Fixed issue causing account verify to throw 404 (#1987)

2020-08-04 14:04:47 -04:00 · 2020-08-04 14:04:47 -04:00 · 620416f18a
parent 0710c569b7
commit 620416f18a
5 changed files with 11 additions and 5 deletions
--- a/app/controllers/account_activations_controller.rb
+++ b/app/controllers/account_activations_controller.rb
@ -20,7 +20,8 @@ class AccountActivationsController < ApplicationController
  include Emailer

  before_action :ensure_unauthenticated
-  before_action :find_user
+  before_action :find_user, except: :show
+  before_action :find_user_by_digest, only: :show

  # GET /account_activations
  def show
@ -63,6 +64,10 @@ class AccountActivationsController < ApplicationController
    @user = User.find_by!(activation_digest: User.hash_token(params[:token]), provider: @user_domain)
  end

+  def find_user_by_digest
+    @user = User.find_by!(activation_digest: params[:digest], provider: @user_domain)
+  end
+
  def ensure_unauthenticated
    redirect_to current_user.main_room if current_user
  end
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@ -371,7 +371,7 @@ class RoomsController < ApplicationController
  end

  def validate_verified_email
-    redirect_to account_activation_path(current_user) if current_user && !current_user&.activated?
+    redirect_to account_activation_path(digest: current_user.activation_digest) if current_user && !current_user&.activated?
  end

  def verify_room_owner_verified
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -88,7 +88,7 @@ class SessionsController < ApplicationController
      # Check that the user is a Greenlight account
      return redirect_to(root_path, alert: I18n.t("invalid_login_method")) unless user.greenlight_account?
      # Check that the user has verified their account
-      return redirect_to(account_activation_path(token: user.create_activation_token)) unless user.activated?
+      return redirect_to(account_activation_path(digest: user.activation_digest)) unless user.activated?
    end

    login(user)
--- a/spec/controllers/account_activations_controller_spec.rb
+++ b/spec/controllers/account_activations_controller_spec.rb
@ -34,8 +34,9 @@ describe AccountActivationsController, type: :controller do

    it "renders the verify view if the user is not signed in and is not verified" do
      user = create(:user, email_verified: false,  provider: "greenlight")
+      user.create_activation_token

-      get :show, params: { token: user.create_activation_token }
+      get :show, params: { digest: user.activation_digest }

      expect(response).to render_template(:show)
    end
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@ -144,7 +144,7 @@ describe SessionsController, type: :controller do

      expect(@request.session[:user_id]).to be_nil
      # Expect to redirect to activation path since token is not known here
-      expect(response.location.start_with?(account_activation_url(token: ""))).to be true
+      expect(response.location.start_with?(account_activation_url(digest: @user3.activation_digest))).to be true
    end

    it "should not login user if account is deleted" do