From 2a61f147532a74f709a71145fd0b38776ca9719d Mon Sep 17 00:00:00 2001 From: Claire Date: Mon, 22 May 2023 17:38:05 +0200 Subject: [PATCH] Fix account confirmation flow not returning to app after captcha validation (#25057) --- .../auth/confirmations/captcha.html.haml | 1 + spec/features/captcha_spec.rb | 35 +++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 spec/features/captcha_spec.rb diff --git a/app/views/auth/confirmations/captcha.html.haml b/app/views/auth/confirmations/captcha.html.haml index 1f577383eb6..77f4b35b4fc 100644 --- a/app/views/auth/confirmations/captcha.html.haml +++ b/app/views/auth/confirmations/captcha.html.haml @@ -5,6 +5,7 @@ = render 'auth/shared/progress', stage: 'confirm' = hidden_field_tag :confirmation_token, params[:confirmation_token] + = hidden_field_tag :redirect_to_app, params[:redirect_to_app] %p.lead= t('auth.captcha_confirmation.hint_html') diff --git a/spec/features/captcha_spec.rb b/spec/features/captcha_spec.rb new file mode 100644 index 00000000000..db89ff3e616 --- /dev/null +++ b/spec/features/captcha_spec.rb @@ -0,0 +1,35 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe 'email confirmation flow when captcha is enabled' do + let(:user) { Fabricate(:user, confirmed_at: nil, confirmation_token: 'foobar', created_by_application: client_app) } + let(:client_app) { nil } + + before do + # rubocop:disable RSpec/AnyInstance -- easiest way to deal with that that I know of + allow_any_instance_of(Auth::ConfirmationsController).to receive(:captcha_enabled?).and_return(true) + allow_any_instance_of(Auth::ConfirmationsController).to receive(:check_captcha!).and_return(true) + allow_any_instance_of(Auth::ConfirmationsController).to receive(:render_captcha).and_return(nil) + # rubocop:enable RSpec/AnyInstance + end + + context 'when the user signed up through an app' do + let(:client_app) { Fabricate(:application) } + + it 'logs in' do + visit "/auth/confirmation?confirmation_token=#{user.confirmation_token}&redirect_to_app=true" + + # It presents the user with a captcha form + expect(page).to have_title(I18n.t('auth.captcha_confirmation.title')) + + # It does not confirm the user just yet + expect(user.reload.confirmed?).to be false + + # It redirects to app and confirms user + click_on I18n.t('challenge.confirm') + expect(user.reload.confirmed?).to be true + expect(page).to have_current_path(/\A#{client_app.confirmation_redirect_uri}/, url: true) + end + end +end