mirror of
https://github.com/discourse/discourse.git
synced 2025-03-26 16:36:41 +08:00
FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup
This commit is contained in:
Neil Lalonde
parent
cc4a102b26
commit
e47f5cedd2
@ -372,6 +372,19 @@ class UsersController < ApplicationController
|
|||||||
message: activation.message,
|
message: activation.message,
|
||||||
user_id: user.id
|
user_id: user.id
|
||||||
}
|
}
|
||||||
|
elsif SiteSetting.forgot_password_strict && user.errors[:primary_email]&.include?(I18n.t('errors.messages.taken'))
|
||||||
|
session["user_created_message"] = activation.success_message
|
||||||
|
|
||||||
|
if existing_user = User.find_by_email(user.primary_email&.email)
|
||||||
|
Jobs.enqueue(:critical_user_email, type: :account_exists, user_id: existing_user.id)
|
||||||
|
end
|
||||||
|
|
||||||
|
render json: {
|
||||||
|
success: true,
|
||||||
|
active: user.active?,
|
||||||
|
message: activation.success_message,
|
||||||
|
user_id: user.id
|
||||||
|
}
|
||||||
else
|
else
|
||||||
errors = user.errors.to_hash
|
errors = user.errors.to_hash
|
||||||
errors[:email] = errors.delete(:primary_email) if errors[:primary_email]
|
errors[:email] = errors.delete(:primary_email) if errors[:primary_email]
|
||||||
|
|||||||
@ -83,6 +83,15 @@ class UserNotifications < ActionMailer::Base
|
|||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def account_exists(user, opts = {})
|
||||||
|
build_email(
|
||||||
|
user.email,
|
||||||
|
template: 'user_notifications.account_exists',
|
||||||
|
locale: user_locale(user),
|
||||||
|
email: user.email
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
def short_date(dt)
|
def short_date(dt)
|
||||||
if dt.year == Time.now.year
|
if dt.year == Time.now.year
|
||||||
I18n.l(dt, format: :short_no_year)
|
I18n.l(dt, format: :short_no_year)
|
||||||
|
|||||||
@ -16,6 +16,10 @@ class UserActivator
|
|||||||
@message = activator.activate
|
@message = activator.activate
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def success_message
|
||||||
|
activator.success_message
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def activator
|
def activator
|
||||||
@ -38,6 +42,10 @@ end
|
|||||||
|
|
||||||
class ApprovalActivator < UserActivator
|
class ApprovalActivator < UserActivator
|
||||||
def activate
|
def activate
|
||||||
|
success_message
|
||||||
|
end
|
||||||
|
|
||||||
|
def success_message
|
||||||
I18n.t("login.wait_approval")
|
I18n.t("login.wait_approval")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@ -52,6 +60,11 @@ class EmailActivator < UserActivator
|
|||||||
user_id: user.id,
|
user_id: user.id,
|
||||||
email_token: email_token.token
|
email_token: email_token.token
|
||||||
)
|
)
|
||||||
|
|
||||||
|
success_message
|
||||||
|
end
|
||||||
|
|
||||||
|
def success_message
|
||||||
I18n.t("login.activate_email", email: Rack::Utils.escape_html(user.email))
|
I18n.t("login.activate_email", email: Rack::Utils.escape_html(user.email))
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@ -62,6 +75,10 @@ class LoginActivator < UserActivator
|
|||||||
def activate
|
def activate
|
||||||
log_on_user(user)
|
log_on_user(user)
|
||||||
user.enqueue_welcome_message('welcome_user')
|
user.enqueue_welcome_message('welcome_user')
|
||||||
|
success_message
|
||||||
|
end
|
||||||
|
|
||||||
|
def success_message
|
||||||
I18n.t("login.active")
|
I18n.t("login.active")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@ -2656,6 +2656,19 @@ en:
|
|||||||
|
|
||||||
%{message}
|
%{message}
|
||||||
|
|
||||||
|
account_exists:
|
||||||
|
title: "Account already exists"
|
||||||
|
subject_template: "[%{email_prefix}] Account already exists"
|
||||||
|
text_body_template: |
|
||||||
|
You just tried to create an account at %{site_name}. However, an account already exists for %{email}.
|
||||||
|
|
||||||
|
If you forgot your password, [reset it now](%{base_url}/password-reset).
|
||||||
|
|
||||||
|
If you didn’t try to create an account for %{email}, don’t worry – you can safely ignore this message.
|
||||||
|
|
||||||
|
If you have any questions, [contact our friendly staff](%{base_url}/about).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
digest:
|
digest:
|
||||||
why: "A brief summary of %{site_link} since your last visit on %{last_seen_at}"
|
why: "A brief summary of %{site_link} since your last visit on %{last_seen_at}"
|
||||||
|
|||||||
@ -621,6 +621,28 @@ describe UsersController do
|
|||||||
expect(session[SessionController::ACTIVATE_USER_KEY]).to be_present
|
expect(session[SessionController::ACTIVATE_USER_KEY]).to be_present
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'users already exists with given email' do
|
||||||
|
let!(:existing) { Fabricate(:user, email: post_user_params[:email]) }
|
||||||
|
|
||||||
|
it 'returns an error if forgot_password_strict is disabled' do
|
||||||
|
SiteSetting.forgot_password_strict = false
|
||||||
|
post_user
|
||||||
|
json = JSON.parse(response.body)
|
||||||
|
expect(json['success']).to eq(false)
|
||||||
|
expect(json['message']).to be_present
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns success if forgot_password_strict is enabled' do
|
||||||
|
SiteSetting.forgot_password_strict = true
|
||||||
|
expect {
|
||||||
|
post_user
|
||||||
|
}.to_not change { User.count }
|
||||||
|
json = JSON.parse(response.body)
|
||||||
|
expect(json['active']).to be_falsey
|
||||||
|
expect(session["user_created_message"]).to be_present
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context "creating as active" do
|
context "creating as active" do
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user