Fix #4571: Show banner when email verification is required.

* Show a banner if the user is restricted because they signed up from a proxy or VPN. * Add an option to resend the confirmation email if your account has an unverified email address.
2020-08-02 16:32:49 -05:00
parent a8577b2b94
commit baf0cf87af
11 changed files with 173 additions and 22 deletions
--- a/test/functional/emails_controller_test.rb
+++ b/test/functional/emails_controller_test.rb
@@ -7,6 +7,7 @@ class EmailsControllerTest < ActionDispatch::IntegrationTest
    setup do
      @user = create(:user, email_address: build(:email_address, { address: "bob@ogres.net", is_verified: false }))
      @other_user = create(:user, email_address: build(:email_address, { address: "alice@ogres.net", is_verified: false }))
+      @restricted_user = create(:user, requires_verification: true, is_verified: false)
    end

    context "#show" do
@@ -22,9 +23,36 @@ class EmailsControllerTest < ActionDispatch::IntegrationTest
    end

    context "#edit" do
-      should "render" do
-        get_auth edit_user_email_path(@user), @user
-        assert_response :success
+      context "for a user with an email address" do
+        should "render" do
+          get_auth edit_user_email_path(@user), @user
+          assert_equal true, @user.email_address.present?
+          assert_response :success
+        end
+      end
+
+      context "for a user without an email address" do
+        should "render" do
+          @user.email_address.destroy!
+          get_auth edit_user_email_path(@user), @user
+
+          assert_equal false, @user.email_address.present?
+          assert_response :success
+        end
+      end
+
+      context "for a restricted user" do
+        should "render" do
+          get_auth edit_user_email_path(@restricted_user), @restricted_user
+          assert_response :success
+        end
+      end
+
+      context "for an unauthorized user" do
+        should "render" do
+          get_auth edit_user_email_path(@user), @other_user
+          assert_response 403
+        end
      end
    end

@@ -109,6 +137,48 @@ class EmailsControllerTest < ActionDispatch::IntegrationTest
          assert_equal(false, @user.is_verified)
        end
      end
+
+      context "for a user without an email address" do
+        should "redirect to the add email page" do
+          @user.email_address.destroy!
+          get_auth verify_user_email_path(@user), @user
+          assert_redirected_to edit_user_email_path(@user)
+        end
+      end
+
+      context "for a user with an unverified email address" do
+        should "show the resend confirmation email page" do
+          get_auth verify_user_email_path(@user), @user
+          assert_response :success
+        end
+      end
+
+      context "for an unauthorized user" do
+        should "fail" do
+          get_auth verify_user_email_path(@user), @other_user
+          assert_response 403
+        end
+      end
+    end
+
+    context "#send_confirmation" do
+      context "for an authorized user" do
+        should "resend the confirmation email" do
+          post_auth send_confirmation_user_email_path(@user), @user
+
+          assert_redirected_to @user
+          assert_enqueued_emails 1
+        end
+      end
+
+      context "for an unauthorized user" do
+        should "fail" do
+          post_auth send_confirmation_user_email_path(@user), @other_user
+
+          assert_response 403
+          assert_no_enqueued_emails
+        end
+      end
    end
  end
 end