[#1915] Devise: avoid leaking registered people
This commit is contained in:
simon lehericey
Paul Chavard
parent
7fed476e29
commit
0b87944368
5 changed files with 48 additions and 3 deletions
|
|
@ -15,7 +15,14 @@ class Users::RegistrationsController < Devise::RegistrationsController
|
||||||
|
|
||||||
# POST /resource
|
# POST /resource
|
||||||
def create
|
def create
|
||||||
super
|
user = User.find_by(email: params[:user][:email])
|
||||||
|
if user.present?
|
||||||
|
UserMailer.new_account_warning(user).deliver
|
||||||
|
flash.notice = t('devise.registrations.signed_up_but_unconfirmed')
|
||||||
|
redirect_to root_path
|
||||||
|
else
|
||||||
|
super
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# GET /resource/edit
|
# GET /resource/edit
|
||||||
|
|
|
||||||
8
app/mailers/user_mailer.rb
Normal file
8
app/mailers/user_mailer.rb
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
class UserMailer < ApplicationMailer
|
||||||
|
layout 'mailers/layout'
|
||||||
|
|
||||||
|
def new_account_warning(user)
|
||||||
|
@user = user
|
||||||
|
mail(to: user.email, subject: "Création de compte")
|
||||||
|
end
|
||||||
|
end
|
||||||
14
app/views/user_mailer/new_account_warning.html.haml
Normal file
14
app/views/user_mailer/new_account_warning.html.haml
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
- content_for(:title, 'Demande de création de compte')
|
||||||
|
|
||||||
|
%h1 Bonjour
|
||||||
|
|
||||||
|
%p Une demande de création de compte a été réalisée sur le site demarches-simplifiees.fr pour l'email #{@user.email}.
|
||||||
|
%p
|
||||||
|
Votre compte existe déjà. Si vous souhaitez changer votre mot de passe, veuillez suivre les instructions à l'adresse suivante
|
||||||
|
#{link_to(new_password_url(@user), new_password_url(@user))}.
|
||||||
|
%p Si vous n'êtes pas à l'origine de cette demande, vous pouvez ignorer ce mail.
|
||||||
|
|
||||||
|
%p
|
||||||
|
Cordialement,
|
||||||
|
%br
|
||||||
|
L'équipe demarches-simplifiees.fr
|
||||||
|
|
@ -1,5 +1,3 @@
|
||||||
require 'spec_helper'
|
|
||||||
|
|
||||||
describe Users::RegistrationsController, type: :controller do
|
describe Users::RegistrationsController, type: :controller do
|
||||||
let(:email) { 'test@octo.com' }
|
let(:email) { 'test@octo.com' }
|
||||||
let(:password) { 'password' }
|
let(:password) { 'password' }
|
||||||
|
|
@ -33,5 +31,18 @@ describe Users::RegistrationsController, type: :controller do
|
||||||
subject
|
subject
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when the user already exists' do
|
||||||
|
let!(:existing_user) { create(:user, email: email, password: password) }
|
||||||
|
|
||||||
|
before do
|
||||||
|
allow(UserMailer).to receive(:new_account_warning).and_return(double(deliver: 'deliver'))
|
||||||
|
subject
|
||||||
|
end
|
||||||
|
|
||||||
|
it { expect(response).to redirect_to(root_path) }
|
||||||
|
it { expect(flash.notice).to eq(I18n.t('devise.registrations.signed_up_but_unconfirmed')) }
|
||||||
|
it { expect(UserMailer).to have_received(:new_account_warning) }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
5
spec/mailers/previews/user_mailer_preview.rb
Normal file
5
spec/mailers/previews/user_mailer_preview.rb
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
class UserPreview < ActionMailer::Preview
|
||||||
|
def new_account_warning
|
||||||
|
UserMailer.new_account_warning(User.first)
|
||||||
|
end
|
||||||
|
end
|
||||||
Loading…
Add table
Add a link
Reference in a new issue