Merge branch 'feature/confirmable' of /home/git/repositories/gitlab/gitlabhq

Dmitriy Zaporozhets
2 parents db7d1549 f4d68f39
Showing 10 changed files with 48 additions and 6 deletions Show diff stats
CHANGELOG
app/controllers/admin/users_controller.rb
app/models/user.rb
app/views/profiles/show.html.haml
config/initializers/devise.rb
db/migrate/20131009115346_add_confirmable_to_users.rb
db/schema.rb
lib/gitlab/oauth/user.rb
spec/factories.rb
spec/models/project_spec.rb
@@ -17,6 +17,8 @@ v 6.2.0
   - Avatar upload on profile page with a maximum of 200KB (Steven Thonus)
   - Store the sessions in Redis instead of the cookie store
   - Fixed relative links in markdown
+  - User must confirm his email if signup enabled
+  - User must confirm changed email 
  
 v 6.1.0
   - Project specific IDs for issues, mr, milestones
@@ -47,6 +47,7 @@ class Admin::UsersController &lt; Admin::ApplicationController
     @user = User.build_user(params[:user].merge(opts), as: :admin)
     @user.admin = (admin && admin.to_i > 0)
     @user.created_by_id = current_user.id
+    @user.confirm!
  
     respond_to do |format|
       if @user.save
@@ -71,6 +72,7 @@ class Admin::UsersController &lt; Admin::ApplicationController
  
     respond_to do |format|
       if user.update_attributes(params[:user], as: :admin)
+        user.confirm!
         format.html { redirect_to [:admin, user], notice: 'User was successfully updated.' }
         format.json { head :ok }
       else
@@ -43,7 +43,7 @@ require &#39;file_size_validator&#39;
  
 class User < ActiveRecord::Base
   devise :database_authenticatable, :token_authenticatable, :lockable, :async,
-         :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :registerable
+         :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable
  
   attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, :name, :username,
                   :skype, :linkedin, :twitter, :color_scheme_id, :theme_id, :force_random_password,
@@ -398,4 +398,4 @@ class User &lt; ActiveRecord::Base
  
     self
   end
-end
 \ No newline at end of file
+end
@@ -25,7 +25,12 @@
         = f.label :email, class: "control-label"
         .controls
           = f.text_field :email, class: "input-xlarge", required: true
-          %span.help-block We also use email for avatar detection if no avatar is uploaded.
+          - if @user.unconfirmed_email.present?
+            %span.help-block
+              We sent confirmation email to
+              %strong #{@user.unconfirmed_email}
+          - else
+            %span.help-block We also use email for avatar detection if no avatar is uploaded.
       .control-group
         = f.label :skype, class: "control-label"
         .controls= f.text_field :skype, class: "input-xlarge"
@@ -54,6 +54,8 @@ Devise.setup do |config|
   # The realm used in Http Basic Authentication. "Application" by default.
   # config.http_authentication_realm = "Application"
  
+  config.reconfirmable = true
+
   # It will change confirmation, password recovery and other workflows
   # to behave the same regardless if the e-mail provided was right or wrong.
   # Does not affect registerable.
@@ -0,0 +1,15 @@
+class AddConfirmableToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :confirmation_token, :string
+    add_column :users, :confirmed_at, :datetime
+    add_column :users, :confirmation_sent_at, :datetime
+    add_column :users, :unconfirmed_email, :string
+    add_index :users, :confirmation_token, unique: true
+    User.update_all(confirmed_at: Time.now)
+  end
+
+  def self.down
+    remove_column :users, :confirmation_token, :confirmed_at, :confirmation_sent_at
+    remove_column :users, :unconfirmed_email
+  end
+end
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
  
-ActiveRecord::Schema.define(:version => 20131005191208) do
+ActiveRecord::Schema.define(:version => 20131009115346) do
  
   create_table "deploy_keys_projects", :force => true do |t|
     t.integer  "deploy_key_id", :null => false
@@ -284,10 +284,15 @@ ActiveRecord::Schema.define(:version =&gt; 20131005191208) do
     t.datetime "password_expires_at"
     t.integer  "created_by_id"
     t.string   "avatar"
+    t.string   "confirmation_token"
+    t.datetime "confirmed_at"
+    t.datetime "confirmation_sent_at"
+    t.string   "unconfirmed_email"
   end
  
   add_index "users", ["admin"], :name => "index_users_on_admin"
   add_index "users", ["authentication_token"], :name => "index_users_on_authentication_token", :unique => true
+  add_index "users", ["confirmation_token"], :name => "index_users_on_confirmation_token", :unique => true
   add_index "users", ["email"], :name => "index_users_on_email", :unique => true
   add_index "users", ["extern_uid", "provider"], :name => "index_users_on_extern_uid_and_provider", :unique => true
   add_index "users", ["name"], :name => "index_users_on_name"
@@ -29,6 +29,7 @@ module Gitlab
  
           user = model.build_user(opts, as: :admin)
           user.save!
+          user.confirm!
           log.info "(OAuth) Creating user #{email} from login with extern_uid => #{uid}"
  
           if Gitlab.config.omniauth['block_auto_created_users'] && !ldap?
@@ -23,6 +23,10 @@ FactoryGirl.define do
     end
  
     factory :admin, traits: [:admin]
+
+    after :create do |u|
+      u.confirm!
+    end
   end
  
   factory :project do
@@ -27,8 +27,14 @@
 require 'spec_helper'
  
 describe Project do
-  before(:each) { enable_observers }
-  after(:each) { disable_observers }
+  let(:user) { create(:user) }
+
+  before do
+    enable_observers
+    Thread.current[:current_user] = user
+  end
+
+  after  { disable_observers }
  
   describe "Associations" do
     it { should belong_to(:group) }
...	...	@@ -17,6 +17,8 @@ v 6.2.0
17	17	- Avatar upload on profile page with a maximum of 200KB (Steven Thonus)
18	18	- Store the sessions in Redis instead of the cookie store
19	19	- Fixed relative links in markdown
	20	+ - User must confirm his email if signup enabled
	21	+ - User must confirm changed email
20	22
21	23	v 6.1.0
22	24	- Project specific IDs for issues, mr, milestones
...	...
...	...	@@ -47,6 +47,7 @@ class Admin::UsersController < Admin::ApplicationController
47	47	@user = User.build_user(params[:user].merge(opts), as: :admin)
48	48	@user.admin = (admin && admin.to_i > 0)
49	49	@user.created_by_id = current_user.id
	50	+ @user.confirm!
50	51
51	52	respond_to do \|format\|
52	53	if @user.save
...	...	@@ -71,6 +72,7 @@ class Admin::UsersController < Admin::ApplicationController
71	72
72	73	respond_to do \|format\|
73	74	if user.update_attributes(params[:user], as: :admin)
	75	+ user.confirm!
74	76	format.html { redirect_to [:admin, user], notice: 'User was successfully updated.' }
75	77	format.json { head :ok }
76	78	else
...	...
...	...	@@ -43,7 +43,7 @@ require 'file_size_validator'
43	43
44	44	class User < ActiveRecord::Base
45	45	devise :database_authenticatable, :token_authenticatable, :lockable, :async,
46		- :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :registerable
	46	+ :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable
47	47
48	48	attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, :name, :username,
49	49	:skype, :linkedin, :twitter, :color_scheme_id, :theme_id, :force_random_password,
...	...	@@ -398,4 +398,4 @@ class User < ActiveRecord::Base
398	398
399	399	self
400	400	end
401		-end
402	401	\ No newline at end of file
	402	+end
...	...
...	...	@@ -25,7 +25,12 @@
25	25	= f.label :email, class: "control-label"
26	26	.controls
27	27	= f.text_field :email, class: "input-xlarge", required: true
28		- %span.help-block We also use email for avatar detection if no avatar is uploaded.
	28	+ - if @user.unconfirmed_email.present?
	29	+ %span.help-block
	30	+ We sent confirmation email to
	31	+ %strong #{@user.unconfirmed_email}
	32	+ - else
	33	+ %span.help-block We also use email for avatar detection if no avatar is uploaded.
29	34	.control-group
30	35	= f.label :skype, class: "control-label"
31	36	.controls= f.text_field :skype, class: "input-xlarge"
...	...
...	...	@@ -54,6 +54,8 @@ Devise.setup do \|config\|
54	54	# The realm used in Http Basic Authentication. "Application" by default.
55	55	# config.http_authentication_realm = "Application"
56	56
	57	+ config.reconfirmable = true
	58	+
57	59	# It will change confirmation, password recovery and other workflows
58	60	# to behave the same regardless if the e-mail provided was right or wrong.
59	61	# Does not affect registerable.
...	...
...	...	@@ -0,0 +1,15 @@
	1	+class AddConfirmableToUsers < ActiveRecord::Migration
	2	+ def self.up
	3	+ add_column :users, :confirmation_token, :string
	4	+ add_column :users, :confirmed_at, :datetime
	5	+ add_column :users, :confirmation_sent_at, :datetime
	6	+ add_column :users, :unconfirmed_email, :string
	7	+ add_index :users, :confirmation_token, unique: true
	8	+ User.update_all(confirmed_at: Time.now)
	9	+ end
	10	+
	11	+ def self.down
	12	+ remove_column :users, :confirmation_token, :confirmed_at, :confirmation_sent_at
	13	+ remove_column :users, :unconfirmed_email
	14	+ end
	15	+end
...	...
...	...	@@ -11,7 +11,7 @@
11	11	#
12	12	# It's strongly recommended to check this file into your version control system.
13	13
14		-ActiveRecord::Schema.define(:version => 20131005191208) do
	14	+ActiveRecord::Schema.define(:version => 20131009115346) do
15	15
16	16	create_table "deploy_keys_projects", :force => true do \|t\|
17	17	t.integer "deploy_key_id", :null => false
...	...	@@ -284,10 +284,15 @@ ActiveRecord::Schema.define(:version => 20131005191208) do
284	284	t.datetime "password_expires_at"
285	285	t.integer "created_by_id"
286	286	t.string "avatar"
	287	+ t.string "confirmation_token"
	288	+ t.datetime "confirmed_at"
	289	+ t.datetime "confirmation_sent_at"
	290	+ t.string "unconfirmed_email"
287	291	end
288	292
289	293	add_index "users", ["admin"], :name => "index_users_on_admin"
290	294	add_index "users", ["authentication_token"], :name => "index_users_on_authentication_token", :unique => true
	295	+ add_index "users", ["confirmation_token"], :name => "index_users_on_confirmation_token", :unique => true
291	296	add_index "users", ["email"], :name => "index_users_on_email", :unique => true
292	297	add_index "users", ["extern_uid", "provider"], :name => "index_users_on_extern_uid_and_provider", :unique => true
293	298	add_index "users", ["name"], :name => "index_users_on_name"
...	...
...	...	@@ -29,6 +29,7 @@ module Gitlab
29	29
30	30	user = model.build_user(opts, as: :admin)
31	31	user.save!
	32	+ user.confirm!
32	33	log.info "(OAuth) Creating user #{email} from login with extern_uid => #{uid}"
33	34
34	35	if Gitlab.config.omniauth['block_auto_created_users'] && !ldap?
...	...
...	...	@@ -23,6 +23,10 @@ FactoryGirl.define do
23	23	end
24	24
25	25	factory :admin, traits: [:admin]
	26	+
	27	+ after :create do \|u\|
	28	+ u.confirm!
	29	+ end
26	30	end
27	31
28	32	factory :project do
...	...
...	...	@@ -27,8 +27,14 @@
27	27	require 'spec_helper'
28	28
29	29	describe Project do
30		- before(:each) { enable_observers }
31		- after(:each) { disable_observers }
	30	+ let(:user) { create(:user) }
	31	+
	32	+ before do
	33	+ enable_observers
	34	+ Thread.current[:current_user] = user
	35	+ end
	36	+
	37	+ after { disable_observers }
32	38
33	39	describe "Associations" do
34	40	it { should belong_to(:group) }
...	...