Commit 9f9be175e0cd39c36f1c195f4334ce7491b09c32
Exists in
master
and in
4 other branches
Merge branch 'feature/confirmable' of /home/git/repositories/gitlab/gitlabhq
Showing
10 changed files
with
48 additions
and
6 deletions
Show diff stats
CHANGELOG
| @@ -17,6 +17,8 @@ v 6.2.0 | @@ -17,6 +17,8 @@ v 6.2.0 | ||
| 17 | - Avatar upload on profile page with a maximum of 200KB (Steven Thonus) | 17 | - Avatar upload on profile page with a maximum of 200KB (Steven Thonus) |
| 18 | - Store the sessions in Redis instead of the cookie store | 18 | - Store the sessions in Redis instead of the cookie store |
| 19 | - Fixed relative links in markdown | 19 | - Fixed relative links in markdown |
| 20 | + - User must confirm his email if signup enabled | ||
| 21 | + - User must confirm changed email | ||
| 20 | 22 | ||
| 21 | v 6.1.0 | 23 | v 6.1.0 |
| 22 | - Project specific IDs for issues, mr, milestones | 24 | - Project specific IDs for issues, mr, milestones |
app/controllers/admin/users_controller.rb
| @@ -47,6 +47,7 @@ class Admin::UsersController < Admin::ApplicationController | @@ -47,6 +47,7 @@ class Admin::UsersController < Admin::ApplicationController | ||
| 47 | @user = User.build_user(params[:user].merge(opts), as: :admin) | 47 | @user = User.build_user(params[:user].merge(opts), as: :admin) |
| 48 | @user.admin = (admin && admin.to_i > 0) | 48 | @user.admin = (admin && admin.to_i > 0) |
| 49 | @user.created_by_id = current_user.id | 49 | @user.created_by_id = current_user.id |
| 50 | + @user.confirm! | ||
| 50 | 51 | ||
| 51 | respond_to do |format| | 52 | respond_to do |format| |
| 52 | if @user.save | 53 | if @user.save |
| @@ -71,6 +72,7 @@ class Admin::UsersController < Admin::ApplicationController | @@ -71,6 +72,7 @@ class Admin::UsersController < Admin::ApplicationController | ||
| 71 | 72 | ||
| 72 | respond_to do |format| | 73 | respond_to do |format| |
| 73 | if user.update_attributes(params[:user], as: :admin) | 74 | if user.update_attributes(params[:user], as: :admin) |
| 75 | + user.confirm! | ||
| 74 | format.html { redirect_to [:admin, user], notice: 'User was successfully updated.' } | 76 | format.html { redirect_to [:admin, user], notice: 'User was successfully updated.' } |
| 75 | format.json { head :ok } | 77 | format.json { head :ok } |
| 76 | else | 78 | else |
app/models/user.rb
| @@ -43,7 +43,7 @@ require 'file_size_validator' | @@ -43,7 +43,7 @@ require 'file_size_validator' | ||
| 43 | 43 | ||
| 44 | class User < ActiveRecord::Base | 44 | class User < ActiveRecord::Base |
| 45 | devise :database_authenticatable, :token_authenticatable, :lockable, :async, | 45 | devise :database_authenticatable, :token_authenticatable, :lockable, :async, |
| 46 | - :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :registerable | 46 | + :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable |
| 47 | 47 | ||
| 48 | attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, :name, :username, | 48 | attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, :name, :username, |
| 49 | :skype, :linkedin, :twitter, :color_scheme_id, :theme_id, :force_random_password, | 49 | :skype, :linkedin, :twitter, :color_scheme_id, :theme_id, :force_random_password, |
| @@ -398,4 +398,4 @@ class User < ActiveRecord::Base | @@ -398,4 +398,4 @@ class User < ActiveRecord::Base | ||
| 398 | 398 | ||
| 399 | self | 399 | self |
| 400 | end | 400 | end |
| 401 | -end | ||
| 402 | \ No newline at end of file | 401 | \ No newline at end of file |
| 402 | +end |
app/views/profiles/show.html.haml
| @@ -25,7 +25,12 @@ | @@ -25,7 +25,12 @@ | ||
| 25 | = f.label :email, class: "control-label" | 25 | = f.label :email, class: "control-label" |
| 26 | .controls | 26 | .controls |
| 27 | = f.text_field :email, class: "input-xlarge", required: true | 27 | = f.text_field :email, class: "input-xlarge", required: true |
| 28 | - %span.help-block We also use email for avatar detection if no avatar is uploaded. | 28 | + - if @user.unconfirmed_email.present? |
| 29 | + %span.help-block | ||
| 30 | + We sent confirmation email to | ||
| 31 | + %strong #{@user.unconfirmed_email} | ||
| 32 | + - else | ||
| 33 | + %span.help-block We also use email for avatar detection if no avatar is uploaded. | ||
| 29 | .control-group | 34 | .control-group |
| 30 | = f.label :skype, class: "control-label" | 35 | = f.label :skype, class: "control-label" |
| 31 | .controls= f.text_field :skype, class: "input-xlarge" | 36 | .controls= f.text_field :skype, class: "input-xlarge" |
config/initializers/devise.rb
| @@ -54,6 +54,8 @@ Devise.setup do |config| | @@ -54,6 +54,8 @@ Devise.setup do |config| | ||
| 54 | # The realm used in Http Basic Authentication. "Application" by default. | 54 | # The realm used in Http Basic Authentication. "Application" by default. |
| 55 | # config.http_authentication_realm = "Application" | 55 | # config.http_authentication_realm = "Application" |
| 56 | 56 | ||
| 57 | + config.reconfirmable = true | ||
| 58 | + | ||
| 57 | # It will change confirmation, password recovery and other workflows | 59 | # It will change confirmation, password recovery and other workflows |
| 58 | # to behave the same regardless if the e-mail provided was right or wrong. | 60 | # to behave the same regardless if the e-mail provided was right or wrong. |
| 59 | # Does not affect registerable. | 61 | # Does not affect registerable. |
| @@ -0,0 +1,15 @@ | @@ -0,0 +1,15 @@ | ||
| 1 | +class AddConfirmableToUsers < ActiveRecord::Migration | ||
| 2 | + def self.up | ||
| 3 | + add_column :users, :confirmation_token, :string | ||
| 4 | + add_column :users, :confirmed_at, :datetime | ||
| 5 | + add_column :users, :confirmation_sent_at, :datetime | ||
| 6 | + add_column :users, :unconfirmed_email, :string | ||
| 7 | + add_index :users, :confirmation_token, unique: true | ||
| 8 | + User.update_all(confirmed_at: Time.now) | ||
| 9 | + end | ||
| 10 | + | ||
| 11 | + def self.down | ||
| 12 | + remove_column :users, :confirmation_token, :confirmed_at, :confirmation_sent_at | ||
| 13 | + remove_column :users, :unconfirmed_email | ||
| 14 | + end | ||
| 15 | +end |
db/schema.rb
| @@ -11,7 +11,7 @@ | @@ -11,7 +11,7 @@ | ||
| 11 | # | 11 | # |
| 12 | # It's strongly recommended to check this file into your version control system. | 12 | # It's strongly recommended to check this file into your version control system. |
| 13 | 13 | ||
| 14 | -ActiveRecord::Schema.define(:version => 20131005191208) do | 14 | +ActiveRecord::Schema.define(:version => 20131009115346) do |
| 15 | 15 | ||
| 16 | create_table "deploy_keys_projects", :force => true do |t| | 16 | create_table "deploy_keys_projects", :force => true do |t| |
| 17 | t.integer "deploy_key_id", :null => false | 17 | t.integer "deploy_key_id", :null => false |
| @@ -284,10 +284,15 @@ ActiveRecord::Schema.define(:version => 20131005191208) do | @@ -284,10 +284,15 @@ ActiveRecord::Schema.define(:version => 20131005191208) do | ||
| 284 | t.datetime "password_expires_at" | 284 | t.datetime "password_expires_at" |
| 285 | t.integer "created_by_id" | 285 | t.integer "created_by_id" |
| 286 | t.string "avatar" | 286 | t.string "avatar" |
| 287 | + t.string "confirmation_token" | ||
| 288 | + t.datetime "confirmed_at" | ||
| 289 | + t.datetime "confirmation_sent_at" | ||
| 290 | + t.string "unconfirmed_email" | ||
| 287 | end | 291 | end |
| 288 | 292 | ||
| 289 | add_index "users", ["admin"], :name => "index_users_on_admin" | 293 | add_index "users", ["admin"], :name => "index_users_on_admin" |
| 290 | add_index "users", ["authentication_token"], :name => "index_users_on_authentication_token", :unique => true | 294 | add_index "users", ["authentication_token"], :name => "index_users_on_authentication_token", :unique => true |
| 295 | + add_index "users", ["confirmation_token"], :name => "index_users_on_confirmation_token", :unique => true | ||
| 291 | add_index "users", ["email"], :name => "index_users_on_email", :unique => true | 296 | add_index "users", ["email"], :name => "index_users_on_email", :unique => true |
| 292 | add_index "users", ["extern_uid", "provider"], :name => "index_users_on_extern_uid_and_provider", :unique => true | 297 | add_index "users", ["extern_uid", "provider"], :name => "index_users_on_extern_uid_and_provider", :unique => true |
| 293 | add_index "users", ["name"], :name => "index_users_on_name" | 298 | add_index "users", ["name"], :name => "index_users_on_name" |
lib/gitlab/oauth/user.rb
| @@ -29,6 +29,7 @@ module Gitlab | @@ -29,6 +29,7 @@ module Gitlab | ||
| 29 | 29 | ||
| 30 | user = model.build_user(opts, as: :admin) | 30 | user = model.build_user(opts, as: :admin) |
| 31 | user.save! | 31 | user.save! |
| 32 | + user.confirm! | ||
| 32 | log.info "(OAuth) Creating user #{email} from login with extern_uid => #{uid}" | 33 | log.info "(OAuth) Creating user #{email} from login with extern_uid => #{uid}" |
| 33 | 34 | ||
| 34 | if Gitlab.config.omniauth['block_auto_created_users'] && !ldap? | 35 | if Gitlab.config.omniauth['block_auto_created_users'] && !ldap? |
spec/factories.rb
spec/models/project_spec.rb
| @@ -27,8 +27,14 @@ | @@ -27,8 +27,14 @@ | ||
| 27 | require 'spec_helper' | 27 | require 'spec_helper' |
| 28 | 28 | ||
| 29 | describe Project do | 29 | describe Project do |
| 30 | - before(:each) { enable_observers } | ||
| 31 | - after(:each) { disable_observers } | 30 | + let(:user) { create(:user) } |
| 31 | + | ||
| 32 | + before do | ||
| 33 | + enable_observers | ||
| 34 | + Thread.current[:current_user] = user | ||
| 35 | + end | ||
| 36 | + | ||
| 37 | + after { disable_observers } | ||
| 32 | 38 | ||
| 33 | describe "Associations" do | 39 | describe "Associations" do |
| 34 | it { should belong_to(:group) } | 40 | it { should belong_to(:group) } |