avoid phishing
This commit is contained in:
simon lehericey
parent
0e7a6f5acf
commit
c7f7855f14
2 changed files with 23 additions and 1 deletions
|
|
@ -19,7 +19,11 @@ class Users::SessionsController < Devise::SessionsController
|
||||||
end
|
end
|
||||||
|
|
||||||
def link_sent
|
def link_sent
|
||||||
@email = params[:email]
|
if Devise.email_regexp.match?(params[:email])
|
||||||
|
@email = params[:email]
|
||||||
|
else
|
||||||
|
redirect_to root_path
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# DELETE /resource/sign_out
|
# DELETE /resource/sign_out
|
||||||
|
|
|
||||||
|
|
@ -221,4 +221,22 @@ describe Users::SessionsController, type: :controller do
|
||||||
it { is_expected.to be true }
|
it { is_expected.to be true }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe '#link_sent' do
|
||||||
|
render_views
|
||||||
|
|
||||||
|
before { get :link_sent, params: { email: link_email } }
|
||||||
|
|
||||||
|
context 'when the email is legit' do
|
||||||
|
let(:link_email) { 'a@a.com' }
|
||||||
|
|
||||||
|
it { expect(response.body).to include(link_email) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when the email is evil' do
|
||||||
|
let(:link_email) { 'Hello, I am an evil email' }
|
||||||
|
|
||||||
|
it { expect(response).to redirect_to(root_path) }
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue