Prevent login until email is confirmed

2013-02-11 11:18:26 -05:00 · 2013-02-11 11:18:26 -05:00 · c18b85873f
parent f21609fe2e
commit c18b85873f
5 changed files with 104 additions and 52 deletions
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@ -22,9 +22,14 @@ class SessionController < ApplicationController

      # If their password is correct
      if @user.confirm_password?(params[:password])
+        if @user.email_confirmed?
          log_on_user(@user)
          render_serialized(@user, UserSerializer)
          return
+        else
+          render :json => {error: I18n.t("login.not_activated")}
+          return
+        end
      end
    end

--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -380,6 +380,10 @@ class User < ActiveRecord::Base
    end
  end

+  def email_confirmed?
+    email_tokens.where(email: self.email, confirmed: true).present?
+  end
+

  protected

--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -1039,6 +1039,7 @@ en:
    wait_approval: "Thanks for signing up. We will notify you when your account has been approved."
    active: "Your account is active and ready."
    activate_email: "You're almost done! We sent an activation email to <b>%{email}</b>. Please follow the instructions in the email to activate your account."
+    not_activated: "You can't log in yet. We sent an activation email to you. Please follow the instructions in the email to activate your account."
    errors: "Failed to create account: %{errors}"
    not_available: "Not available. Try %{suggestion}?"

--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@ -6,17 +6,21 @@ describe SessionController do

    let(:user) { Fabricate(:user) }

+    context 'when email is confirmed' do
+      before do
+        token = user.email_tokens.where(email: user.email).first
+        EmailToken.confirm(token.token)
+      end
+
      it "raises an error when the login isn't present" do
        lambda { xhr :post, :create }.should raise_error(Discourse::InvalidParameters)
      end

      describe 'invalid password' do
-
        it "should return an error with an invalid password" do
          xhr :post, :create, login: user.username, password: 'sssss'
          ::JSON.parse(response.body)['error'].should be_present
        end
-
      end

      describe 'success by username' do
@ -72,11 +76,23 @@ describe SessionController do
          it "doesn't log in the user" do
            session[:current_user_id].should be_blank
          end
-
+        end
+      end
    end

+    context 'when email has not been confirmed' do
+      before do
+        xhr :post, :create, login: user.email, password: 'myawesomepassword'
      end

+      it "doesn't log in the user" do
+        session[:current_user_id].should be_blank
+      end
+
+      it 'returns an error message' do
+        ::JSON.parse(response.body)['error'].should be_present
+      end
+    end
  end

  describe '.destroy' do
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -617,4 +617,30 @@ describe User do
    it { should_not be_active }
  end

+  describe 'email_confirmed?' do
+    let(:user) { Fabricate(:user) }
+
+    context 'when email has not been confirmed yet' do
+      it 'should return false' do
+        user.email_confirmed?.should be_false
+      end
+    end
+
+    context 'when email has been confirmed' do
+      it 'should return true' do
+        token = user.email_tokens.where(email: user.email).first
+        EmailToken.confirm(token.token)
+        user.email_confirmed?.should be_true
+      end
+    end
+
+    context 'when user has no email tokens for some reason' do
+      it 'should return false' do
+        user.email_tokens.each {|t| t.destroy}
+        user.reload
+        user.email_confirmed?.should be_false
+      end
+    end
+  end
+
 end