Send informative email for already confirmed users

Currently the application does not send any email to confirm the account for already confirmed users. But we show a notice message that may look like you will recive one: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." In this commit we keep the original message, but send an email to the user informing them that their account is now registered. This way no one can know if someone else's account is confirmed and we don't have to worry about GDPR either. Co-Authored-By: taitus <sebastia.roig@gmail.com>
2022-04-13 13:19:18 +02:00
parent d0571a4a73
commit ad018c6f39
6 changed files with 72 additions and 1 deletions
--- a/spec/system/users_auth_spec.rb
+++ b/spec/system/users_auth_spec.rb
@@ -585,7 +585,8 @@ describe "Users" do
  end

  scenario "Re-send confirmation instructions" do
-    create(:user, email: "manuela@consul.dev")
+    create(:user, email: "manuela@consul.dev", confirmed_at: nil)
+    ActionMailer::Base.deliveries.clear

    visit "/"
    click_link "Sign in"
@@ -596,9 +597,13 @@ describe "Users" do

    expect(page).to have_content "If your email address exists in our database, in a few minutes you will "\
                                 "receive an email with instructions on how to confirm your email address."
+    expect(ActionMailer::Base.deliveries.count).to eq(1)
+    expect(ActionMailer::Base.deliveries.first.to).to eq(["manuela@consul.dev"])
+    expect(ActionMailer::Base.deliveries.first.subject).to eq("Confirmation instructions")
  end

  scenario "Re-send confirmation instructions with unexisting email" do
+    ActionMailer::Base.deliveries.clear
    visit "/"
    click_link "Sign in"
    click_link "Haven't received instructions to activate your account?"
@@ -608,6 +613,25 @@ describe "Users" do

    expect(page).to have_content "If your email address exists in our database, in a few minutes you will "\
                                 "receive an email with instructions on how to confirm your email address."
+    expect(ActionMailer::Base.deliveries.count).to eq(0)
+  end
+
+  scenario "Re-send confirmation instructions with already verified email" do
+    ActionMailer::Base.deliveries.clear
+
+    create(:user, email: "manuela@consul.dev")
+
+    visit new_user_session_path
+    click_link "Haven't received instructions to activate your account?"
+
+    fill_in "user_email", with: "manuela@consul.dev"
+    click_button "Re-send instructions"
+
+    expect(page).to have_content "If your email address exists in our database, in a few minutes you will "\
+                                 "receive an email with instructions on how to confirm your email address."
+    expect(ActionMailer::Base.deliveries.count).to eq(1)
+    expect(ActionMailer::Base.deliveries.first.to).to eq(["manuela@consul.dev"])
+    expect(ActionMailer::Base.deliveries.first.subject).to eq("Your account is already confirmed")
  end

  scenario "Sign in, admin with password expired" do