Home Explore Help
Register Sign In
RISCI_ATOM
/
mastodon
mirror of https://github.com/tootsuite/mastodon.git
1
0
Fork 0
Files Issues 8 Wiki
Browse Source

Fix sign-ups without checked user agreement being accepted through the web form (#13088)

* Fix user agreement not being verified

* Fix tests

* Fix up agreement field being dismissed
ThibG 4 years ago
parent
250ca99cb5
commit
c48d895ea7
2 changed files with 25 additions and 6 deletions
Split View Show Diff Stats
  1. 1 2
      app/controllers/auth/registrations_controller.rb
  2. 24 4
      spec/controllers/auth/registrations_controller_spec.rb

+ 1 - 2
app/controllers/auth/registrations_controller.rb
View File 

@@ -41,7 +41,6 @@ class Auth::RegistrationsController < Devise::RegistrationsController
 
 
     resource.locale             = I18n.locale
 
     resource.invite_code        = params[:invite_code] if resource.invite_code.blank?
 
-    resource.agreement          = true
 
     resource.current_sign_in_ip = request.remote_ip
 
 
     resource.build_account if resource.account.nil?
 
@@ -49,7 +48,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
 
 
   def configure_sign_up_params
 
     devise_parameter_sanitizer.permit(:sign_up) do |u|
 
-      u.permit({ account_attributes: [:username], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code)
 
+      u.permit({ account_attributes: [:username], invite_request_attributes: [:text] }, :email, :password, :password_confirmation, :invite_code, :agreement)
 
     end
 
   end

+ 24 - 4
spec/controllers/auth/registrations_controller_spec.rb
View File 

@@ -100,7 +100,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
 
       subject do
 
         Setting.registrations_mode = 'open'
 
         request.headers["Accept-Language"] = accept_language
 
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678' } }
 
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
 
       end
 
 
       it 'redirects to setup' do
 
@@ -116,6 +116,26 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
 
       end
 
     end
 
 
+    context 'when user has not agreed to terms of service' do
 
+      around do |example|
 
+        registrations_mode = Setting.registrations_mode
 
+        example.run
 
+        Setting.registrations_mode = registrations_mode
 
+      end
 
+
 
+      subject do
 
+        Setting.registrations_mode = 'open'
 
+        request.headers["Accept-Language"] = accept_language
 
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'false' } }
 
+      end
 
+
 
+      it 'does not create user' do
 
+        subject
 
+        user = User.find_by(email: 'test@example.com')
 
+        expect(user).to be_nil
 
+      end
 
+    end
 
+
 
     context 'approval-based registrations without invite' do
 
       around do |example|
 
         registrations_mode = Setting.registrations_mode
 
@@ -126,7 +146,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
 
       subject do
 
         Setting.registrations_mode = 'approved'
 
         request.headers["Accept-Language"] = accept_language
 
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678' } }
 
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', agreement: 'true' } }
 
       end
 
 
       it 'redirects to setup' do
 
@@ -154,7 +174,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
 
         Setting.registrations_mode = 'approved'
 
         request.headers["Accept-Language"] = accept_language
 
         invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.ago)
 
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code } }
 
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code, agreement: 'true' } }
 
       end
 
 
       it 'redirects to setup' do
 
@@ -182,7 +202,7 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
 
         Setting.registrations_mode = 'approved'
 
         request.headers["Accept-Language"] = accept_language
 
         invite = Fabricate(:invite, max_uses: nil, expires_at: 1.hour.from_now)
 
-        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code } }
 
+        post :create, params: { user: { account_attributes: { username: 'test' }, email: 'test@example.com', password: '12345678', password_confirmation: '12345678', 'invite_code': invite.code, agreement: 'true' } }
 
       end
 
 
       it 'redirects to setup' do