[bbb-greenlight: 3/16] Fixed issue causing account verify to throw 404 (#1987)

From: Bartłomiej Piotrowski <bpiotrowski src gnome org>
To: commits-list gnome org
Cc:
Subject: [bbb-greenlight: 3/16] Fixed issue causing account verify to throw 404 (#1987)
Date: Thu, 6 Aug 2020 05:15:48 +0000 (UTC)

commit 620416f18ad4ed2ef374791a3187503df4e040c5
Author: Ahmad Farhat <ahmad af farhat gmail com>
Date:   Tue Aug 4 14:04:47 2020 -0400

    Fixed issue causing account verify to throw 404 (#1987)

 app/controllers/account_activations_controller.rb       | 7 ++++++-
 app/controllers/rooms_controller.rb                     | 2 +-
 app/controllers/sessions_controller.rb                  | 2 +-
 spec/controllers/account_activations_controller_spec.rb | 3 ++-
 spec/controllers/sessions_controller_spec.rb            | 2 +-
 5 files changed, 11 insertions(+), 5 deletions(-)
---
diff --git a/app/controllers/account_activations_controller.rb 
b/app/controllers/account_activations_controller.rb
index 2a08afa..3956b3b 100644
--- a/app/controllers/account_activations_controller.rb
+++ b/app/controllers/account_activations_controller.rb
@@ -20,7 +20,8 @@ class AccountActivationsController < ApplicationController
   include Emailer
 
   before_action :ensure_unauthenticated
-  before_action :find_user
+  before_action :find_user, except: :show
+  before_action :find_user_by_digest, only: :show
 
   # GET /account_activations
   def show
@@ -63,6 +64,10 @@ class AccountActivationsController < ApplicationController
     @user = User.find_by!(activation_digest: User.hash_token(params[:token]), provider: @user_domain)
   end
 
+  def find_user_by_digest
+    @user = User.find_by!(activation_digest: params[:digest], provider: @user_domain)
+  end
+
   def ensure_unauthenticated
     redirect_to current_user.main_room if current_user
   end
diff --git a/app/controllers/rooms_controller.rb b/app/controllers/rooms_controller.rb
index 7624eb8..a67ce13 100644
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@@ -371,7 +371,7 @@ class RoomsController < ApplicationController
   end
 
   def validate_verified_email
-    redirect_to account_activation_path(current_user) if current_user && !current_user&.activated?
+    redirect_to account_activation_path(digest: current_user.activation_digest) if current_user && 
!current_user&.activated?
   end
 
   def verify_room_owner_verified
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index c3db89c..eaa5e5e 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -88,7 +88,7 @@ class SessionsController < ApplicationController
       # Check that the user is a Greenlight account
       return redirect_to(root_path, alert: I18n.t("invalid_login_method")) unless user.greenlight_account?
       # Check that the user has verified their account
-      return redirect_to(account_activation_path(token: user.create_activation_token)) unless user.activated?
+      return redirect_to(account_activation_path(digest: user.activation_digest)) unless user.activated?
     end
 
     login(user)
diff --git a/spec/controllers/account_activations_controller_spec.rb 
b/spec/controllers/account_activations_controller_spec.rb
index 9a78abb..5b7bbe3 100644
--- a/spec/controllers/account_activations_controller_spec.rb
+++ b/spec/controllers/account_activations_controller_spec.rb
@@ -34,8 +34,9 @@ describe AccountActivationsController, type: :controller do
 
     it "renders the verify view if the user is not signed in and is not verified" do
       user = create(:user, email_verified: false,  provider: "greenlight")
+      user.create_activation_token
 
-      get :show, params: { token: user.create_activation_token }
+      get :show, params: { digest: user.activation_digest }
 
       expect(response).to render_template(:show)
     end
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index 643a1ac..ec80de4 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -144,7 +144,7 @@ describe SessionsController, type: :controller do
 
       expect(@request.session[:user_id]).to be_nil
       # Expect to redirect to activation path since token is not known here
-      expect(response.location.start_with?(account_activation_url(token: ""))).to be true
+      expect(response.location.start_with?(account_activation_url(digest: @user3.activation_digest))).to be 
true
     end
 
     it "should not login user if account is deleted" do
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]