FEATURE: Require Javascript to activate an account via email link

This commit is contained in:
Robin Ward 2014-07-14 12:25:42 -04:00
parent c12780eb2b
commit cce7cf8c85
8 changed files with 54 additions and 21 deletions

View File

@ -5,7 +5,7 @@ require_dependency 'avatar_upload_service'
class UsersController < ApplicationController
skip_before_filter :authorize_mini_profiler, only: [:avatar]
skip_before_filter :check_xhr, only: [:show, :password_reset, :update, :activate_account, :authorize_email, :user_preferences_redirect, :avatar, :my_redirect]
skip_before_filter :check_xhr, only: [:show, :password_reset, :update, :activate_account, :perform_account_activation, :authorize_email, :user_preferences_redirect, :avatar, :my_redirect]
before_filter :ensure_logged_in, only: [:username, :update, :change_email, :user_preferences_redirect, :upload_user_image, :pick_avatar, :destroy_user_image, :destroy]
before_filter :respond_to_suspicious_request, only: [:create]
@ -273,6 +273,10 @@ class UsersController < ApplicationController
def activate_account
expires_now()
render layout: 'no_js'
end
def perform_account_activation
if @user = EmailToken.confirm(params[:token])
# Log in the user unless they need to be approved

View File

@ -1,19 +1,27 @@
<div id='simple-container'>
<%if flash[:error]%>
<div class='alert alert-error'>
<%=flash[:error]%>
</div>
<%else%>
<h2><%= t 'activation.welcome_to', site_name: SiteSetting.title %></h2>
<p>
<% if @needs_approval %>
<%= t 'activation.approval_required' %>
<% else %>
<%= raw t('activation.please_continue', link: link_to(SiteSetting.title, '/')) %></a>.
<br/>
<button class='btn' id='activate-account-button'><%= t 'activation.action' %></button>
<%= form_tag(perform_activate_account_path, method: :put, id: 'activate-account-form') do %>
<% end %>
</p>
<%end%>
</div>
<script language="javascript">
(function() {
var t1 = new Date().getTime(),
button = document.getElementById('activate-account-button'),
form = document.getElementById('activate-account-form');
button.addEventListener('click', function() {
var diff = new Date().getTime() - t1;
// Ensure the form has been visible for a few ms before allowing the
// user to submit.
if (diff > 50) {
form.submit();
}
});
})();
</script>

View File

@ -0,0 +1,20 @@
<div id='simple-container'>
<%if flash[:error]%>
<div class='alert alert-error'>
<%=flash[:error]%>
</div>
<%else%>
<h2><%= t 'activation.welcome_to', site_name: SiteSetting.title %></h2>
<p>
<% if @needs_approval %>
<%= t 'activation.approval_required' %>
<% else %>
<br>
<%= raw t('activation.please_continue', link: link_to(SiteSetting.title, '/')) %></a>.
<% end %>
</p>
<%end%>
</div>

View File

@ -383,6 +383,7 @@ en:
error: "There was an error changing your email address. Perhaps the address is already in use?"
activation:
action: "Activate your account"
already_done: "Sorry, this account confirmation link is no longer valid. Perhaps your account is already active?"
please_continue: "Your new account is confirmed, and you are now logged in. Continue to %{link}"
welcome_to: "Welcome to %{site_name}!"

View File

@ -188,6 +188,7 @@ Discourse::Application.routes.draw do
get "users/password-reset/:token" => "users#password_reset"
put "users/password-reset/:token" => "users#password_reset"
get "users/activate-account/:token" => "users#activate_account"
put "users/activate-account/:token" => "users#perform_account_activation", as: 'perform_activate_account'
get "users/authorize-email/:token" => "users#authorize_email"
get "users/hp" => "users#get_honeypot_value"
get "my/*path", to: 'users#my_redirect'

View File

@ -65,7 +65,6 @@ describe UsersController do
end
context 'valid token' do
it 'authorizes with a correct token' do
user = Fabricate(:user)
email_token = user.email_tokens.create(email: user.email)
@ -82,7 +81,7 @@ describe UsersController do
context 'invalid token' do
before do
EmailToken.expects(:confirm).with('asdfasdf').returns(nil)
get :activate_account, token: 'asdfasdf'
put :perform_account_activation, token: 'asdfasdf'
end
it 'return success' do
@ -105,13 +104,13 @@ describe UsersController do
it 'enqueues a welcome message if the user object indicates so' do
user.send_welcome_message = true
user.expects(:enqueue_welcome_message).with('welcome_user')
get :activate_account, token: 'asdfasdf'
put :perform_account_activation, token: 'asdfasdf'
end
it "doesn't enqueue the welcome message if the object returns false" do
user.send_welcome_message = false
user.expects(:enqueue_welcome_message).with('welcome_user').never
get :activate_account, token: 'asdfasdf'
put :perform_account_activation, token: 'asdfasdf'
end
end
@ -120,7 +119,7 @@ describe UsersController do
before do
Guardian.any_instance.expects(:can_access_forum?).returns(true)
EmailToken.expects(:confirm).with('asdfasdf').returns(user)
get :activate_account, token: 'asdfasdf'
put :perform_account_activation, token: 'asdfasdf'
end
it 'returns success' do
@ -145,7 +144,7 @@ describe UsersController do
before do
Guardian.any_instance.expects(:can_access_forum?).returns(false)
EmailToken.expects(:confirm).with('asdfasdf').returns(user)
get :activate_account, token: 'asdfasdf'
put :perform_account_activation, token: 'asdfasdf'
end
it 'returns success' do

Binary file not shown.

Before

Width:  |  Height:  |  Size: 5.4 KiB

After

Width:  |  Height:  |  Size: 5.4 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 2.7 KiB

After

Width:  |  Height:  |  Size: 2.6 KiB