From: Andy Allan Date: Sun, 25 Feb 2024 10:32:15 +0000 (+0100) Subject: Merge pull request #4535 from tomhughes/rails-tokens X-Git-Tag: live~1145 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/52f755cb27dd7dad2fe65a3deb5d4591c6675dec?ds=sidebyside;hp=-c Merge pull request #4535 from tomhughes/rails-tokens Use rails generated tokens for emails --- 52f755cb27dd7dad2fe65a3deb5d4591c6675dec diff --combined app/controllers/users_controller.rb index b017c33b9,429fa47a4..fbf49ecbe --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@@ -203,8 -203,8 +203,8 @@@ class UsersController < ApplicationCont session[:referer] = referer successful_login(current_user) else - session[:token] = current_user.tokens.create.token - UserMailer.signup_confirm(current_user, current_user.tokens.create(:referer => referer)).deliver_later + session[:pending_user] = current_user.id + UserMailer.signup_confirm(current_user, current_user.generate_token_for(:new_user), referer).deliver_later redirect_to :controller => :confirmations, :action => :confirm, :display_name => current_user.display_name end else @@@ -247,7 -247,7 +247,7 @@@ when "openid" uid.match(%r{https://www.google.com/accounts/o8/id?(.*)}) || uid.match(%r{https://me.yahoo.com/(.*)}) - when "google", "facebook", "microsoft" + when "google", "facebook", "microsoft", "github", "wikipedia" true else false diff --combined test/integration/user_creation_test.rb index 77b23c039,35f98d17d..59efeaabb --- a/test/integration/user_creation_test.rb +++ b/test/integration/user_creation_test.rb @@@ -209,11 -209,11 +209,11 @@@ class UserCreationTest < ActionDispatch assert_equal register_email.to.first, new_email # Check that the confirm account url is correct - confirm_regex = Regexp.new("/user/redirect_tester/confirm\\?confirm_string=([a-zA-Z0-9_-]*)") + confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)") email_text_parts(register_email).each do |part| assert_match confirm_regex, part.body.to_s end - confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1] + confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1]) # Check the page assert_response :success @@@ -222,11 -222,11 +222,11 @@@ ActionMailer::Base.deliveries.clear # Go to the confirmation page - get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :success assert_template "confirmations/confirm" - post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :redirect follow_redirect! assert_response :success @@@ -362,11 -362,11 +362,11 @@@ assert_equal register_email.to.first, new_email # Check that the confirm account url is correct - confirm_regex = Regexp.new("/user/redirect_tester_openid/confirm\\?confirm_string=([a-zA-Z0-9_-]*)") + confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)") email_text_parts(register_email).each do |part| assert_match confirm_regex, part.body.to_s end - confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1] + confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1]) # Check the page assert_response :success @@@ -375,11 -375,11 +375,11 @@@ ActionMailer::Base.deliveries.clear # Go to the confirmation page - get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :success assert_template "confirmations/confirm" - post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :redirect follow_redirect! assert_response :success @@@ -516,11 -516,11 +516,11 @@@ assert_equal register_email.to.first, new_email # Check that the confirm account url is correct - confirm_regex = Regexp.new("/user/redirect_tester_google/confirm\\?confirm_string=([a-zA-Z0-9_-]*)") + confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)") email_text_parts(register_email).each do |part| assert_match confirm_regex, part.body.to_s end - confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1] + confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1]) # Check the page assert_response :success @@@ -529,11 -529,11 +529,11 @@@ ActionMailer::Base.deliveries.clear # Go to the confirmation page - get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :success assert_template "confirmations/confirm" - post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :redirect follow_redirect! assert_response :success @@@ -668,11 -668,11 +668,11 @@@ assert_equal register_email.to.first, new_email # Check that the confirm account url is correct - confirm_regex = Regexp.new("/user/redirect_tester_facebook/confirm\\?confirm_string=([a-zA-Z0-9_-]*)") + confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)") email_text_parts(register_email).each do |part| assert_match confirm_regex, part.body.to_s end - confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1] + confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1]) # Check the page assert_response :success @@@ -681,11 -681,11 +681,11 @@@ ActionMailer::Base.deliveries.clear # Go to the confirmation page - get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :success assert_template "confirmations/confirm" - post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :redirect follow_redirect! assert_response :success @@@ -820,11 -820,11 +820,11 @@@ assert_equal register_email.to.first, new_email # Check that the confirm account url is correct - confirm_regex = Regexp.new("/user/redirect_tester_microsoft/confirm\\?confirm_string=([a-zA-Z0-9_-]*)") + confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)") email_text_parts(register_email).each do |part| assert_match confirm_regex, part.body.to_s end - confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1] + confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1]) # Check the page assert_response :success @@@ -833,11 -833,11 +833,11 @@@ ActionMailer::Base.deliveries.clear # Go to the confirmation page - get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :success assert_template "confirmations/confirm" - post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :redirect follow_redirect! assert_response :success @@@ -852,7 -852,7 +852,7 @@@ OmniAuth.config.add_mock(:github, :uid => "123454321", :info => { "email" => new_email }) assert_difference("User.count") do - assert_difference("ActionMailer::Base.deliveries.size", 1) do + assert_no_difference("ActionMailer::Base.deliveries.size") do perform_enqueued_jobs do post "/user/new", :params => { :user => { :email => new_email, @@@ -880,7 -880,7 +880,7 @@@ :read_ct => 1, :read_tou => 1 } assert_response :redirect - assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name + assert_redirected_to welcome_path follow_redirect! end end @@@ -888,7 -888,7 +888,7 @@@ # Check the page assert_response :success - assert_template "confirmations/confirm" + assert_template "site/welcome" ActionMailer::Base.deliveries.clear end @@@ -974,11 -974,11 +974,11 @@@ assert_equal register_email.to.first, new_email # Check that the confirm account url is correct - confirm_regex = Regexp.new("/user/redirect_tester_github/confirm\\?confirm_string=([a-zA-Z0-9_-]*)") + confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)") email_text_parts(register_email).each do |part| assert_match confirm_regex, part.body.to_s end - confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1] + confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1]) # Check the page assert_response :success @@@ -987,11 -987,11 +987,11 @@@ ActionMailer::Base.deliveries.clear # Go to the confirmation page - get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :success assert_template "confirmations/confirm" - post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :redirect follow_redirect! assert_response :success @@@ -1006,7 -1006,7 +1006,7 @@@ OmniAuth.config.add_mock(:wikipedia, :uid => "123454321", :info => { "email" => new_email }) assert_difference("User.count") do - assert_difference("ActionMailer::Base.deliveries.size", 1) do + assert_no_difference("ActionMailer::Base.deliveries.size") do perform_enqueued_jobs do post "/user/new", :params => { :user => { :email => new_email, @@@ -1034,7 -1034,7 +1034,7 @@@ :read_ct => 1, :read_tou => 1 } assert_response :redirect - assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name + assert_redirected_to welcome_path follow_redirect! end end @@@ -1042,7 -1042,7 +1042,7 @@@ # Check the page assert_response :success - assert_template "confirmations/confirm" + assert_template "site/welcome" ActionMailer::Base.deliveries.clear end @@@ -1128,11 -1128,11 +1128,11 @@@ assert_equal register_email.to.first, new_email # Check that the confirm account url is correct - confirm_regex = Regexp.new("/user/redirect_tester_wikipedia/confirm\\?confirm_string=([a-zA-Z0-9_-]*)") + confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)") email_text_parts(register_email).each do |part| assert_match confirm_regex, part.body.to_s end - confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1] + confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1]) # Check the page assert_response :success @@@ -1141,11 -1141,11 +1141,11 @@@ ActionMailer::Base.deliveries.clear # Go to the confirmation page - get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :success assert_template "confirmations/confirm" - post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string } + post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string } assert_response :redirect follow_redirect! assert_response :success