From c48d895ea72451d40d5c1fdc91a1fd3bdb50335c Mon Sep 17 00:00:00 2001 From: ThibG Date: Sun, 16 Feb 2020 12:56:53 +0100 Subject: [PATCH] Fix sign-ups without checked user agreement being accepted through the web form (#13088) * Fix user agreement not being verified * Fix tests * Fix up agreement field being dismissed --- .../auth/registrations_controller.rb | 3 +- .../auth/registrations_controller_spec.rb | 28 ++++++++++++++++--- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb index 745b91d46..78feb1631 100644 --- a/app/controllers/auth/registrations_controller.rb +++ b/app/controllers/auth/registrations_controller.rb @@ -41,7 +41,6 @@ class Auth::RegistrationsController < Devise::RegistrationsController resource.locale = I18n.locale resource.invite_code = params[:invite_code] if resource.invite_code.blank? - resource.agreement = true resource.current_sign_in_ip = request.remote_ip resource.build_account if resource.account.nil? @@ -49,7 +48,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController def configure_sign_up_params devise_parameter_sanitizer.permit(:sign_up) do |u| - u.permit({ account_attributes: [:username], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code) + u.permit({ account_attributes: [:username], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code, :agreement) end end diff --git a/spec/controllers/auth/registrations_controller_spec.rb b/spec/controllers/auth/registrations_controller_spec.rb index 3e11b34b5..c2e9f33a8 100644 --- a/spec/controllers/auth/registrations_controller_spec.rb +++ b/spec/controllers/auth/registrations_controller_spec.rb @@ -100,7 +100,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do subject do Setting.registrations_mode = 'open' request.headers["Accept-Language"] = accept_language - post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678' } } + post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } } end it 'redirects to setup' do @@ -116,6 +116,26 @@ RSpec.describe Auth::RegistrationsController, type: :controller do end end + context 'when user has not agreed to terms of service' do + around do |example| + registrations_mode = Setting.registrations_mode + example.run + Setting.registrations_mode = registrations_mode + end + + subject do + Setting.registrations_mode = 'open' + request.headers["Accept-Language"] = accept_language + post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'false' } } + end + + it 'does not create user' do + subject + user = User.find_by(email: 'test@example.com') + expect(user).to be_nil + end + end + context 'approval-based registrations without invite' do around do |example| registrations_mode = Setting.registrations_mode @@ -126,7 +146,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do subject do Setting.registrations_mode = 'approved' request.headers["Accept-Language"] = accept_language - post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678' } } + post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } } end it 'redirects to setup' do @@ -154,7 +174,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do Setting.registrations_mode = 'approved' request.headers["Accept-Language"] = accept_language invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago) - post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code } } + post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code, agreement: 'true' } } end it 'redirects to setup' do @@ -182,7 +202,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do Setting.registrations_mode = 'approved' request.headers["Accept-Language"] = accept_language invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.from_now) - post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code } } + post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code, agreement: 'true' } } end it 'redirects to setup' do