diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index 65b3e4452de..72341c97217 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -128,7 +128,10 @@ class Users::OmniauthCallbacksController < ApplicationController user.email_tokens.create!(email: user.email) end - user.activate + if !user.active || !user.email_confirmed? + user.update!(password: SecureRandom.hex) + user.activate + end user.update!(registration_ip_address: request.remote_ip) if user.registration_ip_address.blank? end diff --git a/spec/requests/omniauth_callbacks_controller_spec.rb b/spec/requests/omniauth_callbacks_controller_spec.rb index c5a093f82c7..ee6db8d784e 100644 --- a/spec/requests/omniauth_callbacks_controller_spec.rb +++ b/spec/requests/omniauth_callbacks_controller_spec.rb @@ -213,7 +213,7 @@ RSpec.describe Users::OmniauthCallbacksController do expect(user.email_confirmed?).to eq(true) end - it "should activate/unstage staged user" do + it "should unstage staged user" do user.update!(staged: true, registration_ip_address: nil) user.reload @@ -233,6 +233,22 @@ RSpec.describe Users::OmniauthCallbacksController do expect(user.registration_ip_address).to be_present end + it "should activate user with matching email" do + user.update!(password: "securepassword", active: false, registration_ip_address: "1.1.1.1") + + user.reload + expect(user.active).to eq(false) + expect(user.confirm_password?("securepassword")).to eq(true) + + get "/auth/google_oauth2/callback.json" + + user.reload + expect(user.active).to eq(true) + + # Delete the password, it may have been set by someone else + expect(user.confirm_password?("securepassword")).to eq(false) + end + context 'when user has second factor enabled' do before do user.create_totp(enabled: true)