FIX: Make sure login required skipped for confirm new email routes (#11748)
As per @davidtaylorhq 's comment at 6e2be3e#r46069906, this fixes an oversight where if login_required is enabled and an anon user follows a confirm new email link they are forced to login, which is not what the intent of #10830 was.
This commit is contained in:
parent
cdaa506397
commit
8d3f803b3f
|
@ -13,7 +13,9 @@ class UsersEmailController < ApplicationController
|
|||
|
||||
skip_before_action :redirect_to_login_if_required, only: [
|
||||
:confirm_old_email,
|
||||
:show_confirm_old_email
|
||||
:show_confirm_old_email,
|
||||
:confirm_new_email,
|
||||
:show_confirm_new_email
|
||||
]
|
||||
|
||||
before_action :require_login, only: [
|
||||
|
|
|
@ -15,6 +15,13 @@ describe UsersEmailController do
|
|||
expect(response.status).to eq(200)
|
||||
end
|
||||
|
||||
it 'does not redirect to login for signed out accounts on login_required sites, this route works fine as anon user' do
|
||||
SiteSetting.login_required = true
|
||||
get "/u/confirm-new-email/asdfasdf"
|
||||
|
||||
expect(response.status).to eq(200)
|
||||
end
|
||||
|
||||
it 'errors out for invalid tokens' do
|
||||
sign_in(user)
|
||||
|
||||
|
|
Loading…
Reference in New Issue