FIX: Don't mark user as active if verified email is different.

2025-05-30 15:28:37 +08:00 · 2017-03-01 11:58:24 +08:00
parent 2a35abf757
commit 3d347fb9c4
5 changed files with 109 additions and 9 deletions
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@ -111,10 +111,8 @@ class Users::OmniauthCallbacksController < ApplicationController

  def user_found(user)
    # automatically activate/unstage any account if a provider marked the email valid
-    if @auth_result.email_valid
-      user.staged = false
-      user.active = true
-      user.save
+    if @auth_result.email_valid && @auth_result.email == user.email
+      user.update!(staged: false, active: true)
    end

    if ScreenedIpAddress.should_block?(request.remote_ip)