From af25471579bda8fd04be475c4148f2fe3cfbd273 Mon Sep 17 00:00:00 2001 From: Aditya Prakash Date: Thu, 22 Dec 2016 14:09:08 +0530 Subject: [PATCH 1/2] Validate email confirmation on sign up and profile update Removed values from `PERMITTED_ATTRS` were no longer used. --- app/models/user.rb | 7 +++---- app/views/profiles/edit.html.erb | 5 +++++ app/views/users/_form.html.erb | 4 ++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index 02310a770c9..4dbf1c57c29 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -4,14 +4,12 @@ class User < ActiveRecord::Base is_gravtastic default: "retro" PERMITTED_ATTRS = [ - :bio, :email, :handle, :hide_email, - :location, :password, - :website, - :twitter_username + :twitter_username, + :email_confirmation ].freeze has_many :rubygems, through: :ownerships @@ -40,6 +38,7 @@ class User < ActiveRecord::Base validates :twitter_username, length: { within: 0..20 }, allow_nil: true validates :password, length: { within: 10..200 }, allow_nil: true, unless: :skip_password_validation? + validates :email, confirmation: true, if: :email_changed? def self.authenticate(who, password) user = find_by(email: who.downcase) || find_by(handle: who) diff --git a/app/views/profiles/edit.html.erb b/app/views/profiles/edit.html.erb index ac17f0e5a5e..fa347b52682 100644 --- a/app/views/profiles/edit.html.erb +++ b/app/views/profiles/edit.html.erb @@ -40,6 +40,11 @@ <%= form.email_field :email, :class => 'form__input' %> +
+ <%= form.label :email_confirmation, :class => 'form__label' %> + <%= form.email_field :email_confirmation, :class => 'form__input' %> +
+

<%= t('.enter_password') %>

diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb index 7926ad2d8c9..1868959f699 100644 --- a/app/views/users/_form.html.erb +++ b/app/views/users/_form.html.erb @@ -4,6 +4,10 @@ <%= form.label :email, :class => 'form__label' %> <%= form.email_field :email, :class => 'form__input' %> +
+ <%= form.label :email_confirmation, :class => 'form__label' %> + <%= form.email_field :email_confirmation, :class => 'form__input' %> +
<%= form.label :handle, :class => 'form__label' %> <%= form.text_field :handle, :class => 'form__input' %> From 25e7dea40e76cfe8d8f4398e7d163631ff783d07 Mon Sep 17 00:00:00 2001 From: Aditya Prakash Date: Thu, 22 Dec 2016 14:33:29 +0530 Subject: [PATCH 2/2] Add test for email confirmation --- test/integration/profile_test.rb | 1 + test/integration/sign_in_test.rb | 3 ++- test/integration/sign_up_test.rb | 40 +++++++++++++++++++++++++++----- 3 files changed, 37 insertions(+), 7 deletions(-) diff --git a/test/integration/profile_test.rb b/test/integration/profile_test.rb index e9c04244bed..6b339a86361 100644 --- a/test/integration/profile_test.rb +++ b/test/integration/profile_test.rb @@ -59,6 +59,7 @@ def sign_in click_link "Edit Profile" fill_in "Email address", with: "nick2@example.com" + fill_in "Email confirmation", with: "nick2@example.com" fill_in "Password", with: "password12345" click_button "Update" diff --git a/test/integration/sign_in_test.rb b/test/integration/sign_in_test.rb index 1e87a4cc636..269f37a5f31 100644 --- a/test/integration/sign_in_test.rb +++ b/test/integration/sign_in_test.rb @@ -46,7 +46,8 @@ class SignInTest < SystemTest test "signing in with unconfirmed email" do visit sign_up_path - fill_in "Email", with: "email@person.com" + fill_in "Email address", with: "email@person.com" + fill_in "Email confirmation", with: "email@person.com" fill_in "Handle", with: "nick" fill_in "Password", with: "secretpassword" click_button "Sign up" diff --git a/test/integration/sign_up_test.rb b/test/integration/sign_up_test.rb index 75e49a9d7ea..1c92fcb2ad8 100644 --- a/test/integration/sign_up_test.rb +++ b/test/integration/sign_up_test.rb @@ -4,7 +4,8 @@ class SignUpTest < SystemTest test "sign up" do visit sign_up_path - fill_in "Email", with: "email@person.com" + fill_in "Email address", with: "email@person.com" + fill_in "Email confirmation", with: "email@person.com" fill_in "Handle", with: "nick" fill_in "Password", with: "secretpassword" click_button "Sign up" @@ -15,7 +16,8 @@ class SignUpTest < SystemTest test "sign up with no handle" do visit sign_up_path - fill_in "Email", with: "email@person.com" + fill_in "Email address", with: "email@person.com" + fill_in "Email confirmation", with: "email@person.com" fill_in "Password", with: "password" click_button "Sign up" @@ -25,7 +27,8 @@ class SignUpTest < SystemTest test "sign up with bad handle" do visit sign_up_path - fill_in "Email", with: "email@person.com" + fill_in "Email address", with: "email@person.com" + fill_in "Email confirmation", with: "email@person.com" fill_in "Handle", with: "thisusernameiswaytoolongseriouslywaytoolong" fill_in "Password", with: "secretpassword" click_button "Sign up" @@ -37,7 +40,8 @@ class SignUpTest < SystemTest create(:user, handle: "nick") visit sign_up_path - fill_in "Email", with: "email@person.com" + fill_in "Email address", with: "email@person.com" + fill_in "Email confirmation", with: "email@person.com" fill_in "Handle", with: "nick" fill_in "Password", with: "secretpassword" click_button "Sign up" @@ -56,10 +60,34 @@ class SignUpTest < SystemTest assert page.has_content? "Sign up is temporarily disabled." end - test "email confirmation" do + test "sign up with no email confirmation" do visit sign_up_path - fill_in "Email", with: "email@person.com" + fill_in "Email address", with: "email@person.com" + fill_in "Handle", with: "nick" + fill_in "Password", with: "secretpassword" + click_button "Sign up" + + assert page.has_content? "Email confirmation doesn't match Email address" + end + + test "sign up with mismatched email confirmation" do + visit sign_up_path + + fill_in "Email address", with: "email@person.com" + fill_in "Email confirmation", with: "email1@person.com" + fill_in "Handle", with: "nick" + fill_in "Password", with: "secretpassword" + click_button "Sign up" + + assert page.has_content? "Email confirmation doesn't match Email address" + end + + test "email verification" do + visit sign_up_path + + fill_in "Email address", with: "email@person.com" + fill_in "Email confirmation", with: "email@person.com" fill_in "Handle", with: "nick" fill_in "Password", with: "secretpassword" click_button "Sign up"