fix(auth, settings): Use redis to store unconfirmed secondary email

Because:

* We don't want to hold on to unconfirmed secondary emails
* Let's use Redis to store the temporary entry and only add to db once verified

This commit:

* Update emails route handlers to use Redis
* Add new error type
* Update front end to handle the flow changes
* Update tests

Closes #FXA-12548

Author: vpomerleau

packages/functional-tests/tests/settings/changeEmail.spec.ts

@@ -216,21 +216,6 @@ test.describe('severity-1 #smoke', () => {
       await settings.secondaryEmail.deleteButton.click();
 
       await expect(settings.alertBar).toHaveText(/successfully deleted/);
-
-      await settings.secondaryEmail.addButton.click();
-      await secondaryEmail.emailTextbox.fill(newEmail);
-      await secondaryEmail.submit();
-
-      // skip verification
-      await settings.goto();
-
-      await expect(settings.secondaryEmail.unverifiedText).toHaveText(
-        'unconfirmed'
-      );
-
-      await settings.secondaryEmail.deleteButton.click();
-
-      await expect(settings.alertBar).toHaveText(/successfully deleted/);
     });
   });
 });
@@ -274,7 +259,7 @@ async function setNewPassword(
   oldPassword: string,
   newPassword: string,
   target: BaseTarget,
-  email: string,
+  email: string
 ): Promise<void> {
   await settings.password.changeButton.click();
 

packages/fxa-auth-server/config/index.ts

@@ -504,8 +504,7 @@ const convictConf = convict({
     subscriptionSupportUrl: {
       doc: 'url to Mozilla subscription support page',
       format: String,
-      default:
-        'https://support.mozilla.org/products',
+      default: 'https://support.mozilla.org/products',
     },
     redirectDomain: {
       doc: 'Domain that mail urls are allowed to redirect to',
@@ -1749,6 +1748,12 @@ const convictConf = convict({
       format: 'duration',
       env: 'SECONDARY_EMAIL_MIN_UNVERIFIED_ACCOUNT_TIME',
     },
+    pendingTtlSeconds: {
+      doc: 'TTL in seconds for pending secondary email reservations (Redis)',
+      format: 'nat',
+      default: 3600,
+      env: 'SECONDARY_EMAIL_PENDING_TTL_SECONDS',
+    },
   },
   signinCodeSize: {
     doc: 'signinCode size in bytes',

packages/fxa-auth-server/lib/error.js

@@ -583,8 +583,7 @@ AppError.recoveryCodesAlreadyExist = () => {
     code: 400,
     error: 'Bad Request',
     errno: ERRNO.RECOVERY_CODES_ALREADY_EXISTS,
-    message:
-      'Recovery codes or a verified TOTP token already exist',
+    message: 'Recovery codes or a verified TOTP token already exist',
   });
 };
 
@@ -810,6 +809,15 @@ AppError.emailExists = () => {
   });
 };
 
+AppError.emailInUseByAnotherAccount = () => {
+  return new AppError({
+    code: 400,
+    error: 'Bad Request',
+    errno: ERRNO.EMAIL_IN_USE_BY_ANOTHER_ACCOUNT,
+    message: 'This email is already in use by another account.',
+  });
+};
+
 AppError.cannotDeletePrimaryEmail = () => {
   return new AppError({
     code: 400,