Fix sign-ups without checked user agreement being accepted through the web form (#13088)
* Fix user agreement not being verified * Fix tests * Fix up agreement field being dismissed
This commit is contained in:
parent
250ca99cb5
commit
c48d895ea7
@ -41,7 +41,6 @@ class Auth::RegistrationsController < Devise::RegistrationsController
|
|||||||
|
|
||||||
resource.locale = I18n.locale
|
resource.locale = I18n.locale
|
||||||
resource.invite_code = params[:invite_code] if resource.invite_code.blank?
|
resource.invite_code = params[:invite_code] if resource.invite_code.blank?
|
||||||
resource.agreement = true
|
|
||||||
resource.current_sign_in_ip = request.remote_ip
|
resource.current_sign_in_ip = request.remote_ip
|
||||||
|
|
||||||
resource.build_account if resource.account.nil?
|
resource.build_account if resource.account.nil?
|
||||||
@ -49,7 +48,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
|
|||||||
|
|
||||||
def configure_sign_up_params
|
def configure_sign_up_params
|
||||||
devise_parameter_sanitizer.permit(:sign_up) do |u|
|
devise_parameter_sanitizer.permit(:sign_up) do |u|
|
||||||
u.permit({ account_attributes: [:username], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code)
|
u.permit({ account_attributes: [:username], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code, :agreement)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -100,7 +100,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
|
|||||||
subject do
|
subject do
|
||||||
Setting.registrations_mode = 'open'
|
Setting.registrations_mode = 'open'
|
||||||
request.headers["Accept-Language"] = accept_language
|
request.headers["Accept-Language"] = accept_language
|
||||||
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678' } }
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'redirects to setup' do
|
it 'redirects to setup' do
|
||||||
@ -116,6 +116,26 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when user has not agreed to terms of service' do
|
||||||
|
around do |example|
|
||||||
|
registrations_mode = Setting.registrations_mode
|
||||||
|
example.run
|
||||||
|
Setting.registrations_mode = registrations_mode
|
||||||
|
end
|
||||||
|
|
||||||
|
subject do
|
||||||
|
Setting.registrations_mode = 'open'
|
||||||
|
request.headers["Accept-Language"] = accept_language
|
||||||
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'false' } }
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not create user' do
|
||||||
|
subject
|
||||||
|
user = User.find_by(email: 'test@example.com')
|
||||||
|
expect(user).to be_nil
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'approval-based registrations without invite' do
|
context 'approval-based registrations without invite' do
|
||||||
around do |example|
|
around do |example|
|
||||||
registrations_mode = Setting.registrations_mode
|
registrations_mode = Setting.registrations_mode
|
||||||
@ -126,7 +146,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
|
|||||||
subject do
|
subject do
|
||||||
Setting.registrations_mode = 'approved'
|
Setting.registrations_mode = 'approved'
|
||||||
request.headers["Accept-Language"] = accept_language
|
request.headers["Accept-Language"] = accept_language
|
||||||
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678' } }
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'redirects to setup' do
|
it 'redirects to setup' do
|
||||||
@ -154,7 +174,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
|
|||||||
Setting.registrations_mode = 'approved'
|
Setting.registrations_mode = 'approved'
|
||||||
request.headers["Accept-Language"] = accept_language
|
request.headers["Accept-Language"] = accept_language
|
||||||
invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago)
|
invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago)
|
||||||
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code } }
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code, agreement: 'true' } }
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'redirects to setup' do
|
it 'redirects to setup' do
|
||||||
@ -182,7 +202,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
|
|||||||
Setting.registrations_mode = 'approved'
|
Setting.registrations_mode = 'approved'
|
||||||
request.headers["Accept-Language"] = accept_language
|
request.headers["Accept-Language"] = accept_language
|
||||||
invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.from_now)
|
invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.from_now)
|
||||||
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code } }
|
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code, agreement: 'true' } }
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'redirects to setup' do
|
it 'redirects to setup' do
|
||||||
|
Loading…
Reference in New Issue
Block a user