Merge branch 'user_not_active_auth' into 'master'

Login - Show a message if a user is not active This is a same feature described in merge request !656. I've fixed the unit tests now!! See merge request !658

Merge branch 'user_not_active_auth' into 'master'
Login - Show a message if a user is not active This is a same feature described in merge request !656. I've fixed the unit tests now!! See merge request !658
Braulio Bhavamitra
2 parents c6a2cc53 28c03b03
Showing 5 changed files with 66 additions and 10 deletions Show diff stats
app/controllers/public/account_controller.rb
app/models/user.rb
test/functional/account_controller_test.rb
test/unit/change_password_test.rb
test/unit/user_test.rb
@@ -46,8 +46,12 @@ class AccountController &lt; ApplicationController
     self.current_user = plugins_alternative_authentication
-    self.current_user ||= User.authenticate(params[:user][:login], params[:user][:password], environment) if params[:user]
-
+    begin
+      self.current_user ||= User.authenticate(params[:user][:login], params[:user][:password], environment) if params[:user]
+    rescue User::UserNotActivated => e
+      session[:notice] = e.message
+      return
+    end
     if logged_in?
       check_join_in_community(self.current_user)
@@ -120,11 +120,17 @@ class User &lt; ActiveRecord::Base
   validates_inclusion_of :terms_accepted, :in => [ '1' ], :if => lambda { |u| ! u.terms_of_use.blank? }, :message => N_('{fn} must be checked in order to signup.').fix_i18n
+  scope :has_login?, lambda { |login,email,environment_id|
+    where('login = ? OR email = ?', login, email).
+    where(environment_id: environment_id)
+  }
+
   # Authenticates a user by their login name or email and unencrypted password.  Returns the user or nil.
   def self.authenticate(login, password, environment = nil)
     environment ||= Environment.default
-    u = self.first :conditions => ['(login = ? OR email = ?) AND environment_id = ? AND activated_at IS NOT NULL',
-                                   login, login, environment.id] # need to get the salt
+
+    u = self.has_login?(login, login, environment.id)
+    u = u.first if u.is_a?(ActiveRecord::Relation)
     u && u.authenticated?(password) ? u : nil
   end
@@ -236,7 +242,23 @@ class User &lt; ActiveRecord::Base
     password.crypt(salt)
   end
+  class UserNotActivated < StandardError
+    attr_reader :user
+
+    def initialize(message, user = nil)
+      @user = user
+
+      super(message)
+    end
+  end
+
   def authenticated?(password)
+
+    unless self.activated?
+      message = _('The user "%{login}" is not activated! Please check your email to activate your user') % {login: self.login}
+      raise UserNotActivated.new(message, self)
+    end
+
     result = (crypted_password == encrypt(password))
     if (encryption_method != User.system_encryption_method) && result
       self.password_type = User.system_encryption_method.to_s
@@ -275,9 +297,15 @@ class User &lt; ActiveRecord::Base
   #   current password.
   # * Saves the record unless it is a new one.
   def change_password!(current, new, confirmation)
-    unless self.authenticated?(current)
-      self.errors.add(:current_password, _('does not match.'))
-      raise IncorrectPassword
+
+    begin
+      unless self.authenticated?(current)
+        self.errors.add(:current_password, _('does not match.'))
+        raise IncorrectPassword
+      end
+    rescue UserNotActivated => e
+      self.errors.add(:current_password, e.message)
+      raise UserNotActivated
     end
     self.force_change_password!(new, confirmation)
   end
@@ -40,6 +40,14 @@ class AccountControllerTest &lt; ActionController::TestCase
     post :login, :user => { :login => 'fake', :password => 'fake' }
   end
+  should 'fail login if a user is inactive and show a warning message' do
+    user = User.create!(login: 'testuser', email: 'test@email.com', password:'test', password_confirmation:'test', activation_code: nil)
+    post :login, :user => { :login => 'testuser', :password => 'test' }
+
+    assert_match 'not activated', session[:notice]
+    assert_nil session[:user]
+  end
+
   def test_should_fail_login_and_not_redirect
     @request.env["HTTP_REFERER"] = 'bli'
     post :login, :user => {:login => 'johndoe', :password => 'bad password'}
@@ -273,8 +281,9 @@ class AccountControllerTest &lt; ActionController::TestCase
     assert_template 'invalid_change_password_code'
   end
-  should 'require password confirmation correctly to enter new pasword' do
+  should 'require password confirmation correctly to enter new password' do
     user = create_user('testuser', :email => 'testuser@example.com', :password => 'test', :password_confirmation => 'test')
+    user.activate
     change = ChangePassword.create!(:requestor => user.person)
     post :new_password, :code => change.code, :change_password => { :password => 'onepass', :password_confirmation => 'another_pass' }
@@ -749,6 +758,8 @@ class AccountControllerTest &lt; ActionController::TestCase
     get :activate
     assert_nil assigns(:message)
     post :login, :user => {:login => 'testuser', :password => 'test123'}
+
+    assert_match 'not activated', session[:notice]
     assert_nil session[:user]
   end
@@ -758,6 +769,8 @@ class AccountControllerTest &lt; ActionController::TestCase
     get :activate, :activation_code => 'wrongcode'
     assert_nil assigns(:message)
     post :login, :user => {:login => 'testuser', :password => 'test123'}
+
+    assert_match 'not activated', session[:notice]
     assert_nil session[:user]
   end
@@ -30,7 +30,8 @@ class ChangePasswordTest &lt; ActiveSupport::TestCase
     change.password_confirmation = 'newpass'
     change.finish
-    assert User.find(person.user.id).authenticated?('newpass')
+    person.user.activate
+    assert person.user.authenticated?('newpass')
   end
   should 'not require password and password confirmation when cancelling' do
@@ -123,6 +123,7 @@ class UserTest &lt; ActiveSupport::TestCase
   def test_should_change_password
     user = create_user('changetest', :password => 'test', :password_confirmation => 'test', :email => 'changetest@example.com')
+    user.activate
     assert_nothing_raised do
       user.change_password!('test', 'newpass', 'newpass')
     end
@@ -132,6 +133,7 @@ class UserTest &lt; ActiveSupport::TestCase
   def test_should_give_correct_current_password_for_changing_password
     user = create_user('changetest', :password => 'test', :password_confirmation => 'test', :email => 'changetest@example.com')
+    user.activate
     assert_raise User::IncorrectPassword do
       user.change_password!('wrong', 'newpass', 'newpass')
     end
@@ -141,6 +143,8 @@ class UserTest &lt; ActiveSupport::TestCase
   should 'require matching confirmation when changing password by force' do
     user = create_user('changetest', :password => 'test', :password_confirmation => 'test', :email => 'changetest@example.com')
+    user.activate
+
     assert_raise ActiveRecord::RecordInvalid do
       user.force_change_password!('newpass', 'newpasswrong')
     end
@@ -153,6 +157,8 @@ class UserTest &lt; ActiveSupport::TestCase
     assert_nothing_raised  do
       user.force_change_password!('newpass', 'newpass')
     end
+
+    user.activate
     assert user.authenticated?('newpass')
   end
@@ -256,6 +262,7 @@ class UserTest &lt; ActiveSupport::TestCase
     # when the user logs in, her password must be reencrypted with the new
     # method
+    user.activate
     user.authenticated?('test')
     # and the new password must be saved back to the database
@@ -273,6 +280,7 @@ class UserTest &lt; ActiveSupport::TestCase
     User.expects(:system_encryption_method).returns(:md5).at_least_once
     # but the user provided the wrong password
+    user.activate
     user.authenticated?('WRONG_PASSWORD')
     # and then her password is not updated
@@ -520,7 +528,9 @@ class UserTest &lt; ActiveSupport::TestCase
   should 'not authenticate a not activated user' do
     user = new_user :login => 'testuser', :password => 'test123', :password_confirmation => 'test123'
-    assert_nil User.authenticate('testuser', 'test123')
+    assert_raises User::UserNotActivated do
+      User.authenticate('testuser', 'test123')
+    end
   end
   should 'have activation code but no activated at when created' do
	@@ -120,11 +120,17 @@ class User < ActiveRecord::Base		@@ -120,11 +120,17 @@ class User < ActiveRecord::Base
120		120
121	validates_inclusion_of :terms_accepted, :in => [ '1' ], :if => lambda { \|u\| ! u.terms_of_use.blank? }, :message => N_('{fn} must be checked in order to signup.').fix_i18n	121	validates_inclusion_of :terms_accepted, :in => [ '1' ], :if => lambda { \|u\| ! u.terms_of_use.blank? }, :message => N_('{fn} must be checked in order to signup.').fix_i18n
122		122
		123	+ scope :has_login?, lambda { \|login,email,environment_id\|
		124	+ where('login = ? OR email = ?', login, email).
		125	+ where(environment_id: environment_id)
		126	+ }
		127	+
123	# Authenticates a user by their login name or email and unencrypted password. Returns the user or nil.	128	# Authenticates a user by their login name or email and unencrypted password. Returns the user or nil.
124	def self.authenticate(login, password, environment = nil)	129	def self.authenticate(login, password, environment = nil)
125	environment \|\|= Environment.default	130	environment \|\|= Environment.default
126	- u = self.first :conditions => ['(login = ? OR email = ?) AND environment_id = ? AND activated_at IS NOT NULL',
127	- login, login, environment.id] # need to get the salt	131	+
		132	+ u = self.has_login?(login, login, environment.id)
		133	+ u = u.first if u.is_a?(ActiveRecord::Relation)
128	u && u.authenticated?(password) ? u : nil	134	u && u.authenticated?(password) ? u : nil
129	end	135	end
130		136
	@@ -236,7 +242,23 @@ class User < ActiveRecord::Base		@@ -236,7 +242,23 @@ class User < ActiveRecord::Base
236	password.crypt(salt)	242	password.crypt(salt)
237	end	243	end
238		244
		245	+ class UserNotActivated < StandardError
		246	+ attr_reader :user
		247	+
		248	+ def initialize(message, user = nil)
		249	+ @user = user
		250	+
		251	+ super(message)
		252	+ end
		253	+ end
		254	+
239	def authenticated?(password)	255	def authenticated?(password)
		256	+
		257	+ unless self.activated?
		258	+ message = _('The user "%{login}" is not activated! Please check your email to activate your user') % {login: self.login}
		259	+ raise UserNotActivated.new(message, self)
		260	+ end
		261	+
240	result = (crypted_password == encrypt(password))	262	result = (crypted_password == encrypt(password))
241	if (encryption_method != User.system_encryption_method) && result	263	if (encryption_method != User.system_encryption_method) && result
242	self.password_type = User.system_encryption_method.to_s	264	self.password_type = User.system_encryption_method.to_s
	@@ -275,9 +297,15 @@ class User < ActiveRecord::Base		@@ -275,9 +297,15 @@ class User < ActiveRecord::Base
275	# current password.	297	# current password.
276	# * Saves the record unless it is a new one.	298	# * Saves the record unless it is a new one.
277	def change_password!(current, new, confirmation)	299	def change_password!(current, new, confirmation)
278	- unless self.authenticated?(current)
279	- self.errors.add(:current_password, _('does not match.'))
280	- raise IncorrectPassword	300	+
		301	+ begin
		302	+ unless self.authenticated?(current)
		303	+ self.errors.add(:current_password, _('does not match.'))
		304	+ raise IncorrectPassword
		305	+ end
		306	+ rescue UserNotActivated => e
		307	+ self.errors.add(:current_password, e.message)
		308	+ raise UserNotActivated
281	end	309	end
282	self.force_change_password!(new, confirmation)	310	self.force_change_password!(new, confirmation)
283	end	311	end
	@@ -30,7 +30,8 @@ class ChangePasswordTest < ActiveSupport::TestCase		@@ -30,7 +30,8 @@ class ChangePasswordTest < ActiveSupport::TestCase
30	change.password_confirmation = 'newpass'	30	change.password_confirmation = 'newpass'
31	change.finish	31	change.finish
32		32
33	- assert User.find(person.user.id).authenticated?('newpass')	33	+ person.user.activate
		34	+ assert person.user.authenticated?('newpass')
34	end	35	end
35		36
36	should 'not require password and password confirmation when cancelling' do	37	should 'not require password and password confirmation when cancelling' do