SECURITY: always allow staff to resend activation mails

This commit is contained in:
Sam
2017-03-13 10:32:24 -04:00
parent 1a745ca16a
commit a690121805
2 changed files with 8 additions and 2 deletions

View File

@ -1423,9 +1423,15 @@ describe UsersController do
it 'should not be valid' do
user = Fabricate(:user)
xhr :post, :send_activation_email, username: user.username
expect(response.status).to eq(403)
end
it 'should allow staff regardless' do
log_in :admin
user = Fabricate(:user, active: false)
xhr :post, :send_activation_email, username: user.username
expect(response.status).to eq(200)
end
end
context 'with a valid email_token' do