FIX: Clear authentication data from session after create account (#8040)

This commit is contained in:
David Taylor 2019-09-12 12:11:12 +01:00 committed by GitHub
parent 082f59842d
commit 73172f00d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 7 deletions

View File

@ -4,7 +4,8 @@ class UserAuthenticator
def initialize(user, session, authenticator_finder = Users::OmniauthCallbacksController)
@user = user
@session = session[:authentication]
@session = session
@auth_session = session[:authentication]
@authenticator_finder = authenticator_finder
end
@ -15,7 +16,7 @@ class UserAuthenticator
@user.password_required!
end
@user.skip_email_validation = true if @session && @session[:skip_email_validation].present?
@user.skip_email_validation = true if @auth_session && @auth_session[:skip_email_validation].present?
end
def has_authenticator?
@ -24,18 +25,18 @@ class UserAuthenticator
def finish
if authenticator
authenticator.after_create_account(@user, @session)
authenticator.after_create_account(@user, @auth_session)
confirm_email
end
@session = nil
@session[:authentication] = @auth_session = nil if @auth_session
end
def email_valid?
@session && @session[:email_valid]
@auth_session && @auth_session[:email_valid]
end
def authenticated?
@session && @session[:email]&.downcase == @user.email.downcase && @session[:email_valid].to_s == "true"
@auth_session && @auth_session[:email]&.downcase == @user.email.downcase && @auth_session[:email_valid].to_s == "true"
end
private
@ -54,7 +55,7 @@ class UserAuthenticator
end
def authenticator_name
@session && @session[:authenticator_name]
@auth_session && @auth_session[:authenticator_name]
end
end

View File

@ -57,5 +57,15 @@ describe UserAuthenticator do
expect(user.email_confirmed?).to be_falsey
expect(group.usernames).not_to include(user.username)
end
it "clears the authentication info from the session" do
user = Fabricate(:user, email: "user53@discourse.org")
session = { authentication: github_auth(true) }
UserAuthenticator.new(user, session).finish
expect(user.email_confirmed?).to be_truthy
expect(session[:authentication]).to eq(nil)
end
end
end