From 95eb9ef9d4304ea658247a7f6335dcd5e315f9b7 Mon Sep 17 00:00:00 2001 From: Mathieu Magnin Date: Fri, 6 Sep 2024 14:15:06 +0200 Subject: [PATCH 1/2] [#10754] bypass unverified mail protection for login token emails --- app/mailers/instructeur_mailer.rb | 2 ++ spec/mailers/instructeur_mailer_spec.rb | 2 ++ 2 files changed, 4 insertions(+) diff --git a/app/mailers/instructeur_mailer.rb b/app/mailers/instructeur_mailer.rb index 2499af188..7e971b9bd 100644 --- a/app/mailers/instructeur_mailer.rb +++ b/app/mailers/instructeur_mailer.rb @@ -36,6 +36,8 @@ class InstructeurMailer < ApplicationMailer @login_token = login_token subject = "Connexion sécurisée à #{Current.application_name}" + bypass_unverified_mail_protection! + mail(to: instructeur.email, subject: subject) end diff --git a/spec/mailers/instructeur_mailer_spec.rb b/spec/mailers/instructeur_mailer_spec.rb index fe790ed46..db53e6282 100644 --- a/spec/mailers/instructeur_mailer_spec.rb +++ b/spec/mailers/instructeur_mailer_spec.rb @@ -24,6 +24,8 @@ RSpec.describe InstructeurMailer, type: :mailer do let(:token) { SecureRandom.hex } subject { described_class.send_login_token(user, token) } + it { expect(subject[BalancerDeliveryMethod::BYPASS_UNVERIFIED_MAIL_PROTECTION]).to be_present } + context 'without SafeMailer configured' do it { expect(subject[BalancerDeliveryMethod::FORCE_DELIVERY_METHOD_HEADER]&.value).to eq(nil) } end From d1749c2bafc06d4cdb53978419322532ebf7a19a Mon Sep 17 00:00:00 2001 From: Mathieu Magnin Date: Fri, 6 Sep 2024 14:56:44 +0200 Subject: [PATCH 2/2] [#10754] verify email when using login token --- app/controllers/users/sessions_controller.rb | 2 ++ spec/controllers/users/sessions_controller_spec.rb | 1 + 2 files changed, 3 insertions(+) diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb index 7222587ed..1d5e49100 100644 --- a/app/controllers/users/sessions_controller.rb +++ b/app/controllers/users/sessions_controller.rb @@ -92,6 +92,8 @@ class Users::SessionsController < Devise::SessionsController # redirect to root_path otherwise if instructeur_signed_in? + current_user.update!(email_verified_at: Time.zone.now) + redirect_to after_sign_in_path_for(:user) else redirect_to new_user_session_path diff --git a/spec/controllers/users/sessions_controller_spec.rb b/spec/controllers/users/sessions_controller_spec.rb index 7aead2f16..e4fde9b2f 100644 --- a/spec/controllers/users/sessions_controller_spec.rb +++ b/spec/controllers/users/sessions_controller_spec.rb @@ -217,6 +217,7 @@ describe Users::SessionsController, type: :controller do it { is_expected.to redirect_to root_path } it { expect(controller.current_instructeur).to eq(instructeur) } it { expect(controller).to have_received(:trust_device) } + it { expect(controller.current_instructeur.user.email_verified_at).not_to be_nil } end context 'when the token is invalid' do