From 9878bc62b34a2139b206ffc8b44cf5743ebae8c1 Mon Sep 17 00:00:00 2001 From: David Taylor Date: Wed, 28 Aug 2019 12:46:36 +0100 Subject: [PATCH] Revert "Merge pull request from GHSA-7cmh-wm9h-j63f" This reverts commit 8e5a8d1d54e7ca8348cf50a0f1a37a17a6148e4b. The change will be re-applied with improvements. --- .../users/omniauth_callbacks_controller.rb | 5 +---- .../omniauth_callbacks_controller_spec.rb | 18 +----------------- 2 files changed, 2 insertions(+), 21 deletions(-) diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index 9cfaa46df70..cac09b34214 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -134,10 +134,7 @@ class Users::OmniauthCallbacksController < ApplicationController user.email_tokens.create!(email: user.email) end - if !user.active || !user.email_confirmed? - user.password = SecureRandom.hex - user.activate - end + user.activate user.update!(registration_ip_address: request.remote_ip) if user.registration_ip_address.blank? end diff --git a/spec/requests/omniauth_callbacks_controller_spec.rb b/spec/requests/omniauth_callbacks_controller_spec.rb index f8e2ac8679a..25d92388257 100644 --- a/spec/requests/omniauth_callbacks_controller_spec.rb +++ b/spec/requests/omniauth_callbacks_controller_spec.rb @@ -286,7 +286,7 @@ RSpec.describe Users::OmniauthCallbacksController do expect(user.email_confirmed?).to eq(true) end - it "should unstage staged user" do + it "should activate/unstage staged user" do user.update!(staged: true, registration_ip_address: nil) user.reload @@ -306,22 +306,6 @@ RSpec.describe Users::OmniauthCallbacksController do expect(user.registration_ip_address).to be_present end - it "should activate user with matching email" do - user.update!(password: "securepassword", active: false) - - user.reload - expect(user.active).to eq(false) - expect(user.confirm_password?("securepassword")).to eq(true) - - get "/auth/google_oauth2/callback.json" - - user.reload - expect(user.active).to eq(true) - - # Delete the password, it may have been set by someone else - expect(user.confirm_password?("securepassword")).to eq(false) - end - context 'when user has second factor enabled' do before do user.create_totp(enabled: true)