FIX: Clear authentication data from session after create account (#8040)
This commit is contained in:
parent
082f59842d
commit
73172f00d3
|
@ -4,7 +4,8 @@ class UserAuthenticator
|
|||
|
||||
def initialize(user, session, authenticator_finder = Users::OmniauthCallbacksController)
|
||||
@user = user
|
||||
@session = session[:authentication]
|
||||
@session = session
|
||||
@auth_session = session[:authentication]
|
||||
@authenticator_finder = authenticator_finder
|
||||
end
|
||||
|
||||
|
@ -15,7 +16,7 @@ class UserAuthenticator
|
|||
@user.password_required!
|
||||
end
|
||||
|
||||
@user.skip_email_validation = true if @session && @session[:skip_email_validation].present?
|
||||
@user.skip_email_validation = true if @auth_session && @auth_session[:skip_email_validation].present?
|
||||
end
|
||||
|
||||
def has_authenticator?
|
||||
|
@ -24,18 +25,18 @@ class UserAuthenticator
|
|||
|
||||
def finish
|
||||
if authenticator
|
||||
authenticator.after_create_account(@user, @session)
|
||||
authenticator.after_create_account(@user, @auth_session)
|
||||
confirm_email
|
||||
end
|
||||
@session = nil
|
||||
@session[:authentication] = @auth_session = nil if @auth_session
|
||||
end
|
||||
|
||||
def email_valid?
|
||||
@session && @session[:email_valid]
|
||||
@auth_session && @auth_session[:email_valid]
|
||||
end
|
||||
|
||||
def authenticated?
|
||||
@session && @session[:email]&.downcase == @user.email.downcase && @session[:email_valid].to_s == "true"
|
||||
@auth_session && @auth_session[:email]&.downcase == @user.email.downcase && @auth_session[:email_valid].to_s == "true"
|
||||
end
|
||||
|
||||
private
|
||||
|
@ -54,7 +55,7 @@ class UserAuthenticator
|
|||
end
|
||||
|
||||
def authenticator_name
|
||||
@session && @session[:authenticator_name]
|
||||
@auth_session && @auth_session[:authenticator_name]
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -57,5 +57,15 @@ describe UserAuthenticator do
|
|||
expect(user.email_confirmed?).to be_falsey
|
||||
expect(group.usernames).not_to include(user.username)
|
||||
end
|
||||
|
||||
it "clears the authentication info from the session" do
|
||||
user = Fabricate(:user, email: "user53@discourse.org")
|
||||
session = { authentication: github_auth(true) }
|
||||
|
||||
UserAuthenticator.new(user, session).finish
|
||||
expect(user.email_confirmed?).to be_truthy
|
||||
|
||||
expect(session[:authentication]).to eq(nil)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue