consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Send informative email for already confirmed users

Browse Source 
Currently the application does not send any email to confirm the
account for already confirmed users. But we show a notice message
that may look like you will recive one:

"If your email address exists in our database, you will receive
 an email with instructions for how to confirm your email address
 in a few minutes."

In this commit we keep the original message, but send an email to
the user informing them that their account is now registered.

This way no one can know if someone else's account is confirmed and
we don't have to worry about GDPR either.

Co-Authored-By: taitus <sebastia.roig@gmail.com>
This commit is contained in:
Julian Herrero
2022-04-13 13:19:18 +02:00
committed by taitus
parent d0571a4a73
commit ad018c6f39
6 changed files with 72 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/controllers/users/confirmations_controller.rb
View File

@@ -1,4 +1,17 @@
class Users::ConfirmationsController < Devise::ConfirmationsController class Users::ConfirmationsController < Devise::ConfirmationsController
# POST /resource/confirmation
def create
self.resource = resource_class.send_confirmation_instructions(resource_params)
yield resource if block_given?
if successfully_sent?(resource)
Mailer.already_confirmed(resource).deliver_later unless resource.confirmation_required?
respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
else
respond_with(resource)
end
end
# new action, PATCH does not exist in the default Devise::ConfirmationsController # new action, PATCH does not exist in the default Devise::ConfirmationsController
# PATCH /resource/confirmation # PATCH /resource/confirmation
def update def update

9
app/mailers/mailer.rb
View File

@@ -144,6 +144,15 @@ class Mailer < ApplicationMailer
mail(to: @email_to, subject: t("mailers.machine_learning_success.subject")) mail(to: @email_to, subject: t("mailers.machine_learning_success.subject"))
end end
def already_confirmed(user)
@email_to = user.email
@user = user
with_user(@user) do
mail(to: @email_to, subject: t("mailers.already_confirmed.subject"))
end
end
private private
def with_user(user, &block) def with_user(user, &block)

17
app/views/mailer/already_confirmed.html.erb Normal file
View File

@@ -0,0 +1,17 @@
<td style="padding-bottom: 20px; padding-left: 10px;">
<h1 style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;">
<%= t("mailers.already_confirmed.subject") %>
</h1>
<p style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;font-size: 14px;line-height: 24px;">
<%= t("mailers.already_confirmed.info") %>
</p>
<p style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;font-size: 14px;line-height: 24px;">
<%= t("mailers.already_confirmed.new_password") %>
</p>
<p style="font-family: 'Open Sans','Helvetica Neue',arial,sans-serif;font-size: 14px;font-weight: normal;line-height: 24px;">
<%= link_to t("devise_views.shared.links.new_password"), new_password_url(@user), style: "color: #2895F1; text-decoration:none;" %>
</p>
</td>

4
config/locales/en/mailers.yml
View File

@@ -2,6 +2,10 @@ en:
mailers: mailers:
title: "Open Government" title: "Open Government"
no_reply: "This message was sent from an email address that does not accept replies." no_reply: "This message was sent from an email address that does not accept replies."
already_confirmed:
info: "We've received a request to send you instructions to confirm your account. However, your account is already confirmed, so there's no need to do so again."
new_password: "If you've forgotten your password, you can reset it at the following link:"
subject: Your account is already confirmed
comment: comment:
hi: Hi hi: Hi
new_comment_by: There is a new comment from <strong>%{commenter}</strong> new_comment_by: There is a new comment from <strong>%{commenter}</strong>

4
config/locales/es/mailers.yml
View File

@@ -2,6 +2,10 @@ es:
mailers: mailers:
title: "Gobierno abierto" title: "Gobierno abierto"
no_reply: "Este mensaje se ha enviado desde una dirección de correo electrónico que no admite respuestas." no_reply: "Este mensaje se ha enviado desde una dirección de correo electrónico que no admite respuestas."
already_confirmed:
info: "Hemos recibido una solicitud para enviarte instrucciones para confirmar tu cuenta. Sin embargo, tu cuenta ya está confirmada, por lo que no es necesario volver a hacerlo."
new_password: "Si has olvidado tu contraseña, puedes restablecerla en el siguiente enlace:"
subject: Tu cuenta ya está confirmada
comment: comment:
hi: Hola hi: Hola
new_comment_by: Hay un nuevo comentario de <strong>%{commenter}</strong> en new_comment_by: Hay un nuevo comentario de <strong>%{commenter}</strong> en

26
spec/system/users_auth_spec.rb
View File

@@ -585,7 +585,8 @@ describe "Users" do
end end
scenario "Re-send confirmation instructions" do scenario "Re-send confirmation instructions" do
create(:user, email: "manuela@consul.dev") create(:user, email: "manuela@consul.dev", confirmed_at: nil)
ActionMailer::Base.deliveries.clear
visit "/" visit "/"
click_link "Sign in" click_link "Sign in"
@@ -596,9 +597,13 @@ describe "Users" do
expect(page).to have_content "If your email address exists in our database, in a few minutes you will "\ expect(page).to have_content "If your email address exists in our database, in a few minutes you will "\
"receive an email with instructions on how to confirm your email address." "receive an email with instructions on how to confirm your email address."
expect(ActionMailer::Base.deliveries.count).to eq(1)
expect(ActionMailer::Base.deliveries.first.to).to eq(["manuela@consul.dev"])
expect(ActionMailer::Base.deliveries.first.subject).to eq("Confirmation instructions")
end end
scenario "Re-send confirmation instructions with unexisting email" do scenario "Re-send confirmation instructions with unexisting email" do
ActionMailer::Base.deliveries.clear
visit "/" visit "/"
click_link "Sign in" click_link "Sign in"
click_link "Haven't received instructions to activate your account?" click_link "Haven't received instructions to activate your account?"
@@ -608,6 +613,25 @@ describe "Users" do
expect(page).to have_content "If your email address exists in our database, in a few minutes you will "\ expect(page).to have_content "If your email address exists in our database, in a few minutes you will "\
"receive an email with instructions on how to confirm your email address." "receive an email with instructions on how to confirm your email address."
expect(ActionMailer::Base.deliveries.count).to eq(0)
end
scenario "Re-send confirmation instructions with already verified email" do
ActionMailer::Base.deliveries.clear
create(:user, email: "manuela@consul.dev")
visit new_user_session_path
click_link "Haven't received instructions to activate your account?"
fill_in "user_email", with: "manuela@consul.dev"
click_button "Re-send instructions"
expect(page).to have_content "If your email address exists in our database, in a few minutes you will "\
"receive an email with instructions on how to confirm your email address."
expect(ActionMailer::Base.deliveries.count).to eq(1)
expect(ActionMailer::Base.deliveries.first.to).to eq(["manuela@consul.dev"])
expect(ActionMailer::Base.deliveries.first.subject).to eq("Your account is already confirmed")
end end
scenario "Sign in, admin with password expired" do scenario "Sign in, admin with password expired" do