github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-07 01:36:15 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: always confirm emails when SSO says so

Browse Source
This commit is contained in:
Régis Hanol 2017-06-08 01:05:33 +02:00
parent e8f0771dc9
commit 038454bde2
3 changed files with 27 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/users/omniauth_callbacks_controller.rb
View File

@ -115,6 +115,8 @@ class Users::OmniauthCallbacksController < ApplicationController
# automatically activate/unstage any account if a provider marked the email valid # automatically activate/unstage any account if a provider marked the email valid
if @auth_result.email_valid && @auth_result.email == user.email if @auth_result.email_valid && @auth_result.email == user.email
user.update!(staged: false) user.update!(staged: false)
# ensure there is an active email token
user.email_tokens.create(email: user.email) unless user.email_tokens.active.exists?
user.activate user.activate
end end

3
app/models/user.rb
View File

@ -689,8 +689,7 @@ class User < ActiveRecord::Base
end end
def activate def activate
email_token = self.email_tokens.active.first if email_token = self.email_tokens.active.first
if email_token
EmailToken.confirm(email_token.token) EmailToken.confirm(email_token.token)
else else
self.active = true self.active = true

27
spec/integration/omniauth_callbacks_spec.rb
View File

@ -49,13 +49,13 @@ RSpec.describe "OmniAuth Callbacks" do
end end
it 'should return the right response' do it 'should return the right response' do
expect(user.email_confirmed?).to eq(false)
events = DiscourseEvent.track_events do events = DiscourseEvent.track_events do
get "/auth/google_oauth2/callback.json" get "/auth/google_oauth2/callback.json"
end end
expect(events.map { |event| event[:event_name] }).to include( expect(events.map { |event| event[:event_name] }).to include(:user_logged_in, :user_first_logged_in)
:user_logged_in, :user_first_logged_in
)
expect(response).to be_success expect(response).to be_success
@ -66,6 +66,27 @@ RSpec.describe "OmniAuth Callbacks" do
expect(response_body["awaiting_approval"]).to eq(false) expect(response_body["awaiting_approval"]).to eq(false)
expect(response_body["not_allowed_from_ip_address"]).to eq(false) expect(response_body["not_allowed_from_ip_address"]).to eq(false)
expect(response_body["admin_not_allowed_from_ip_address"]).to eq(false) expect(response_body["admin_not_allowed_from_ip_address"]).to eq(false)
user.reload
expect(user.email_confirmed?).to eq(true)
end
it "should confirm email even when the tokens are expired" do
user.email_tokens.update_all(confirmed: false, expired: true)
user.reload
expect(user.email_confirmed?).to eq(false)
events = DiscourseEvent.track_events do
get "/auth/google_oauth2/callback.json"
end
expect(events.map { |event| event[:event_name] }).to include(:user_logged_in, :user_first_logged_in)
expect(response).to be_success
user.reload
expect(user.email_confirmed?).to eq(true)
end end
context 'when user has not verified his email' do context 'when user has not verified his email' do