[#1915] Devise: avoid leaking registered people
This commit is contained in:
parent
7fed476e29
commit
0b87944368
5 changed files with 48 additions and 3 deletions
|
@ -15,7 +15,14 @@ class Users::RegistrationsController < Devise::RegistrationsController
|
|||
|
||||
# POST /resource
|
||||
def create
|
||||
super
|
||||
user = User.find_by(email: params[:user][:email])
|
||||
if user.present?
|
||||
UserMailer.new_account_warning(user).deliver
|
||||
flash.notice = t('devise.registrations.signed_up_but_unconfirmed')
|
||||
redirect_to root_path
|
||||
else
|
||||
super
|
||||
end
|
||||
end
|
||||
|
||||
# GET /resource/edit
|
||||
|
|
8
app/mailers/user_mailer.rb
Normal file
8
app/mailers/user_mailer.rb
Normal file
|
@ -0,0 +1,8 @@
|
|||
class UserMailer < ApplicationMailer
|
||||
layout 'mailers/layout'
|
||||
|
||||
def new_account_warning(user)
|
||||
@user = user
|
||||
mail(to: user.email, subject: "Création de compte")
|
||||
end
|
||||
end
|
14
app/views/user_mailer/new_account_warning.html.haml
Normal file
14
app/views/user_mailer/new_account_warning.html.haml
Normal file
|
@ -0,0 +1,14 @@
|
|||
- content_for(:title, 'Demande de création de compte')
|
||||
|
||||
%h1 Bonjour
|
||||
|
||||
%p Une demande de création de compte a été réalisée sur le site demarches-simplifiees.fr pour l'email #{@user.email}.
|
||||
%p
|
||||
Votre compte existe déjà. Si vous souhaitez changer votre mot de passe, veuillez suivre les instructions à l'adresse suivante
|
||||
#{link_to(new_password_url(@user), new_password_url(@user))}.
|
||||
%p Si vous n'êtes pas à l'origine de cette demande, vous pouvez ignorer ce mail.
|
||||
|
||||
%p
|
||||
Cordialement,
|
||||
%br
|
||||
L'équipe demarches-simplifiees.fr
|
|
@ -1,5 +1,3 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe Users::RegistrationsController, type: :controller do
|
||||
let(:email) { 'test@octo.com' }
|
||||
let(:password) { 'password' }
|
||||
|
@ -33,5 +31,18 @@ describe Users::RegistrationsController, type: :controller do
|
|||
subject
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the user already exists' do
|
||||
let!(:existing_user) { create(:user, email: email, password: password) }
|
||||
|
||||
before do
|
||||
allow(UserMailer).to receive(:new_account_warning).and_return(double(deliver: 'deliver'))
|
||||
subject
|
||||
end
|
||||
|
||||
it { expect(response).to redirect_to(root_path) }
|
||||
it { expect(flash.notice).to eq(I18n.t('devise.registrations.signed_up_but_unconfirmed')) }
|
||||
it { expect(UserMailer).to have_received(:new_account_warning) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
5
spec/mailers/previews/user_mailer_preview.rb
Normal file
5
spec/mailers/previews/user_mailer_preview.rb
Normal file
|
@ -0,0 +1,5 @@
|
|||
class UserPreview < ActionMailer::Preview
|
||||
def new_account_warning
|
||||
UserMailer.new_account_warning(User.first)
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue