DEV: Confirm email when creating users via the API

This commit is for a frequently requested task on meta so that only 1
API call is needed instead of 3!

In order to create a user via the api and not have them receive an
activation email you can pass in the `active=true` flag. This prevents
sending an email, but it is only half of the solution and puts the db in
a weird state where it has an active user with an unconfirmed email.

This commit fixes that and ensures that if the `active=true` flag is set
the user's email is also marked as confirmed.

This change only applies to admins using the API.

Related topics on meta:

 - https://meta.discourse.org/t/-/68663
 - https://meta.discourse.org/t/-/33133
 - https://meta.discourse.org/t/-/36133
This commit is contained in:
Blake Erickson 2020-04-14 14:30:42 -06:00
parent 40531fc85e
commit fec68d3d25
2 changed files with 6 additions and 2 deletions

View File

@ -507,8 +507,10 @@ class UsersController < ApplicationController
session["user_created_message"] = activation.message session["user_created_message"] = activation.message
session[SessionController::ACTIVATE_USER_KEY] = user.id session[SessionController::ACTIVATE_USER_KEY] = user.id
# If the user was created as active, they might need to be approved # If the user was created as active this will
user.create_reviewable if user.active? # ensure their email is confirmed and
# add them to the review queue if they need to be approved
user.activate if user.active?
render json: { render json: {
success: true, success: true,

View File

@ -768,6 +768,7 @@ describe UsersController do
json = JSON.parse(response.body) json = JSON.parse(response.body)
new_user = User.find(json["user_id"]) new_user = User.find(json["user_id"])
email_token = new_user.email_tokens.active.where(email: new_user.email).first
expect(json['active']).to be_truthy expect(json['active']).to be_truthy
@ -775,6 +776,7 @@ describe UsersController do
expect(new_user.approved).to eq(true) expect(new_user.approved).to eq(true)
expect(new_user.approved_by_id).to eq(admin.id) expect(new_user.approved_by_id).to eq(admin.id)
expect(new_user.approved_at).to_not eq(nil) expect(new_user.approved_at).to_not eq(nil)
expect(email_token.confirmed?).to eq(true)
end end
it "will create a reviewable when a user is created as active but not approved" do it "will create a reviewable when a user is created as active but not approved" do