From ced2a932d75272e25f172b879b08de2208ce4b5c Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sun, 9 Sep 2018 14:04:11 -0700 Subject: [PATCH] Add ability to skip user email confirmation with API This gives admins the ability to send a `skip_confirmation` flag in the `POST /users/:id/email` API endpoint to skip the verification step and assume the given e-mail address is verified. Closes #50876 --- app/services/emails/base_service.rb | 2 ++ app/services/emails/create_service.rb | 7 ++++++- .../sh-support-adding-confirmed-emails.yml | 5 +++++ doc/api/users.md | 1 + lib/api/users.rb | 1 + spec/requests/api/users_spec.rb | 17 ++++++++++++++++- 6 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 changelogs/unreleased/sh-support-adding-confirmed-emails.yml diff --git a/app/services/emails/base_service.rb b/app/services/emails/base_service.rb index ba7b689a9af..988215ffc78 100644 --- a/app/services/emails/base_service.rb +++ b/app/services/emails/base_service.rb @@ -2,6 +2,8 @@ module Emails class BaseService + attr_reader :current_user + def initialize(current_user, params = {}) @current_user, @params = current_user, params.dup @user = params.delete(:user) diff --git a/app/services/emails/create_service.rb b/app/services/emails/create_service.rb index acf575e24e5..56925a724fe 100644 --- a/app/services/emails/create_service.rb +++ b/app/services/emails/create_service.rb @@ -3,7 +3,12 @@ module Emails class CreateService < ::Emails::BaseService def execute(extra_params = {}) - @user.emails.create(@params.merge(extra_params)) + skip_confirmation = @params.delete(:skip_confirmation) + + email = @user.emails.create(@params.merge(extra_params)) + + email&.confirm if skip_confirmation && current_user.admin? + email end end end diff --git a/changelogs/unreleased/sh-support-adding-confirmed-emails.yml b/changelogs/unreleased/sh-support-adding-confirmed-emails.yml new file mode 100644 index 00000000000..1b64a1c62dc --- /dev/null +++ b/changelogs/unreleased/sh-support-adding-confirmed-emails.yml @@ -0,0 +1,5 @@ +--- +title: Add ability to skip user email confirmation with API +merge_request: 21630 +author: +type: added diff --git a/doc/api/users.md b/doc/api/users.md index a8858468cab..51935280401 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -972,6 +972,7 @@ Parameters: - `id` (required) - id of specified user - `email` (required) - email address +- `skip_confirmation` (optional) - Skip confirmation and assume e-mail is verified - true or false (default) ## Delete email for current user diff --git a/lib/api/users.rb b/lib/api/users.rb index b0811bb4aad..a4ae597e252 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -361,6 +361,7 @@ module API params do requires :id, type: Integer, desc: 'The ID of the user' requires :email, type: String, desc: 'The email of the user' + optional :skip_confirmation, type: Boolean, desc: 'Skip confirmation of email and assume it is verified' end post ":id/emails" do authenticated_as_admin! diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index d48d577afa1..b7d62df0663 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -1031,11 +1031,14 @@ describe API::Users do expect(json_response['error']).to eq('email is missing') end - it "creates email" do + it "creates unverified email" do email_attrs = attributes_for :email expect do post api("/users/#{user.id}/emails", admin), email_attrs end.to change { user.emails.count }.by(1) + + email = Email.find_by(user_id: user.id, email: email_attrs[:email]) + expect(email).not_to be_confirmed end it "returns a 400 for invalid ID" do @@ -1043,6 +1046,18 @@ describe API::Users do expect(response).to have_gitlab_http_status(400) end + + it "creates verified email" do + email_attrs = attributes_for :email + email_attrs[:skip_confirmation] = true + + post api("/users/#{user.id}/emails", admin), email_attrs + + expect(response).to have_gitlab_http_status(201) + + email = Email.find_by(user_id: user.id, email: email_attrs[:email]) + expect(email).to be_confirmed + end end describe 'GET /user/:id/emails' do