Merge branch 'feature/confirmable' of /home/git/repositories/gitlab/gitlabhq

CHANGELOG

@@ -17,6 +17,8 @@ v 6.2.0
   - Avatar upload on profile page with a maximum of 200KB (Steven Thonus)
   - Store the sessions in Redis instead of the cookie store
   - Fixed relative links in markdown
+  - User must confirm his email if signup enabled
+  - User must confirm changed email 
 
 v 6.1.0
   - Project specific IDs for issues, mr, milestones

app/controllers/admin/users_controller.rb

@@ -47,6 +47,7 @@ class Admin::UsersController < Admin::ApplicationController
     @user = User.build_user(params[:user].merge(opts), as: :admin)
     @user.admin = (admin && admin.to_i > 0)
     @user.created_by_id = current_user.id
+    @user.confirm!
 
     respond_to do |format|
       if @user.save
@@ -71,6 +72,7 @@ class Admin::UsersController < Admin::ApplicationController
 
     respond_to do |format|
       if user.update_attributes(params[:user], as: :admin)
+        user.confirm!
         format.html { redirect_to [:admin, user], notice: 'User was successfully updated.' }
         format.json { head :ok }
       else

app/models/user.rb

@@ -43,7 +43,7 @@ require 'file_size_validator'
 
 class User < ActiveRecord::Base
   devise :database_authenticatable, :token_authenticatable, :lockable, :async,
-         :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :registerable
+         :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable
 
   attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, :name, :username,
                   :skype, :linkedin, :twitter, :color_scheme_id, :theme_id, :force_random_password,
@@ -398,4 +398,4 @@ class User < ActiveRecord::Base
 
     self
   end
-end
\ No newline at end of file
+end

app/views/profiles/show.html.haml

@@ -25,7 +25,12 @@
         = f.label :email, class: "control-label"
         .controls
           = f.text_field :email, class: "input-xlarge", required: true
-          %span.help-block We also use email for avatar detection if no avatar is uploaded.
+          - if @user.unconfirmed_email.present?
+            %span.help-block
+              We sent confirmation email to
+              %strong #{@user.unconfirmed_email}
+          - else
+            %span.help-block We also use email for avatar detection if no avatar is uploaded.
       .control-group
         = f.label :skype, class: "control-label"
         .controls= f.text_field :skype, class: "input-xlarge"

config/initializers/devise.rb

@@ -54,6 +54,8 @@ Devise.setup do |config|
   # The realm used in Http Basic Authentication. "Application" by default.
   # config.http_authentication_realm = "Application"
 
+  config.reconfirmable = true
+
   # It will change confirmation, password recovery and other workflows
   # to behave the same regardless if the e-mail provided was right or wrong.
   # Does not affect registerable.

db/migrate/20131009115346_add_confirmable_to_users.rb

+class AddConfirmableToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :confirmation_token, :string
+    add_column :users, :confirmed_at, :datetime
+    add_column :users, :confirmation_sent_at, :datetime
+    add_column :users, :unconfirmed_email, :string
+    add_index :users, :confirmation_token, unique: true
+    User.update_all(confirmed_at: Time.now)
+  end
+
+  def self.down
+    remove_column :users, :confirmation_token, :confirmed_at, :confirmation_sent_at
+    remove_column :users, :unconfirmed_email
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20131005191208) do
+ActiveRecord::Schema.define(:version => 20131009115346) do
 
   create_table "deploy_keys_projects", :force => true do |t|
     t.integer  "deploy_key_id", :null => false
@@ -284,10 +284,15 @@ ActiveRecord::Schema.define(:version => 20131005191208) do
     t.datetime "password_expires_at"
     t.integer  "created_by_id"
     t.string   "avatar"
+    t.string   "confirmation_token"
+    t.datetime "confirmed_at"
+    t.datetime "confirmation_sent_at"
+    t.string   "unconfirmed_email"
   end
 
   add_index "users", ["admin"], :name => "index_users_on_admin"
   add_index "users", ["authentication_token"], :name => "index_users_on_authentication_token", :unique => true
+  add_index "users", ["confirmation_token"], :name => "index_users_on_confirmation_token", :unique => true
   add_index "users", ["email"], :name => "index_users_on_email", :unique => true
   add_index "users", ["extern_uid", "provider"], :name => "index_users_on_extern_uid_and_provider", :unique => true
   add_index "users", ["name"], :name => "index_users_on_name"

lib/gitlab/oauth/user.rb

@@ -29,6 +29,7 @@ module Gitlab
 
           user = model.build_user(opts, as: :admin)
           user.save!
+          user.confirm!
           log.info "(OAuth) Creating user #{email} from login with extern_uid => #{uid}"
 
           if Gitlab.config.omniauth['block_auto_created_users'] && !ldap?

spec/factories.rb

@@ -23,6 +23,10 @@ FactoryGirl.define do
     end
 
     factory :admin, traits: [:admin]
+
+    after :create do |u|
+      u.confirm!
+    end
   end
 
   factory :project do

spec/models/project_spec.rb

@@ -27,8 +27,14 @@
 require 'spec_helper'
 
 describe Project do
-  before(:each) { enable_observers }
-  after(:each) { disable_observers }
+  let(:user) { create(:user) }
+
+  before do
+    enable_observers
+    Thread.current[:current_user] = user
+  end
+
+  after  { disable_observers }
 
   describe "Associations" do
     it { should belong_to(:group) }