Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Prevent login until email is confirmed

This commit is contained in:
Neil Lalonde 2013-02-11 11:18:26 -05:00
parent f21609fe2e
commit c18b85873f
5 changed files with 104 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/controllers/session_controller.rb
View File

@ -22,9 +22,14 @@ class SessionController < ApplicationController
# If their password is correct
if @user.confirm_password?(params[:password])
log_on_user(@user)
render_serialized(@user, UserSerializer)
return
if @user.email_confirmed?
log_on_user(@user)
render_serialized(@user, UserSerializer)
return
else
render :json => {error: I18n.t("login.not_activated")}
return
end
end
end

4
app/models/user.rb
View File

@ -380,6 +380,10 @@ class User < ActiveRecord::Base
end
end
def email_confirmed?
email_tokens.where(email: self.email, confirmed: true).present?
end
protected

1
config/locales/en.yml
View File

@ -1039,6 +1039,7 @@ en:
wait_approval: "Thanks for signing up. We will notify you when your account has been approved."
active: "Your account is active and ready."
activate_email: "You're almost done! We sent an activation email to <b>%{email}</b>. Please follow the instructions in the email to activate your account."
not_activated: "You can't log in yet. We sent an activation email to you. Please follow the instructions in the email to activate your account."
errors: "Failed to create account: %{errors}"
not_available: "Not available. Try %{suggestion}?"

114
spec/controllers/session_controller_spec.rb
View File

@ -6,77 +6,93 @@ describe SessionController do
let(:user) { Fabricate(:user) }
it "raises an error when the login isn't present" do
lambda { xhr :post, :create }.should raise_error(Discourse::InvalidParameters)
end
describe 'invalid password' do
it "should return an error with an invalid password" do
xhr :post, :create, login: user.username, password: 'sssss'
::JSON.parse(response.body)['error'].should be_present
end
end
describe 'success by username' do
context 'when email is confirmed' do
before do
xhr :post, :create, login: user.username, password: 'myawesomepassword'
user.reload
token = user.email_tokens.where(email: user.email).first
EmailToken.confirm(token.token)
end
it 'sets a session id' do
session[:current_user_id].should == user.id
it "raises an error when the login isn't present" do
lambda { xhr :post, :create }.should raise_error(Discourse::InvalidParameters)
end
it 'gives the user an auth token' do
user.auth_token.should be_present
describe 'invalid password' do
it "should return an error with an invalid password" do
xhr :post, :create, login: user.username, password: 'sssss'
::JSON.parse(response.body)['error'].should be_present
end
end
it 'sets a cookie with the auth token' do
cookies[:_t].should == user.auth_token
end
end
describe 'success by username' do
before do
xhr :post, :create, login: user.username, password: 'myawesomepassword'
user.reload
end
describe 'strips leading @ symbol' do
before do
xhr :post, :create, login: "@" + user.username, password: 'myawesomepassword'
user.reload
it 'sets a session id' do
session[:current_user_id].should == user.id
end
it 'gives the user an auth token' do
user.auth_token.should be_present
end
it 'sets a cookie with the auth token' do
cookies[:_t].should == user.auth_token
end
end
it 'sets a session id' do
session[:current_user_id].should == user.id
end
end
describe 'strips leading @ symbol' do
before do
xhr :post, :create, login: "@" + user.username, password: 'myawesomepassword'
user.reload
end
describe 'also allow login by email' do
before do
xhr :post, :create, login: user.email, password: 'myawesomepassword'
it 'sets a session id' do
session[:current_user_id].should == user.id
end
end
it 'sets a session id' do
session[:current_user_id].should == user.id
end
end
describe "when the site requires approval of users" do
before do
SiteSetting.expects(:must_approve_users?).returns(true)
end
context 'with an unapproved user' do
describe 'also allow login by email' do
before do
xhr :post, :create, login: user.email, password: 'myawesomepassword'
end
it "doesn't log in the user" do
session[:current_user_id].should be_blank
it 'sets a session id' do
session[:current_user_id].should == user.id
end
end
describe "when the site requires approval of users" do
before do
SiteSetting.expects(:must_approve_users?).returns(true)
end
context 'with an unapproved user' do
before do
xhr :post, :create, login: user.email, password: 'myawesomepassword'
end
it "doesn't log in the user" do
session[:current_user_id].should be_blank
end
end
end
end
context 'when email has not been confirmed' do
before do
xhr :post, :create, login: user.email, password: 'myawesomepassword'
end
it "doesn't log in the user" do
session[:current_user_id].should be_blank
end
it 'returns an error message' do
::JSON.parse(response.body)['error'].should be_present
end
end
end
describe '.destroy' do

26
spec/models/user_spec.rb
View File

@ -617,4 +617,30 @@ describe User do
it { should_not be_active }
end
describe 'email_confirmed?' do
let(:user) { Fabricate(:user) }
context 'when email has not been confirmed yet' do
it 'should return false' do
user.email_confirmed?.should be_false
end
end
context 'when email has been confirmed' do
it 'should return true' do
token = user.email_tokens.where(email: user.email).first
EmailToken.confirm(token.token)
user.email_confirmed?.should be_true
end
end
context 'when user has no email tokens for some reason' do
it 'should return false' do
user.email_tokens.each {|t| t.destroy}
user.reload
user.email_confirmed?.should be_false
end
end
end
end