From 7d3be0f8f1aac809b932d5bd1c2536050e7c99f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9gis=20Hanol?= <regis@hanol.fr>
Date: Mon, 9 Nov 2015 17:37:33 +0100
Subject: [PATCH] forgot password on a staged account does nothing

---
 app/controllers/session_controller.rb       |  2 +-
 spec/controllers/session_controller_spec.rb | 19 ++++++++++++++++---
 spec/fabricators/user_fabricator.rb         |  4 ++++
 3 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index 60765e0cd8f..bcf9db0ee4b 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -192,7 +192,7 @@ class SessionController < ApplicationController
     RateLimiter.new(nil, "forgot-password-min-#{request.remote_ip}", 3, 1.minute).performed!
 
     user = User.find_by_username_or_email(params[:login])
-    user_presence = user.present? && user.id != Discourse::SYSTEM_USER_ID
+    user_presence = user.present? && user.id != Discourse::SYSTEM_USER_ID && !user.staged
     if user_presence
       email_token = user.email_tokens.create(email: user.email)
       Jobs.enqueue(:user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token)
diff --git a/spec/controllers/session_controller_spec.rb b/spec/controllers/session_controller_spec.rb
index 3f1af05533a..27d57483f97 100644
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@@ -638,15 +638,28 @@ describe SessionController do
     end
 
     context 'do nothing to system username' do
-      let(:user) { Discourse.system_user }
+      let(:system) { Discourse.system_user }
 
       it 'generates no token for system username' do
-        expect { xhr :post, :forgot_password, login: user.username}.not_to change(EmailToken, :count)
+        expect { xhr :post, :forgot_password, login: system.username}.not_to change(EmailToken, :count)
       end
 
       it 'enqueues no email' do
         Jobs.expects(:enqueue).never
-        xhr :post, :forgot_password, login: user.username
+        xhr :post, :forgot_password, login: system.username
+      end
+    end
+
+    context 'for a staged account' do
+      let!(:staged) { Fabricate(:staged) }
+
+      it 'generates no token for staged username' do
+        expect { xhr :post, :forgot_password, login: staged.username}.not_to change(EmailToken, :count)
+      end
+
+      it 'enqueues no email' do
+        Jobs.expects(:enqueue).never
+        xhr :post, :forgot_password, login: staged.username
       end
     end
   end
diff --git a/spec/fabricators/user_fabricator.rb b/spec/fabricators/user_fabricator.rb
index 13e0ce61c6c..5cad8011f9f 100644
--- a/spec/fabricators/user_fabricator.rb
+++ b/spec/fabricators/user_fabricator.rb
@@ -99,3 +99,7 @@ Fabricator(:anonymous, from: :user) do
     user.save!
   end
 end
+
+Fabricator(:staged, from: :user) do
+  staged true
+end