From 18db6482f96db635fcda4e4c17be764ecc886bb0 Mon Sep 17 00:00:00 2001
From: kikito <kikito@gmail.com>
Date: Tue, 20 Oct 2015 17:18:28 +0200
Subject: [PATCH] makes sure verifications only happen for signed in users when
 doing a letter verification

---
 app/controllers/application_controller.rb         |  6 +++---
 app/controllers/verification/letter_controller.rb | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 03b175e17..3ef1245e8 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -52,7 +52,7 @@ class ApplicationController < ActionController::Base
     end
 
     def verify_lock
-      if current_user.try(:locked?)
+      if current_user.locked?
         redirect_to account_path, alert: t('verification.alert.lock')
       end
     end
@@ -97,13 +97,13 @@ class ApplicationController < ActionController::Base
     end
 
     def verify_resident!
-      if current_user && !current_user.residence_verified?
+      unless current_user.residence_verified?
         redirect_to new_residence_path, alert: t('verification.residence.alert.unconfirmed_residency')
       end
     end
 
     def verify_verified!
-      if current_user.try(:level_three_verified?)
+      if current_user.level_three_verified?
         redirect_to(account_path, notice: t('verification.redirect_notices.already_verified'))
       end
     end
diff --git a/app/controllers/verification/letter_controller.rb b/app/controllers/verification/letter_controller.rb
index 8b8a19f55..ed5288a45 100644
--- a/app/controllers/verification/letter_controller.rb
+++ b/app/controllers/verification/letter_controller.rb
@@ -2,10 +2,10 @@ class Verification::LetterController < ApplicationController
   before_action :authenticate_user!, except: [:edit, :update]
   before_action :login_via_form, only: :update
 
-  before_action :verify_resident!, except: :edit
-  before_action :verify_phone!, except: :edit
-  before_action :verify_verified!, except: :edit
-  before_action :verify_lock, except: :edit
+  before_action :verify_resident!, except: :edit, if: :signed_in?
+  before_action :verify_phone!, except: :edit, if: :signed_in?
+  before_action :verify_verified!, except: :edit, if: :signed_in?
+  before_action :verify_lock, except: :edit, if: :signed_in?
 
   skip_authorization_check
 
@@ -44,13 +44,13 @@ class Verification::LetterController < ApplicationController
     end
 
     def verify_phone!
-      if current_user && !current_user.confirmed_phone?
+      unless current_user.confirmed_phone?
         redirect_to verified_user_path, alert: t('verification.letter.alert.unconfirmed_code')
       end
     end
 
     def login_via_form
-      user = User.find_by_email(letter_params[:email])
+      user = User.find_by email: letter_params[:email]
       if user && user.valid_password?(letter_params[:password])
         sign_in(user)
       end