Commit 70868745 authored by Dan Jensen's avatar Dan Jensen Committed by Michael Kozono

Use existing-user language in reconfirmation email

parent 6c97d4ed
...@@ -1697,6 +1697,10 @@ class User < ApplicationRecord ...@@ -1697,6 +1697,10 @@ class User < ApplicationRecord
impersonator.present? impersonator.present?
end end
def created_recently?
created_at > Devise.confirm_within.ago
end
protected protected
# override, from Devise::Validatable # override, from Devise::Validatable
......
- confirmation_link = confirmation_url(@resource, confirmation_token: @token) - confirmation_link = confirmation_url(@resource, confirmation_token: @token)
- if @resource.unconfirmed_email.present? - if @resource.unconfirmed_email.present? || !@resource.created_recently?
#content #content
= email_default_heading(@resource.unconfirmed_email) = email_default_heading(@resource.unconfirmed_email || @resource.email)
%p Click the link below to confirm your email address. %p Click the link below to confirm your email address.
#cta #cta
= link_to 'Confirm your email address', confirmation_link = link_to 'Confirm your email address', confirmation_link
......
<% if @resource.unconfirmed_email.present? %> <% if @resource.unconfirmed_email.present? || !@resource.created_recently? %>
<%= @resource.unconfirmed_email %>, <%= @resource.unconfirmed_email || @resource.email %>,
Use the link below to confirm your email address. Use the link below to confirm your email address.
<% else %> <% else %>
<% if Gitlab.com? %> <% if Gitlab.com? %>
......
---
title: Replace misleading text in re-confirmation emails
merge_request: 36634
author:
type: security
# frozen_string_literal: true
require 'spec_helper'
require 'email_spec'
RSpec.describe DeviseMailer do
describe "#confirmation_instructions" do
subject { described_class.confirmation_instructions(user, 'faketoken', {}) }
context "when confirming the unconfirmed_email" do
let(:user) { build(:user, unconfirmed_email: 'jdoe@example.com') }
it "shows the unconfirmed_email" do
expect(subject.body.encoded).to have_text user.unconfirmed_email
expect(subject.body.encoded).not_to have_text user.email
end
end
context "when re-confirming the primary email after a security issue" do
let(:user) { build(:user, created_at: 10.days.ago, unconfirmed_email: nil) }
it "shows the primary email" do
expect(subject.body.encoded).to have_text user.email
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment