github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 04:31:10 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: signup without verified email using Google auth

Browse Source
This commit is contained in:
Neil Lalonde
2017-10-16 13:51:35 -04:00
parent 80d0c6df7c
commit 2db66072d7
5 changed files with 46 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
spec/components/auth/google_oauth2_authenticator_spec.rb
View File

@ -85,16 +85,31 @@ describe Auth::GoogleOAuth2Authenticator do
context 'after_create_account' do
it 'confirms email' do
authenticator = Auth::GoogleOAuth2Authenticator.new
user = Fabricate(:user)
user = Fabricate(:user, email: 'realgoogleuser@gmail.com')
session = {
email_valid: "true",
extra_data: {
google_user_id: 1
google_user_id: 1,
email: 'realgoogleuser@gmail.com'
}
}
authenticator.after_create_account(user, session)
expect(user.email_confirmed?).to eq(true)
end
it "doesn't confirm email if it was changed" do
authenticator = Auth::GoogleOAuth2Authenticator.new
user = Fabricate(:user, email: 'changed@gmail.com')
session = {
email_valid: "true",
extra_data: {
google_user_id: 1,
email: 'realgoogleuser@gmail.com'
}
}
authenticator.after_create_account(user, session)
expect(user.email_confirmed?).to eq(false)
end
end
end