageAdminEmail(
     id: id,
-    userEmail: user.email!,
+    userEmail: userEmail!,
     bodyText: bodyText,
   ));
 

app/lib/frontend/templates/report.dart

@@ -22,14 +22,23 @@ String renderReportPage({
         },
         children: [
           d.h1(text: 'Report a problem'),
+          if (!(sessionData?.isAuthenticated ?? false))
+            d.fragment([
+              d.p(text: 'Contact information:'),
+              material.textField(
+                id: 'email',
+                name: 'email',
+                label: 'Email',
+              ),
+            ]),
           d.p(text: 'Please describe the issue you want to report:'),
           material.textArea(
             id: 'description',
             name: 'description',
             label: 'Description',
             rows: 5,
             cols: 60,
-            maxLength: 8192,
+            maxLength: 4096,
           ),
           material.raisedButton(
             label: 'Submit',

app/test/frontend/handlers/report_test.dart

@@ -15,48 +15,74 @@ import '_utils.dart';
 
 void main() {
   group('Report handlers test', () {
-    testWithProfile('requires authentication', fn: () async {
+    testWithProfile('page does not require authentication', fn: () async {
       await expectHtmlResponse(
         await issueGet(
           '/report',
           headers: {'cookie': '$experimentalCookieName=report'},
         ),
-        status: 401,
-        present: ['Authentication required'],
-        absent: ['Please describe the issue you want to report:'],
+        present: [
+          'Please describe the issue you want to report:',
+          'Contact information',
+        ],
       );
     });
 
-    testWithProfile('OK', fn: () async {
+    testWithProfile('page works with signed-in session', fn: () async {
       final cookies = await acquireSessionCookies('user@pub.dev');
       await expectHtmlResponse(
         await issueGet(
           '/report',
           headers: {'cookie': '$experimentalCookieName=report; $cookies'},
         ),
         present: ['Please describe the issue you want to report:'],
-        absent: ['Authentication required'],
+        absent: ['Contact information'],
       );
     });
   });
 
   group('Report API test', () {
-    testWithProfile('authentication required', fn: () async {
+    testWithProfile('unauthenticated email missing', fn: () async {
       await withHttpPubApiClient(
         experimental: {'report'},
         fn: (client) async {
           await expectApiException(
             client.postReport(ReportForm(
               description: 'Problem.',
             )),
-            status: 401,
-            code: 'MissingAuthentication',
+            status: 400,
+            code: 'InvalidInput',
+            message: 'Email is invalid or missing.',
           );
           expect(fakeEmailSender.sentMessages, isEmpty);
         },
       );
     });
 
+    testWithProfile('authenticated email must be absent', fn: () async {
+      await withFakeAuthRequestContext('user@pub.dev', () async {
+        final sessionId = requestContext.sessionData?.sessionId;
+        final csrfToken = requestContext.csrfToken;
+        await withHttpPubApiClient(
+          experimental: {'report'},
+          sessionId: sessionId,
+          csrfToken: csrfToken,
+          fn: (client) async {
+            await expectApiException(
+              client.postReport(ReportForm(
+                email: 'any@pub.dev',
+                description: 'Problem.',
+              )),
+              status: 400,
+              code: 'InvalidInput',
+              message: '\"email\" must be `null`',
+            );
+            expect(fakeEmailSender.sentMessages, isEmpty);
+          },
+        );
+      });
+    });
+
     testWithProfile('too short description', fn: () async {
       await withFakeAuthRequestContext('user@pub.dev', () async {
         final sessionId = requestContext.sessionData?.sessionId;
@@ -80,7 +106,26 @@ void main() {
       });
     });
 
-    testWithProfile('OK', fn: () async {
+    testWithProfile('unauthenticated success', fn: () async {
+      await withHttpPubApiClient(
+        experimental: {'report'},
+        fn: (client) async {
+          final msg = await client.postReport(ReportForm(
+            email: 'user@pub.dev',
+            description: 'Huston, we have a problem.',
+          ));
+
+          expect(msg.message, 'Report submitted successfully.');
+          expect(fakeEmailSender.sentMessages, hasLength(1));
+          final email = fakeEmailSender.sentMessages.single;
+          expect(email.from.email, 'noreply@pub.dev');
+          expect(email.recipients.single.email, 'support@pub.dev');
+          expect(email.ccRecipients.single.email, 'user@pub.dev');
+        },
+      );
+    });
+
+    testWithProfile('authenticated success', fn: () async {
       await withFakeAuthRequestContext('user@pub.dev', () async {
         final sessionId = requestContext.sessionData?.sessionId;
         final csrfToken = requestContext.csrfToken;

pkg/_pub_shared/lib/data/account_api.dart

@@ -181,9 +181,11 @@ class InviteStatus {
 
 @JsonSerializable()
 class ReportForm {
+  final String? email;
   final String description;
 
   ReportForm({
+    this.email,
     required this.description,
   });