From c486dd5532d2b826759becfad417670219ede19b Mon Sep 17 00:00:00 2001 From: Milan Cvetkovic Date: Mon, 22 Apr 2024 08:42:01 +0000 Subject: [PATCH 1/1] Rename verified_email to email_hmac parameter in /users/new --- app/controllers/users_controller.rb | 10 ++-- app/views/users/new.html.erb | 4 +- test/integration/user_creation_test.rb | 70 +++++++++++++------------- 3 files changed, 42 insertions(+), 42 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index e022ff0c1..3156497a4 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -71,7 +71,7 @@ class UsersController < ApplicationController # page, instead send them to the home page redirect_to @referer || { :controller => "site", :action => "index" } elsif params.key?(:auth_provider) && params.key?(:auth_uid) - @verified_email = params[:verified_email] + @email_hmac = params[:email_hmac] self.current_user = User.new(:email => params[:email], :display_name => params[:nickname], @@ -109,7 +109,7 @@ class UsersController < ApplicationController render :action => "new" else # Save the user record - save_new_user params[:verified_email] + save_new_user params[:email_hmac] end end end @@ -243,8 +243,8 @@ class UsersController < ApplicationController failed_login t("sessions.new.auth failure") end else - verified_email = UsersController.message_hmac(email) if email_verified && email - redirect_to :action => "new", :nickname => name, :email => email, :verified_email => verified_email, + email_hmac = UsersController.message_hmac(email) if email_verified && email + redirect_to :action => "new", :nickname => name, :email => email, :email_hmac => email_hmac, :auth_provider => provider, :auth_uid => uid end end @@ -262,7 +262,7 @@ class UsersController < ApplicationController def self.message_hmac(text) sha256 = Digest::SHA256.new - sha256 << Rails.application.key_generator.generate_key("openstreetmap/verified_email") + sha256 << Rails.application.key_generator.generate_key("openstreetmap/email_address") sha256 << text Base64.urlsafe_encode64(sha256.digest) end diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb index 6e9c91524..bf96c4577 100644 --- a/app/views/users/new.html.erb +++ b/app/views/users/new.html.erb @@ -43,11 +43,11 @@ <%= bootstrap_form_for current_user, :url => { :action => "create" } do |f| %> <%= hidden_field_tag("referer", h(@referer)) unless @referer.nil? %> - <%= hidden_field_tag("verified_email", h(@verified_email)) unless @verified_email.nil? %> + <%= hidden_field_tag("email_hmac", h(@email_hmac)) unless @email_hmac.nil? %> <%= f.hidden_field :auth_provider unless current_user.auth_provider.nil? %> <%= f.hidden_field :auth_uid unless current_user.auth_uid.nil? %> - <% if current_user.auth_uid.nil? or @verified_email.nil? or not current_user.errors[:email].empty? %> + <% if current_user.auth_uid.nil? or @email_hmac.nil? or not current_user.errors[:email].empty? %> <%= f.email_field :email, :help => t(".email_help_html", :privacy_policy_link => link_to(t(".privacy_policy"), t(".privacy_policy_url"), diff --git a/test/integration/user_creation_test.rb b/test/integration/user_creation_test.rb index beb05a98a..59eb9ae30 100644 --- a/test/integration/user_creation_test.rb +++ b/test/integration/user_creation_test.rb @@ -366,7 +366,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest def test_user_create_google_success new_email = "newtester-google@osm.org" - verified_email = UsersController.message_hmac(new_email) + email_hmac = UsersController.message_hmac(new_email) display_name = "new_tester-google" auth_uid = "123454321" @@ -382,7 +382,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "google") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, - :email => new_email, :verified_email => verified_email, + :email => new_email, :email_hmac => email_hmac, :auth_provider => "google", :auth_uid => auth_uid follow_redirect! @@ -392,7 +392,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest :auth_provider => "google", :auth_uid => auth_uid, :consider_pd => "1" }, - :verified_email => verified_email } + :email_hmac => email_hmac } assert_redirected_to welcome_path follow_redirect! end @@ -420,7 +420,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "google") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => dup_user.email, - :verified_email => UsersController.message_hmac(dup_user.email), + :email_hmac => UsersController.message_hmac(dup_user.email), :auth_provider => "google", :auth_uid => auth_uid follow_redirect! @@ -452,7 +452,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest def test_user_create_google_redirect orig_email = "redirect_tester_google_orig@google.com" - verified_email = UsersController.message_hmac(orig_email) + email_hmac = UsersController.message_hmac(orig_email) new_email = "redirect_tester_google@osm.org" display_name = "redirect_tester_google" auth_uid = "123454321" @@ -469,12 +469,12 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "google") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, - :email => orig_email, :verified_email => verified_email, + :email => orig_email, :email_hmac => email_hmac, :auth_provider => "google", :auth_uid => auth_uid follow_redirect! post "/user/new", :params => { :user => { :email => new_email, - :verified_email => verified_email, + :email_hmac => email_hmac, :display_name => display_name, :auth_provider => "google", :auth_uid => auth_uid, @@ -516,7 +516,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest def test_user_create_facebook_success new_email = "newtester-facebook@osm.org" - verified_email = UsersController.message_hmac(new_email) + email_hmac = UsersController.message_hmac(new_email) display_name = "new_tester-facebook" auth_uid = "123454321" @@ -531,7 +531,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "facebook") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, - :email => new_email, :verified_email => verified_email, + :email => new_email, :email_hmac => email_hmac, :auth_provider => "facebook", :auth_uid => auth_uid follow_redirect! @@ -541,7 +541,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest :auth_provider => "facebook", :auth_uid => auth_uid, :consider_pd => "1" }, - :verified_email => verified_email } + :email_hmac => email_hmac } assert_redirected_to welcome_path follow_redirect! end @@ -568,7 +568,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "facebook") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => dup_user.email, - :verified_email => UsersController.message_hmac(dup_user.email), + :email_hmac => UsersController.message_hmac(dup_user.email), :auth_provider => "facebook", :auth_uid => auth_uid follow_redirect! @@ -600,7 +600,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest def test_user_create_facebook_redirect orig_email = "redirect_tester_facebook_orig@osm.org" - verified_email = UsersController.message_hmac(orig_email) + email_hmac = UsersController.message_hmac(orig_email) new_email = "redirect_tester_facebook@osm.org" display_name = "redirect_tester_facebook" auth_uid = "123454321" @@ -617,13 +617,13 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "facebook") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, - :email => orig_email, :verified_email => verified_email, + :email => orig_email, :email_hmac => email_hmac, :auth_provider => "facebook", :auth_uid => auth_uid follow_redirect! post "/user/new", :params => { :user => { :email => new_email, - :verified_email => verified_email, + :email_hmac => email_hmac, :display_name => display_name, :auth_provider => "facebook", :auth_uid => auth_uid, @@ -665,7 +665,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest def test_user_create_microsoft_success new_email = "newtester-microsoft@osm.org" - verified_email = UsersController.message_hmac(new_email) + email_hmac = UsersController.message_hmac(new_email) display_name = "new_tester-microsoft" auth_uid = "123454321" @@ -680,7 +680,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "microsoft") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, - :email => new_email, :verified_email => verified_email, + :email => new_email, :email_hmac => email_hmac, :auth_provider => "microsoft", :auth_uid => auth_uid follow_redirect! post "/user/new", @@ -689,7 +689,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest :auth_provider => "microsoft", :auth_uid => auth_uid, :consider_pd => "1" }, - :verified_email => verified_email } + :email_hmac => email_hmac } assert_redirected_to welcome_path follow_redirect! end @@ -716,7 +716,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "microsoft") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => dup_user.email, - :verified_email => UsersController.message_hmac(dup_user.email), + :email_hmac => UsersController.message_hmac(dup_user.email), :auth_provider => "microsoft", :auth_uid => auth_uid follow_redirect! @@ -748,7 +748,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest def test_user_create_microsoft_redirect orig_email = "redirect_tester_microsoft_orig@osm.org" - verified_email = UsersController.message_hmac(orig_email) + email_hmac = UsersController.message_hmac(orig_email) new_email = "redirect_tester_microsoft@osm.org" display_name = "redirect_tester_microsoft" auth_uid = "123454321" @@ -764,13 +764,13 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "microsoft") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, - :email => orig_email, :verified_email => verified_email, + :email => orig_email, :email_hmac => email_hmac, :auth_provider => "microsoft", :auth_uid => auth_uid follow_redirect! post "/user/new", :params => { :user => { :email => new_email, - :verified_email => verified_email, + :email_hmac => email_hmac, :display_name => display_name, :auth_provider => "microsoft", :auth_uid => auth_uid, @@ -812,7 +812,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest def test_user_create_github_success new_email = "newtester-github@osm.org" - verified_email = UsersController.message_hmac(new_email) + email_hmac = UsersController.message_hmac(new_email) display_name = "new_tester-github" password = "testtest" auth_uid = "123454321" @@ -828,7 +828,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "github") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, - :email => new_email, :verified_email => verified_email, + :email => new_email, :email_hmac => email_hmac, :auth_provider => "github", :auth_uid => auth_uid follow_redirect! @@ -841,7 +841,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest :pass_crypt_confirmation => password }, :read_ct => 1, :read_tou => 1, - :verified_email => verified_email } + :email_hmac => email_hmac } assert_redirected_to welcome_path follow_redirect! end @@ -869,7 +869,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "github") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, - :email => dup_user.email, :verified_email => UsersController.message_hmac(dup_user.email), + :email => dup_user.email, :email_hmac => UsersController.message_hmac(dup_user.email), :auth_provider => "github", :auth_uid => auth_uid follow_redirect! @@ -900,7 +900,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest def test_user_create_github_redirect orig_email = "redirect_tester_github_orig@osm.org" - verified_email = UsersController.message_hmac(orig_email) + email_hmac = UsersController.message_hmac(orig_email) new_email = "redirect_tester_github@osm.org" display_name = "redirect_tester_github" auth_uid = "123454321" @@ -916,12 +916,12 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "github") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, - :email => orig_email, :verified_email => verified_email, + :email => orig_email, :email_hmac => email_hmac, :auth_provider => "github", :auth_uid => auth_uid follow_redirect! post "/user/new", :params => { :user => { :email => new_email, - :verified_email => verified_email, + :email_hmac => email_hmac, :display_name => display_name, :auth_provider => "github", :auth_uid => auth_uid, @@ -963,7 +963,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest def test_user_create_wikipedia_success new_email = "newtester-wikipedia@osm.org" - verified_email = UsersController.message_hmac(new_email) + email_hmac = UsersController.message_hmac(new_email) display_name = "new_tester-wikipedia" password = "testtest" auth_uid = "123454321" @@ -979,7 +979,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, - :email => new_email, :verified_email => verified_email, + :email => new_email, :email_hmac => email_hmac, :auth_provider => "wikipedia", :auth_uid => auth_uid follow_redirect! post "/user/new", @@ -991,7 +991,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest :pass_crypt_confirmation => password }, :read_ct => 1, :read_tou => 1, - :verified_email => verified_email } + :email_hmac => email_hmac } assert_redirected_to welcome_path follow_redirect! end @@ -1016,7 +1016,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, - :email => dup_user.email, :verified_email => UsersController.message_hmac(dup_user.email), + :email => dup_user.email, :email_hmac => UsersController.message_hmac(dup_user.email), :auth_provider => "wikipedia", :auth_uid => auth_uid follow_redirect! @@ -1048,7 +1048,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest def test_user_create_wikipedia_redirect orig_email = "redirect_tester_wikipedia_orig@osm.org" - verified_email = UsersController.message_hmac(orig_email) + email_hmac = UsersController.message_hmac(orig_email) new_email = "redirect_tester_wikipedia@osm.org" display_name = "redirect_tester_wikipedia" auth_uid = "123454321" @@ -1065,13 +1065,13 @@ class UserCreationTest < ActionDispatch::IntegrationTest assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new") follow_redirect! assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, - :email => orig_email, :verified_email => verified_email, + :email => orig_email, :email_hmac => email_hmac, :auth_provider => "wikipedia", :auth_uid => auth_uid follow_redirect! post "/user/new", :params => { :user => { :email => new_email, - :verified_email => verified_email, + :email_hmac => email_hmac, :display_name => display_name, :auth_provider => "wikipedia", :auth_uid => auth_uid, -- 2.39.5