Fix sign-ups without checked user agreement being accepted through the web form (#13088)

* Fix user agreement not being verified

* Fix tests

* Fix up agreement field being dismissed
rebase/4.0.0rc2
ThibG 2020-02-16 12:56:53 +01:00 committed by GitHub
parent 250ca99cb5
commit c48d895ea7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 6 deletions

View File

@ -41,7 +41,6 @@ class Auth::RegistrationsController < Devise::RegistrationsController
resource.locale = I18n.locale
resource.invite_code = params[:invite_code] if resource.invite_code.blank?
resource.agreement = true
resource.current_sign_in_ip = request.remote_ip
resource.build_account if resource.account.nil?
@ -49,7 +48,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
def configure_sign_up_params
devise_parameter_sanitizer.permit(:sign_up) do |u|
u.permit({ account_attributes: [:username], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code)
u.permit({ account_attributes: [:username], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code, :agreement)
end
end

View File

@ -100,7 +100,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
subject do
Setting.registrations_mode = 'open'
request.headers["Accept-Language"] = accept_language
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678' } }
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
end
it 'redirects to setup' do
@ -116,6 +116,26 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
end
end
context 'when user has not agreed to terms of service' do
around do |example|
registrations_mode = Setting.registrations_mode
example.run
Setting.registrations_mode = registrations_mode
end
subject do
Setting.registrations_mode = 'open'
request.headers["Accept-Language"] = accept_language
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'false' } }
end
it 'does not create user' do
subject
user = User.find_by(email: 'test@example.com')
expect(user).to be_nil
end
end
context 'approval-based registrations without invite' do
around do |example|
registrations_mode = Setting.registrations_mode
@ -126,7 +146,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
subject do
Setting.registrations_mode = 'approved'
request.headers["Accept-Language"] = accept_language
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678' } }
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
end
it 'redirects to setup' do
@ -154,7 +174,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
Setting.registrations_mode = 'approved'
request.headers["Accept-Language"] = accept_language
invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago)
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code } }
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code, agreement: 'true' } }
end
it 'redirects to setup' do
@ -182,7 +202,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
Setting.registrations_mode = 'approved'
request.headers["Accept-Language"] = accept_language
invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.from_now)
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code } }
post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code, agreement: 'true' } }
end
it 'redirects to setup' do