FEATURE: Require Javascript to activate an account via email link
This commit is contained in:
parent
c12780eb2b
commit
cce7cf8c85
|
@ -5,7 +5,7 @@ require_dependency 'avatar_upload_service'
|
|||
class UsersController < ApplicationController
|
||||
|
||||
skip_before_filter :authorize_mini_profiler, only: [:avatar]
|
||||
skip_before_filter :check_xhr, only: [:show, :password_reset, :update, :activate_account, :authorize_email, :user_preferences_redirect, :avatar, :my_redirect]
|
||||
skip_before_filter :check_xhr, only: [:show, :password_reset, :update, :activate_account, :perform_account_activation, :authorize_email, :user_preferences_redirect, :avatar, :my_redirect]
|
||||
|
||||
before_filter :ensure_logged_in, only: [:username, :update, :change_email, :user_preferences_redirect, :upload_user_image, :pick_avatar, :destroy_user_image, :destroy]
|
||||
before_filter :respond_to_suspicious_request, only: [:create]
|
||||
|
@ -273,6 +273,10 @@ class UsersController < ApplicationController
|
|||
|
||||
def activate_account
|
||||
expires_now()
|
||||
render layout: 'no_js'
|
||||
end
|
||||
|
||||
def perform_account_activation
|
||||
if @user = EmailToken.confirm(params[:token])
|
||||
|
||||
# Log in the user unless they need to be approved
|
||||
|
|
|
@ -1,19 +1,27 @@
|
|||
<div id='simple-container'>
|
||||
|
||||
<%if flash[:error]%>
|
||||
<div class='alert alert-error'>
|
||||
<%=flash[:error]%>
|
||||
</div>
|
||||
<%else%>
|
||||
<h2><%= t 'activation.welcome_to', site_name: SiteSetting.title %></h2>
|
||||
<p>
|
||||
<% if @needs_approval %>
|
||||
<%= t 'activation.approval_required' %>
|
||||
<% else %>
|
||||
<%= raw t('activation.please_continue', link: link_to(SiteSetting.title, '/')) %></a>.
|
||||
<br/>
|
||||
<button class='btn' id='activate-account-button'><%= t 'activation.action' %></button>
|
||||
|
||||
<%= form_tag(perform_activate_account_path, method: :put, id: 'activate-account-form') do %>
|
||||
<% end %>
|
||||
</p>
|
||||
|
||||
<%end%>
|
||||
|
||||
</div>
|
||||
|
||||
<script language="javascript">
|
||||
(function() {
|
||||
var t1 = new Date().getTime(),
|
||||
button = document.getElementById('activate-account-button'),
|
||||
form = document.getElementById('activate-account-form');
|
||||
|
||||
button.addEventListener('click', function() {
|
||||
var diff = new Date().getTime() - t1;
|
||||
|
||||
// Ensure the form has been visible for a few ms before allowing the
|
||||
// user to submit.
|
||||
if (diff > 50) {
|
||||
form.submit();
|
||||
}
|
||||
});
|
||||
})();
|
||||
</script>
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
<div id='simple-container'>
|
||||
|
||||
<%if flash[:error]%>
|
||||
<div class='alert alert-error'>
|
||||
<%=flash[:error]%>
|
||||
</div>
|
||||
<%else%>
|
||||
<h2><%= t 'activation.welcome_to', site_name: SiteSetting.title %></h2>
|
||||
<p>
|
||||
<% if @needs_approval %>
|
||||
<%= t 'activation.approval_required' %>
|
||||
<% else %>
|
||||
<br>
|
||||
<%= raw t('activation.please_continue', link: link_to(SiteSetting.title, '/')) %></a>.
|
||||
<% end %>
|
||||
</p>
|
||||
|
||||
<%end%>
|
||||
|
||||
</div>
|
|
@ -383,6 +383,7 @@ en:
|
|||
error: "There was an error changing your email address. Perhaps the address is already in use?"
|
||||
|
||||
activation:
|
||||
action: "Activate your account"
|
||||
already_done: "Sorry, this account confirmation link is no longer valid. Perhaps your account is already active?"
|
||||
please_continue: "Your new account is confirmed, and you are now logged in. Continue to %{link}"
|
||||
welcome_to: "Welcome to %{site_name}!"
|
||||
|
|
|
@ -188,6 +188,7 @@ Discourse::Application.routes.draw do
|
|||
get "users/password-reset/:token" => "users#password_reset"
|
||||
put "users/password-reset/:token" => "users#password_reset"
|
||||
get "users/activate-account/:token" => "users#activate_account"
|
||||
put "users/activate-account/:token" => "users#perform_account_activation", as: 'perform_activate_account'
|
||||
get "users/authorize-email/:token" => "users#authorize_email"
|
||||
get "users/hp" => "users#get_honeypot_value"
|
||||
get "my/*path", to: 'users#my_redirect'
|
||||
|
|
|
@ -65,7 +65,6 @@ describe UsersController do
|
|||
end
|
||||
|
||||
context 'valid token' do
|
||||
|
||||
it 'authorizes with a correct token' do
|
||||
user = Fabricate(:user)
|
||||
email_token = user.email_tokens.create(email: user.email)
|
||||
|
@ -82,7 +81,7 @@ describe UsersController do
|
|||
context 'invalid token' do
|
||||
before do
|
||||
EmailToken.expects(:confirm).with('asdfasdf').returns(nil)
|
||||
get :activate_account, token: 'asdfasdf'
|
||||
put :perform_account_activation, token: 'asdfasdf'
|
||||
end
|
||||
|
||||
it 'return success' do
|
||||
|
@ -105,13 +104,13 @@ describe UsersController do
|
|||
it 'enqueues a welcome message if the user object indicates so' do
|
||||
user.send_welcome_message = true
|
||||
user.expects(:enqueue_welcome_message).with('welcome_user')
|
||||
get :activate_account, token: 'asdfasdf'
|
||||
put :perform_account_activation, token: 'asdfasdf'
|
||||
end
|
||||
|
||||
it "doesn't enqueue the welcome message if the object returns false" do
|
||||
user.send_welcome_message = false
|
||||
user.expects(:enqueue_welcome_message).with('welcome_user').never
|
||||
get :activate_account, token: 'asdfasdf'
|
||||
put :perform_account_activation, token: 'asdfasdf'
|
||||
end
|
||||
|
||||
end
|
||||
|
@ -120,7 +119,7 @@ describe UsersController do
|
|||
before do
|
||||
Guardian.any_instance.expects(:can_access_forum?).returns(true)
|
||||
EmailToken.expects(:confirm).with('asdfasdf').returns(user)
|
||||
get :activate_account, token: 'asdfasdf'
|
||||
put :perform_account_activation, token: 'asdfasdf'
|
||||
end
|
||||
|
||||
it 'returns success' do
|
||||
|
@ -145,7 +144,7 @@ describe UsersController do
|
|||
before do
|
||||
Guardian.any_instance.expects(:can_access_forum?).returns(false)
|
||||
EmailToken.expects(:confirm).with('asdfasdf').returns(user)
|
||||
get :activate_account, token: 'asdfasdf'
|
||||
put :perform_account_activation, token: 'asdfasdf'
|
||||
end
|
||||
|
||||
it 'returns success' do
|
||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 5.4 KiB After Width: | Height: | Size: 5.4 KiB |
Binary file not shown.
Before Width: | Height: | Size: 2.7 KiB After Width: | Height: | Size: 2.6 KiB |
Loading…
Reference in New Issue