mirror of
https://github.com/discourse/discourse.git
synced 2024-11-23 09:26:54 -06:00
FIX: Store user's id instead for sending activation email.
* Email and username are both allowed to be used for logging in. Therefore, it is easier to just store the user's id rather than to store the username and email in the session.
This commit is contained in:
parent
7ebfa3c901
commit
9364d8ce71
@ -278,7 +278,7 @@ class SessionController < ApplicationController
|
||||
end
|
||||
|
||||
def not_activated(user)
|
||||
session[ACTIVATE_USER_KEY] = user.username
|
||||
session[ACTIVATE_USER_KEY] = user.id
|
||||
render json: {
|
||||
error: I18n.t("login.not_activated"),
|
||||
reason: 'not_activated',
|
||||
|
@ -567,21 +567,21 @@ class UsersController < ApplicationController
|
||||
RateLimiter.new(nil, "activate-min-#{request.remote_ip}", 6, 1.minute).performed!
|
||||
end
|
||||
|
||||
if (current_user && !current_user.staff?) ||
|
||||
(params[:username] != session[SessionController::ACTIVATE_USER_KEY])
|
||||
|
||||
raise Discourse::InvalidAccess
|
||||
end
|
||||
|
||||
@user = User.find_by_username_or_email(params[:username].to_s)
|
||||
|
||||
raise Discourse::NotFound unless @user
|
||||
|
||||
if (current_user && !current_user.staff?) ||
|
||||
@user.id != session[SessionController::ACTIVATE_USER_KEY]
|
||||
|
||||
raise Discourse::InvalidAccess
|
||||
end
|
||||
|
||||
session.delete(SessionController::ACTIVATE_USER_KEY)
|
||||
|
||||
if @user.active
|
||||
render_json_error(I18n.t('activation.activated'), status: 409)
|
||||
elsif @user
|
||||
else @user
|
||||
@email_token = @user.email_tokens.unconfirmed.active.first
|
||||
enqueue_activation_email
|
||||
render nothing: true
|
||||
|
@ -1406,7 +1406,7 @@ describe UsersController do
|
||||
context 'for an activated account' do
|
||||
it 'fails' do
|
||||
active_user = Fabricate(:user, active: true)
|
||||
session[SessionController::ACTIVATE_USER_KEY] = active_user.username
|
||||
session[SessionController::ACTIVATE_USER_KEY] = active_user.id
|
||||
xhr :post, :send_activation_email, username: active_user.username
|
||||
|
||||
expect(response.status).to eq(409)
|
||||
@ -1419,9 +1419,18 @@ describe UsersController do
|
||||
end
|
||||
end
|
||||
|
||||
describe 'when user does not have a valid session' do
|
||||
it 'should not be valid' do
|
||||
user = Fabricate(:user)
|
||||
xhr :post, :send_activation_email, username: user.username
|
||||
|
||||
expect(response.status).to eq(403)
|
||||
end
|
||||
end
|
||||
|
||||
context 'with a valid email_token' do
|
||||
it 'should send the activation email' do
|
||||
session["activate_user"] = user.username
|
||||
session[SessionController::ACTIVATE_USER_KEY] = user.id
|
||||
Jobs.expects(:enqueue).with(:critical_user_email, has_entries(type: :signup))
|
||||
xhr :post, :send_activation_email, username: user.username
|
||||
|
||||
@ -1437,13 +1446,13 @@ describe UsersController do
|
||||
|
||||
it 'should generate a new token' do
|
||||
expect {
|
||||
session["activate_user"] = user.username
|
||||
session[SessionController::ACTIVATE_USER_KEY] = user.id
|
||||
xhr :post, :send_activation_email, username: user.username
|
||||
}.to change{ user.email_tokens(true).count }.by(1)
|
||||
end
|
||||
|
||||
it 'should send an email' do
|
||||
session["activate_user"] = user.username
|
||||
session[SessionController::ACTIVATE_USER_KEY] = user.id
|
||||
Jobs.expects(:enqueue).with(:critical_user_email, has_entries(type: :signup))
|
||||
xhr :post, :send_activation_email, username: user.username
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user