From a226999382881506b6e9f50a0cb45ca89cf263cb Mon Sep 17 00:00:00 2001 From: pedong Date: Tue, 7 May 2019 16:13:31 +0200 Subject: [PATCH 1/4] redirect to same path after use signup --- app/controllers/users/registrations_controller.rb | 4 +--- spec/controllers/users/registrations_controller_spec.rb | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb index 4fcd54b44..cc69b4555 100644 --- a/app/controllers/users/registrations_controller.rb +++ b/app/controllers/users/registrations_controller.rb @@ -26,12 +26,10 @@ class Users::RegistrationsController < Devise::RegistrationsController if existing_user.present? if existing_user.confirmed? UserMailer.new_account_warning(existing_user).deliver_later - flash.notice = t('devise.registrations.signed_up_but_unconfirmed') - return redirect_to root_path else existing_user.resend_confirmation_instructions - return redirect_to after_inactive_sign_up_path_for(existing_user) end + return redirect_to after_inactive_sign_up_path_for(existing_user) end super diff --git a/spec/controllers/users/registrations_controller_spec.rb b/spec/controllers/users/registrations_controller_spec.rb index c5cbd2155..a6d38c132 100644 --- a/spec/controllers/users/registrations_controller_spec.rb +++ b/spec/controllers/users/registrations_controller_spec.rb @@ -74,8 +74,7 @@ describe Users::RegistrationsController, type: :controller do before { subject } - it { expect(response).to redirect_to(root_path) } - it { expect(flash.notice).to eq(I18n.t('devise.registrations.signed_up_but_unconfirmed')) } + it { expect(response).to redirect_to(new_user_confirmation_path(user: { email: user[:email] })) } it { expect(UserMailer).to have_received(:new_account_warning) } end From b1f11c0b0ae184c2594dd5b429a0824abcf36ef0 Mon Sep 17 00:00:00 2001 From: pedong Date: Mon, 13 May 2019 11:57:01 +0200 Subject: [PATCH 2/4] add explanation to spec login --- .../users/registrations_controller_spec.rb | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/spec/controllers/users/registrations_controller_spec.rb b/spec/controllers/users/registrations_controller_spec.rb index a6d38c132..206b15211 100644 --- a/spec/controllers/users/registrations_controller_spec.rb +++ b/spec/controllers/users/registrations_controller_spec.rb @@ -74,8 +74,13 @@ describe Users::RegistrationsController, type: :controller do before { subject } - it { expect(response).to redirect_to(new_user_confirmation_path(user: { email: user[:email] })) } - it { expect(UserMailer).to have_received(:new_account_warning) } + it 'sends an email to the user, stating that the account already exists' do + expect(UserMailer).to have_received(:new_account_warning) + end + + it 'avoids leaking information about the account existence, by redirecting to the same page than normal signup' do + expect(response).to redirect_to(new_user_confirmation_path(user: { email: user[:email] })) + end end context 'and the user is not confirmed' do @@ -86,8 +91,13 @@ describe Users::RegistrationsController, type: :controller do subject end - it { expect(response).to redirect_to(new_user_confirmation_path(user: { email: user[:email] })) } - it { expect(UserMailer).not_to have_received(:new_account_warning) } + it 'does not send a warning email' do + expect(UserMailer).not_to have_received(:new_account_warning) + end + + it 'avoids leaking information about the account existence, by redirecting to the same page than normal signup' do + expect(response).to redirect_to(new_user_confirmation_path(user: { email: user[:email] })) + end end end end From f5f7dfba40d3a97e0684ff58f9f27e97dea66529 Mon Sep 17 00:00:00 2001 From: Pierre de La Morinerie Date: Thu, 9 May 2019 13:54:50 +0200 Subject: [PATCH 3/4] france_connect: fix for params entirely missing from the callback Fix a Sentry exception encountered in production. --- app/controllers/france_connect/particulier_controller.rb | 2 +- .../france_connect/particulier_controller_spec.rb | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/app/controllers/france_connect/particulier_controller.rb b/app/controllers/france_connect/particulier_controller.rb index aa629b365..a1f95b292 100644 --- a/app/controllers/france_connect/particulier_controller.rb +++ b/app/controllers/france_connect/particulier_controller.rb @@ -30,7 +30,7 @@ class FranceConnect::ParticulierController < ApplicationController private def redirect_to_login_if_fc_aborted - if params[:code].empty? + if params[:code].blank? redirect_to new_user_session_path end end diff --git a/spec/controllers/france_connect/particulier_controller_spec.rb b/spec/controllers/france_connect/particulier_controller_spec.rb index 498087145..7e4a00f15 100644 --- a/spec/controllers/france_connect/particulier_controller_spec.rb +++ b/spec/controllers/france_connect/particulier_controller_spec.rb @@ -25,6 +25,12 @@ describe FranceConnect::ParticulierController, type: :controller do subject { get :callback, params: { code: code } } + context 'when params are missing' do + subject { get :callback } + + it { is_expected.to redirect_to(new_user_session_path) } + end + context 'when param code is missing' do let(:code) { nil } From d36cb85f6ae1ccd2c24c0a76a77d3616e3260e42 Mon Sep 17 00:00:00 2001 From: Pierre de La Morinerie Date: Mon, 13 May 2019 15:56:14 +0200 Subject: [PATCH 4/4] notification_mailer: send procedure id when reporting a missing logo --- app/mailers/notification_mailer.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/mailers/notification_mailer.rb b/app/mailers/notification_mailer.rb index e9e88b4c1..2822d405a 100644 --- a/app/mailers/notification_mailer.rb +++ b/app/mailers/notification_mailer.rb @@ -45,6 +45,7 @@ class NotificationMailer < ApplicationMailer @logo_url = attachments[logo_filename].url rescue StandardError => e # A problem occured when reading logo, maybe the logo is missing and we should clean the procedure to remove logo reference ? + Raven.extra_context(procedure_id: dossier.procedure.id) Raven.capture_exception(e) end end