mirror of
https://github.com/discourse/discourse.git
synced 2024-11-27 05:23:37 +08:00
SECURITY: Unapproved, active users should not receive emails
This commit is contained in:
parent
a74291c91a
commit
84f0e5ad4d
|
@ -74,7 +74,10 @@ class UserEmailObserver < ActiveRecord::Observer
|
|||
end
|
||||
|
||||
def perform_enqueue(type, delay)
|
||||
return unless notification.user.active? || notification.user.staged?
|
||||
user = notification.user
|
||||
return unless user.active? || user.staged?
|
||||
return if SiteSetting.must_approve_users? && !user.approved?
|
||||
|
||||
return unless EMAILABLE_POST_TYPES.include?(post_type)
|
||||
|
||||
Jobs.enqueue_in(delay, :user_email, self.class.notification_params(notification, type))
|
||||
|
|
|
@ -19,7 +19,6 @@ describe UserEmailObserver do
|
|||
end
|
||||
|
||||
context "inactive user" do
|
||||
|
||||
before { notification.user.active = false }
|
||||
|
||||
it "doesn't enqueue a job" do
|
||||
|
@ -32,7 +31,19 @@ describe UserEmailObserver do
|
|||
Jobs.expects(:enqueue_in).with(delay, :user_email, UserEmailObserver::EmailUser.notification_params(notification,type))
|
||||
UserEmailObserver.process_notification(notification)
|
||||
end
|
||||
end
|
||||
|
||||
context "active but unapproved user" do
|
||||
before do
|
||||
SiteSetting.must_approve_users = true
|
||||
notification.user.approved = false
|
||||
notification.user.active = true
|
||||
end
|
||||
|
||||
it "doesn't enqueue a job" do
|
||||
Jobs.expects(:enqueue_in).with(delay, :user_email, has_entry(type: type)).never
|
||||
UserEmailObserver.process_notification(notification)
|
||||
end
|
||||
end
|
||||
|
||||
context "small action" do
|
||||
|
|
Loading…
Reference in New Issue
Block a user