Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-06 09:10:25 +08:00
Code Packages Activity Actions 11

SECURITY: prevent staged accounts from changing email

Browse source
This commit is contained in:
Sam 2017-12-14 17:16:49 +11:00
parent 67aecff59c
commit 96584403cd
3 changed files with 50 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

18
spec/controllers/users_controller_spec.rb
View file

@ -1034,24 +1034,6 @@ describe UsersController do
end
end
context "when taking over a staged account" do
let!(:staged) { Fabricate(:staged, email: "staged@account.com", active: true) }
it "succeeds" do
post :create, params: {
email: staged.email, username: "zogstrip", password: "P4ssw0rd$$"
}, format: :json
result = ::JSON.parse(response.body)
expect(result["success"]).to eq(true)
created_user = User.find_by_email(staged.email)
expect(created_user.staged).to eq(false)
expect(created_user.active).to eq(false)
expect(created_user.registration_ip_address).to be_present
end
end
end
context '#username' do