15623aa35a
It does not add any additional guards against malicious users: Malicious user may attempt to invoke `POST /users/new` with bogus values for `auth_provider` and `auth_uid` resulting with a new account to which user would have a way to login, other than sending a password reset request. In some cases, re-authorization would introduce additional "Please login to your social account", or "Are you sure you want to be logged in" popup triggered by identity provider. This PR removes the re-authorization request from `POST /users/new` in authorization flow. |
||
|---|---|---|
| .. | ||
| client_applications_test.rb | ||
| compressed_requests_test.rb | ||
| cors_test.rb | ||
| oauth2_test.rb | ||
| oauth_test.rb | ||
| page_locale_test.rb | ||
| redirect_test.rb | ||
| short_links_test.rb | ||
| user_blocks_test.rb | ||
| user_creation_test.rb | ||
| user_diaries_test.rb | ||
| user_login_test.rb | ||
| user_terms_seen_test.rb | ||