diff --git a/Changelog.md b/Changelog.md index ee6f178f5..3057f185b 100644 --- a/Changelog.md +++ b/Changelog.md @@ -47,6 +47,7 @@ Ruby 2.0 is no longer officially supported. * Fix fetching for public post while Webfingering [#5958](https://github.com/diaspora/diaspora/pull/5958) * Handle empty searchable in HCard gracefully [#5962](https://github.com/diaspora/diaspora/pull/5962) * Fix a freeze in new post parsing [#5965](https://github.com/diaspora/diaspora/pull/5965) +* Add case insensitive unconfirmed email addresses as authentication key [#5967](https://github.com/diaspora/diaspora/pull/5967) ## Features * Hide post title of limited post in comment notification email [#5843](https://github.com/diaspora/diaspora/pull/5843) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 00932312a..eaa03b62b 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -56,7 +56,7 @@ class UsersController < ApplicationController elsif u[:email] @user.unconfirmed_email = u[:email] if @user.save - @user.mail_confirm_email == @user.email + @user.send_confirm_email if @user.unconfirmed_email flash[:notice] = I18n.t 'users.update.unconfirmed_email_changed' end diff --git a/app/models/user.rb b/app/models/user.rb index b318465a2..46fe8f9f6 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -361,10 +361,9 @@ class User < ActiveRecord::Base end end - def mail_confirm_email - return false if unconfirmed_email.blank? + def send_confirm_email + return if unconfirmed_email.blank? Workers::Mail::ConfirmEmail.perform_async(id) - true end ######### Posts and Such ############### diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 42e1cc656..3698e2373 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -61,12 +61,12 @@ Devise.setup do |config| # Configure which authentication keys should be case-insensitive. # These keys will be downcased upon creating or modifying a user and when used # to authenticate or find a user. Default is :email. - config.case_insensitive_keys = [ :email, :username ] + config.case_insensitive_keys = %i(email unconfirmed_email username) # Configure which authentication keys should have whitespace stripped. # These keys will have whitespace before and after removed upon creating or # modifying a user and when used to authenticate or find a user. Default is :email. - config.strip_whitespace_keys = [ :email, :username ] + config.strip_whitespace_keys = %i(email unconfirmed_email username) # Tell if authentication through request.params is enabled. True by default. # It can be set to an array that will enable params authentication only for the diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index fc5a94404..3a95098c3 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -725,6 +725,12 @@ describe User, :type => :model do user.save! expect(user.unconfirmed_email).to eql("alice@newmail.com") end + + it "downcases the unconfirmed email" do + user.unconfirmed_email = "AlIce@nEwmaiL.Com" + user.save! + expect(user.unconfirmed_email).to eql("alice@newmail.com") + end end describe "#confirm_email_token" do @@ -759,16 +765,16 @@ describe User, :type => :model do end end - describe '#mail_confirm_email' do - it 'enqueues a mail job on user with unconfirmed email' do + describe "#send_confirm_email" do + it "enqueues a mail job on user with unconfirmed email" do user.update_attribute(:unconfirmed_email, "alice@newmail.com") expect(Workers::Mail::ConfirmEmail).to receive(:perform_async).with(alice.id).once - expect(alice.mail_confirm_email).to eql(true) + alice.send_confirm_email end - it 'enqueues NO mail job on user without unconfirmed email' do + it "enqueues NO mail job on user without unconfirmed email" do expect(Workers::Mail::ConfirmEmail).not_to receive(:perform_async).with(alice.id) - expect(alice.mail_confirm_email).to eql(false) + alice.send_confirm_email end end