FEATURE: Require Javascript to activate an account via email link
This commit is contained in:
parent
c12780eb2b
commit
cce7cf8c85
|
@ -5,7 +5,7 @@ require_dependency 'avatar_upload_service'
|
||||||
class UsersController < ApplicationController
|
class UsersController < ApplicationController
|
||||||
|
|
||||||
skip_before_filter :authorize_mini_profiler, only: [:avatar]
|
skip_before_filter :authorize_mini_profiler, only: [:avatar]
|
||||||
skip_before_filter :check_xhr, only: [:show, :password_reset, :update, :activate_account, :authorize_email, :user_preferences_redirect, :avatar, :my_redirect]
|
skip_before_filter :check_xhr, only: [:show, :password_reset, :update, :activate_account, :perform_account_activation, :authorize_email, :user_preferences_redirect, :avatar, :my_redirect]
|
||||||
|
|
||||||
before_filter :ensure_logged_in, only: [:username, :update, :change_email, :user_preferences_redirect, :upload_user_image, :pick_avatar, :destroy_user_image, :destroy]
|
before_filter :ensure_logged_in, only: [:username, :update, :change_email, :user_preferences_redirect, :upload_user_image, :pick_avatar, :destroy_user_image, :destroy]
|
||||||
before_filter :respond_to_suspicious_request, only: [:create]
|
before_filter :respond_to_suspicious_request, only: [:create]
|
||||||
|
@ -273,6 +273,10 @@ class UsersController < ApplicationController
|
||||||
|
|
||||||
def activate_account
|
def activate_account
|
||||||
expires_now()
|
expires_now()
|
||||||
|
render layout: 'no_js'
|
||||||
|
end
|
||||||
|
|
||||||
|
def perform_account_activation
|
||||||
if @user = EmailToken.confirm(params[:token])
|
if @user = EmailToken.confirm(params[:token])
|
||||||
|
|
||||||
# Log in the user unless they need to be approved
|
# Log in the user unless they need to be approved
|
||||||
|
|
|
@ -1,19 +1,27 @@
|
||||||
<div id='simple-container'>
|
<div id='simple-container'>
|
||||||
|
|
||||||
<%if flash[:error]%>
|
|
||||||
<div class='alert alert-error'>
|
|
||||||
<%=flash[:error]%>
|
|
||||||
</div>
|
|
||||||
<%else%>
|
|
||||||
<h2><%= t 'activation.welcome_to', site_name: SiteSetting.title %></h2>
|
<h2><%= t 'activation.welcome_to', site_name: SiteSetting.title %></h2>
|
||||||
<p>
|
<br/>
|
||||||
<% if @needs_approval %>
|
<button class='btn' id='activate-account-button'><%= t 'activation.action' %></button>
|
||||||
<%= t 'activation.approval_required' %>
|
|
||||||
<% else %>
|
<%= form_tag(perform_activate_account_path, method: :put, id: 'activate-account-form') do %>
|
||||||
<%= raw t('activation.please_continue', link: link_to(SiteSetting.title, '/')) %></a>.
|
|
||||||
<% end %>
|
<% end %>
|
||||||
</p>
|
|
||||||
|
|
||||||
<%end%>
|
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<script language="javascript">
|
||||||
|
(function() {
|
||||||
|
var t1 = new Date().getTime(),
|
||||||
|
button = document.getElementById('activate-account-button'),
|
||||||
|
form = document.getElementById('activate-account-form');
|
||||||
|
|
||||||
|
button.addEventListener('click', function() {
|
||||||
|
var diff = new Date().getTime() - t1;
|
||||||
|
|
||||||
|
// Ensure the form has been visible for a few ms before allowing the
|
||||||
|
// user to submit.
|
||||||
|
if (diff > 50) {
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
})();
|
||||||
|
</script>
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
<div id='simple-container'>
|
||||||
|
|
||||||
|
<%if flash[:error]%>
|
||||||
|
<div class='alert alert-error'>
|
||||||
|
<%=flash[:error]%>
|
||||||
|
</div>
|
||||||
|
<%else%>
|
||||||
|
<h2><%= t 'activation.welcome_to', site_name: SiteSetting.title %></h2>
|
||||||
|
<p>
|
||||||
|
<% if @needs_approval %>
|
||||||
|
<%= t 'activation.approval_required' %>
|
||||||
|
<% else %>
|
||||||
|
<br>
|
||||||
|
<%= raw t('activation.please_continue', link: link_to(SiteSetting.title, '/')) %></a>.
|
||||||
|
<% end %>
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<%end%>
|
||||||
|
|
||||||
|
</div>
|
|
@ -383,6 +383,7 @@ en:
|
||||||
error: "There was an error changing your email address. Perhaps the address is already in use?"
|
error: "There was an error changing your email address. Perhaps the address is already in use?"
|
||||||
|
|
||||||
activation:
|
activation:
|
||||||
|
action: "Activate your account"
|
||||||
already_done: "Sorry, this account confirmation link is no longer valid. Perhaps your account is already active?"
|
already_done: "Sorry, this account confirmation link is no longer valid. Perhaps your account is already active?"
|
||||||
please_continue: "Your new account is confirmed, and you are now logged in. Continue to %{link}"
|
please_continue: "Your new account is confirmed, and you are now logged in. Continue to %{link}"
|
||||||
welcome_to: "Welcome to %{site_name}!"
|
welcome_to: "Welcome to %{site_name}!"
|
||||||
|
|
|
@ -188,6 +188,7 @@ Discourse::Application.routes.draw do
|
||||||
get "users/password-reset/:token" => "users#password_reset"
|
get "users/password-reset/:token" => "users#password_reset"
|
||||||
put "users/password-reset/:token" => "users#password_reset"
|
put "users/password-reset/:token" => "users#password_reset"
|
||||||
get "users/activate-account/:token" => "users#activate_account"
|
get "users/activate-account/:token" => "users#activate_account"
|
||||||
|
put "users/activate-account/:token" => "users#perform_account_activation", as: 'perform_activate_account'
|
||||||
get "users/authorize-email/:token" => "users#authorize_email"
|
get "users/authorize-email/:token" => "users#authorize_email"
|
||||||
get "users/hp" => "users#get_honeypot_value"
|
get "users/hp" => "users#get_honeypot_value"
|
||||||
get "my/*path", to: 'users#my_redirect'
|
get "my/*path", to: 'users#my_redirect'
|
||||||
|
|
|
@ -65,7 +65,6 @@ describe UsersController do
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'valid token' do
|
context 'valid token' do
|
||||||
|
|
||||||
it 'authorizes with a correct token' do
|
it 'authorizes with a correct token' do
|
||||||
user = Fabricate(:user)
|
user = Fabricate(:user)
|
||||||
email_token = user.email_tokens.create(email: user.email)
|
email_token = user.email_tokens.create(email: user.email)
|
||||||
|
@ -82,7 +81,7 @@ describe UsersController do
|
||||||
context 'invalid token' do
|
context 'invalid token' do
|
||||||
before do
|
before do
|
||||||
EmailToken.expects(:confirm).with('asdfasdf').returns(nil)
|
EmailToken.expects(:confirm).with('asdfasdf').returns(nil)
|
||||||
get :activate_account, token: 'asdfasdf'
|
put :perform_account_activation, token: 'asdfasdf'
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'return success' do
|
it 'return success' do
|
||||||
|
@ -105,13 +104,13 @@ describe UsersController do
|
||||||
it 'enqueues a welcome message if the user object indicates so' do
|
it 'enqueues a welcome message if the user object indicates so' do
|
||||||
user.send_welcome_message = true
|
user.send_welcome_message = true
|
||||||
user.expects(:enqueue_welcome_message).with('welcome_user')
|
user.expects(:enqueue_welcome_message).with('welcome_user')
|
||||||
get :activate_account, token: 'asdfasdf'
|
put :perform_account_activation, token: 'asdfasdf'
|
||||||
end
|
end
|
||||||
|
|
||||||
it "doesn't enqueue the welcome message if the object returns false" do
|
it "doesn't enqueue the welcome message if the object returns false" do
|
||||||
user.send_welcome_message = false
|
user.send_welcome_message = false
|
||||||
user.expects(:enqueue_welcome_message).with('welcome_user').never
|
user.expects(:enqueue_welcome_message).with('welcome_user').never
|
||||||
get :activate_account, token: 'asdfasdf'
|
put :perform_account_activation, token: 'asdfasdf'
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
@ -120,7 +119,7 @@ describe UsersController do
|
||||||
before do
|
before do
|
||||||
Guardian.any_instance.expects(:can_access_forum?).returns(true)
|
Guardian.any_instance.expects(:can_access_forum?).returns(true)
|
||||||
EmailToken.expects(:confirm).with('asdfasdf').returns(user)
|
EmailToken.expects(:confirm).with('asdfasdf').returns(user)
|
||||||
get :activate_account, token: 'asdfasdf'
|
put :perform_account_activation, token: 'asdfasdf'
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'returns success' do
|
it 'returns success' do
|
||||||
|
@ -145,7 +144,7 @@ describe UsersController do
|
||||||
before do
|
before do
|
||||||
Guardian.any_instance.expects(:can_access_forum?).returns(false)
|
Guardian.any_instance.expects(:can_access_forum?).returns(false)
|
||||||
EmailToken.expects(:confirm).with('asdfasdf').returns(user)
|
EmailToken.expects(:confirm).with('asdfasdf').returns(user)
|
||||||
get :activate_account, token: 'asdfasdf'
|
put :perform_account_activation, token: 'asdfasdf'
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'returns success' do
|
it 'returns success' do
|
||||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 5.4 KiB After Width: | Height: | Size: 5.4 KiB |
Binary file not shown.
Before Width: | Height: | Size: 2.7 KiB After Width: | Height: | Size: 2.6 KiB |
Loading…
Reference in New Issue