New upstream version 12.8.6

This commit is contained in:
Sruthi Chandran 2020-03-12 21:24:23 +05:30
parent df6ec68d08
commit 8dc700535c
13 changed files with 162 additions and 50 deletions

View file

@ -1,5 +1,9 @@
Please view this file on the master branch, on stable branches it's out of date. Please view this file on the master branch, on stable branches it's out of date.
## 12.8.5
- No changes.
## 12.8.4 ## 12.8.4
- Unreleased due to tagging failure. - Unreleased due to tagging failure.

View file

@ -2,6 +2,13 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 12.8.6 (2020-03-11)
### Security (1 change)
- Do not enable soft email confirmation by default.
## 12.8.5 ## 12.8.5
### Fixed (8 changes) ### Fixed (8 changes)

View file

@ -1 +1 @@
12.8.5 12.8.6

View file

@ -1 +1 @@
12.8.5 12.8.6

View file

@ -10,7 +10,7 @@ module ConfirmEmailWarning
protected protected
def show_confirm_warning? def show_confirm_warning?
html_request? && request.get? html_request? && request.get? && Feature.enabled?(:soft_email_confirmation)
end end
def set_confirm_warning def set_confirm_warning

View file

@ -11,6 +11,8 @@ class ConfirmationsController < Devise::ConfirmationsController
protected protected
def after_resending_confirmation_instructions_path_for(resource) def after_resending_confirmation_instructions_path_for(resource)
return users_almost_there_path unless Feature.enabled?(:soft_email_confirmation)
stored_location_for(resource) || dashboard_projects_path stored_location_for(resource) || dashboard_projects_path
end end

View file

@ -54,7 +54,7 @@ class RegistrationsController < Devise::RegistrationsController
def welcome def welcome
return redirect_to new_user_registration_path unless current_user return redirect_to new_user_registration_path unless current_user
return redirect_to stored_location_or_dashboard(current_user) if current_user.role.present? && !current_user.setup_for_company.nil? return redirect_to path_for_signed_in_user(current_user) if current_user.role.present? && !current_user.setup_for_company.nil?
end end
def update_registration def update_registration
@ -64,7 +64,7 @@ class RegistrationsController < Devise::RegistrationsController
if result[:status] == :success if result[:status] == :success
track_experiment_event(:signup_flow, 'end') # We want this event to be tracked when the user is _in_ the experimental group track_experiment_event(:signup_flow, 'end') # We want this event to be tracked when the user is _in_ the experimental group
set_flash_message! :notice, :signed_up set_flash_message! :notice, :signed_up
redirect_to stored_location_or_dashboard(current_user) redirect_to path_for_signed_in_user(current_user)
else else
render :welcome render :welcome
end end
@ -111,14 +111,12 @@ class RegistrationsController < Devise::RegistrationsController
return users_sign_up_welcome_path if experiment_enabled?(:signup_flow) return users_sign_up_welcome_path if experiment_enabled?(:signup_flow)
stored_location_or_dashboard(user) path_for_signed_in_user(user)
end end
def after_inactive_sign_up_path_for(resource) def after_inactive_sign_up_path_for(resource)
# With the current `allow_unconfirmed_access_for` Devise setting in config/initializers/8_devise.rb,
# this method is never called. Leaving this here in case that value is set to 0.
Gitlab::AppLogger.info(user_created_message) Gitlab::AppLogger.info(user_created_message)
users_almost_there_path Feature.enabled?(:soft_email_confirmation) ? dashboard_projects_path : users_almost_there_path
end end
private private
@ -180,9 +178,21 @@ class RegistrationsController < Devise::RegistrationsController
Gitlab::Utils.to_boolean(params[:terms_opt_in]) Gitlab::Utils.to_boolean(params[:terms_opt_in])
end end
def stored_location_or_dashboard(user) def path_for_signed_in_user(user)
if requires_confirmation?(user)
users_almost_there_path
else
stored_location_for(user) || dashboard_projects_path stored_location_for(user) || dashboard_projects_path
end end
end
def requires_confirmation?(user)
return false if user.confirmed?
return false if Feature.enabled?(:soft_email_confirmation)
return false if experiment_enabled?(:signup_flow)
true
end
def load_recaptcha def load_recaptcha
Gitlab::Recaptcha.load_configurations! Gitlab::Recaptcha.load_configurations!

View file

@ -1670,6 +1670,13 @@ class User < ApplicationRecord
super super
end end
# override from Devise::Confirmable
def confirmation_period_valid?
return false if Feature.disabled?(:soft_email_confirmation)
super
end
private private
def default_private_profile_to_false def default_private_profile_to_false

View file

@ -3,6 +3,10 @@
require 'spec_helper' require 'spec_helper'
describe ConfirmEmailWarning do describe ConfirmEmailWarning do
before do
stub_feature_flags(soft_email_confirmation: true)
end
controller(ApplicationController) do controller(ApplicationController) do
# `described_class` is not available in this context # `described_class` is not available in this context
include ConfirmEmailWarning include ConfirmEmailWarning

View file

@ -79,31 +79,33 @@ describe RegistrationsController do
stub_application_setting(send_user_confirmation_email: true) stub_application_setting(send_user_confirmation_email: true)
end end
context 'when a grace period is active for confirming the email address' do context 'when soft email confirmation is not enabled' do
before do before do
stub_feature_flags(soft_email_confirmation: false)
allow(User).to receive(:allow_unconfirmed_access_for).and_return 0
end
it 'does not authenticate the user and sends a confirmation email' do
post(:create, params: user_params)
expect(ActionMailer::Base.deliveries.last.to.first).to eq(user_params[:user][:email])
expect(subject.current_user).to be_nil
end
end
context 'when soft email confirmation is enabled' do
before do
stub_feature_flags(soft_email_confirmation: true)
allow(User).to receive(:allow_unconfirmed_access_for).and_return 2.days allow(User).to receive(:allow_unconfirmed_access_for).and_return 2.days
end end
it 'sends a confirmation email and redirects to the dashboard' do it 'authenticates the user and sends a confirmation email' do
post(:create, params: user_params) post(:create, params: user_params)
expect(ActionMailer::Base.deliveries.last.to.first).to eq(user_params[:user][:email]) expect(ActionMailer::Base.deliveries.last.to.first).to eq(user_params[:user][:email])
expect(response).to redirect_to(dashboard_projects_path) expect(response).to redirect_to(dashboard_projects_path)
end end
end end
context 'when no grace period is active for confirming the email address' do
before do
allow(User).to receive(:allow_unconfirmed_access_for).and_return 0
end
it 'sends a confirmation email and redirects to the almost there page' do
post(:create, params: user_params)
expect(ActionMailer::Base.deliveries.last.to.first).to eq(user_params[:user][:email])
expect(response).to redirect_to(users_almost_there_path)
end
end
end end
context 'when signup_enabled? is false' do context 'when signup_enabled? is false' do

View file

@ -135,7 +135,9 @@ describe 'Invites' do
expect(current_path).to eq(dashboard_projects_path) expect(current_path).to eq(dashboard_projects_path)
expect(page).to have_content(project.full_name) expect(page).to have_content(project.full_name)
visit group_path(group) visit group_path(group)
expect(page).to have_content(group.full_name) expect(page).to have_content(group.full_name)
end end
@ -153,6 +155,25 @@ describe 'Invites' do
context 'email confirmation enabled' do context 'email confirmation enabled' do
let(:send_email_confirmation) { true } let(:send_email_confirmation) { true }
context 'when soft email confirmation is not enabled' do
before do
allow(User).to receive(:allow_unconfirmed_access_for).and_return 0
end
it 'signs up and redirects to root page with all the project/groups invitation automatically accepted' do
fill_in_sign_up_form(new_user)
confirm_email(new_user)
fill_in_sign_in_form(new_user)
expect(current_path).to eq(root_path)
expect(page).to have_content(project.full_name)
visit group_path(group)
expect(page).to have_content(group.full_name)
end
end
context 'when soft email confirmation is enabled' do context 'when soft email confirmation is enabled' do
before do before do
allow(User).to receive(:allow_unconfirmed_access_for).and_return 2.days allow(User).to receive(:allow_unconfirmed_access_for).and_return 2.days
@ -164,7 +185,9 @@ describe 'Invites' do
expect(current_path).to eq(root_path) expect(current_path).to eq(root_path)
expect(page).to have_content(project.full_name) expect(page).to have_content(project.full_name)
visit group_path(group) visit group_path(group)
expect(page).to have_content(group.full_name) expect(page).to have_content(group.full_name)
end end
end end
@ -180,7 +203,24 @@ describe 'Invites' do
context 'the user sign-up using a different email address' do context 'the user sign-up using a different email address' do
let(:invite_email) { build_stubbed(:user).email } let(:invite_email) { build_stubbed(:user).email }
context 'when soft email confirmation is not enabled' do
before do before do
stub_feature_flags(soft_email_confirmation: false)
allow(User).to receive(:allow_unconfirmed_access_for).and_return 0
end
it 'signs up and redirects to the invitation page' do
fill_in_sign_up_form(new_user)
confirm_email(new_user)
fill_in_sign_in_form(new_user)
expect(current_path).to eq(invite_path(group_invite.raw_invite_token))
end
end
context 'when soft email confirmation is enabled' do
before do
stub_feature_flags(soft_email_confirmation: true)
allow(User).to receive(:allow_unconfirmed_access_for).and_return 2.days allow(User).to receive(:allow_unconfirmed_access_for).and_return 2.days
end end
@ -193,3 +233,4 @@ describe 'Invites' do
end end
end end
end end
end

View file

@ -797,6 +797,7 @@ describe 'Login' do
before do before do
stub_application_setting(send_user_confirmation_email: true) stub_application_setting(send_user_confirmation_email: true)
stub_feature_flags(soft_email_confirmation: true)
allow(User).to receive(:allow_unconfirmed_access_for).and_return grace_period allow(User).to receive(:allow_unconfirmed_access_for).and_return grace_period
end end

View file

@ -129,6 +129,39 @@ shared_examples 'Signup' do
stub_application_setting(send_user_confirmation_email: true) stub_application_setting(send_user_confirmation_email: true)
end end
context 'when soft email confirmation is not enabled' do
before do
stub_feature_flags(soft_email_confirmation: false)
end
it 'creates the user account and sends a confirmation email' do
visit new_user_registration_path
fill_in 'new_user_username', with: new_user.username
fill_in 'new_user_email', with: new_user.email
if Gitlab::Experimentation.enabled?(:signup_flow)
fill_in 'new_user_first_name', with: new_user.first_name
fill_in 'new_user_last_name', with: new_user.last_name
else
fill_in 'new_user_name', with: new_user.name
fill_in 'new_user_email_confirmation', with: new_user.email
end
fill_in 'new_user_password', with: new_user.password
expect { click_button 'Register' }.to change { User.count }.by(1)
expect(current_path).to eq users_almost_there_path
expect(page).to have_content('Please check your email to confirm your account')
end
end
context 'when soft email confirmation is enabled' do
before do
stub_feature_flags(soft_email_confirmation: true)
end
it 'creates the user account and sends a confirmation email' do it 'creates the user account and sends a confirmation email' do
visit new_user_registration_path visit new_user_registration_path
@ -155,6 +188,7 @@ shared_examples 'Signup' do
end end
end end
end end
end
context "when sigining up with different cased emails" do context "when sigining up with different cased emails" do
it "creates the user successfully" do it "creates the user successfully" do