cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Handle expired confirmation tokens

Browse source
This commit is contained in:
John Firebaugh 2013-08-08 14:57:39 -07:00
parent 8ca781ac75
commit 091473602b
4 changed files with 35 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
app/controllers/user_controller.rb
View file

@ -304,10 +304,14 @@ class UserController < ApplicationController
end end
def confirm def confirm
if request.post? && (token = UserToken.find_by_token(params[:confirm_string])) if request.post?
if token.user.active? token = UserToken.find_by_token(params[:confirm_string])
if token && token.user.active?
flash[:error] = t('user.confirm.already active') flash[:error] = t('user.confirm.already active')
redirect_to :action => 'login' redirect_to :action => 'login'
elsif !token || token.expired?
flash[:error] = t('user.confirm.unknown token')
redirect_to :action => 'confirm'
else else
user = token.user user = token.user
user.status = "active" user.status = "active"

4
app/models/user_token.rb
View file

@ -5,6 +5,10 @@ class UserToken < ActiveRecord::Base
after_initialize :set_defaults after_initialize :set_defaults
def expired?
expiry < Time.now
end
private private
def set_defaults def set_defaults

2
config/locales/en.yml
View file

@ -1880,7 +1880,7 @@ en:
press confirm button: "Press the confirm button below to activate your account." press confirm button: "Press the confirm button below to activate your account."
button: Confirm button: Confirm
already active: "This account has already been confirmed." already active: "This account has already been confirmed."
unknown token: "That token doesn't seem to exist." unknown token: "That confirmation code has expired or does not exist."
reconfirm_html: "If you need us to resend the confirmation email, <a href=\"%{reconfirm}\">click here</a>." reconfirm_html: "If you need us to resend the confirmation email, <a href=\"%{reconfirm}\">click here</a>."
confirm_resend: confirm_resend:
success: "We've sent a new confirmation note to %{email} and as soon as you confirm your account you'll be able to get mapping.<br /><br />If you use an antispam system which sends confirmation requests then please make sure you whitelist webmaster@openstreetmap.org as we are unable to reply to any confirmation requests." success: "We've sent a new confirmation note to %{email} and as soon as you confirm your account you'll be able to get mapping.<br /><br />If you use an antispam system which sends confirmation requests then please make sure you whitelist webmaster@openstreetmap.org as we are unable to reply to any confirmation requests."

24
test/functional/user_controller_test.rb
View file

@ -319,6 +319,30 @@ class UserControllerTest < ActionController::TestCase
assert_select "form > fieldset > div.form-row > div.field_with_errors > input#user_display_name" assert_select "form > fieldset > div.form-row > div.field_with_errors > input#user_display_name"
end end
def test_user_confirm_expired_token
user = users(:inactive_user)
token = user.tokens.new
token.expiry = 1.day.ago
token.save!
@request.cookies["_osm_session"] = user.display_name
post :confirm, :confirm_string => token.token
assert_redirected_to :action => 'confirm'
assert_match /expired/, flash[:error]
end
def test_user_already_confirmed
user = users(:normal_user)
token = user.tokens.create
@request.cookies["_osm_session"] = user.display_name
post :confirm, :confirm_string => token.token
assert_redirected_to :action => 'login'
assert_match /confirmed/, flash[:error]
end
def test_user_terms_new_user def test_user_terms_new_user
get :terms, {}, { "new_user" => User.new } get :terms, {}, { "new_user" => User.new }
assert_response :success assert_response :success