kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add ability to skip user email confirmation with API

Browse source 
This gives admins the ability to send a `skip_confirmation` flag in the
`POST /users/:id/email` API endpoint to skip the verification step and
assume the given e-mail address is verified.

Closes #50876
This commit is contained in:
Stan Hu 2018-09-09 14:04:11 -07:00
parent 2f990e3408
commit ced2a932d7
6 changed files with 31 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/services/emails/base_service.rb
View file

@ -2,6 +2,8 @@
module Emails module Emails
class BaseService class BaseService
attr_reader :current_user
def initialize(current_user, params = {}) def initialize(current_user, params = {})
@current_user, @params = current_user, params.dup @current_user, @params = current_user, params.dup
@user = params.delete(:user) @user = params.delete(:user)

7
app/services/emails/create_service.rb
View file

@ -3,7 +3,12 @@
module Emails module Emails
class CreateService < ::Emails::BaseService class CreateService < ::Emails::BaseService
def execute(extra_params = {}) def execute(extra_params = {})
@user.emails.create(@params.merge(extra_params)) skip_confirmation = @params.delete(:skip_confirmation)
email = @user.emails.create(@params.merge(extra_params))
email&.confirm if skip_confirmation && current_user.admin?
email
end end
end end
end end

5
changelogs/unreleased/sh-support-adding-confirmed-emails.yml Normal file
View file

@ -0,0 +1,5 @@
---
title: Add ability to skip user email confirmation with API
merge_request: 21630
author:
type: added

1
doc/api/users.md
View file

@ -972,6 +972,7 @@ Parameters:
- `id` (required) - id of specified user - `id` (required) - id of specified user
- `email` (required) - email address - `email` (required) - email address
- `skip_confirmation` (optional) - Skip confirmation and assume e-mail is verified - true or false (default)
## Delete email for current user ## Delete email for current user

1
lib/api/users.rb
View file

@ -361,6 +361,7 @@ module API
params do params do
requires :id, type: Integer, desc: 'The ID of the user' requires :id, type: Integer, desc: 'The ID of the user'
requires :email, type: String, desc: 'The email of the user' requires :email, type: String, desc: 'The email of the user'
optional :skip_confirmation, type: Boolean, desc: 'Skip confirmation of email and assume it is verified'
end end
post ":id/emails" do post ":id/emails" do
authenticated_as_admin! authenticated_as_admin!

17
spec/requests/api/users_spec.rb
View file

@ -1031,11 +1031,14 @@ describe API::Users do
expect(json_response['error']).to eq('email is missing') expect(json_response['error']).to eq('email is missing')
end end
it "creates email" do it "creates unverified email" do
email_attrs = attributes_for :email email_attrs = attributes_for :email
expect do expect do
post api("/users/#{user.id}/emails", admin), email_attrs post api("/users/#{user.id}/emails", admin), email_attrs
end.to change { user.emails.count }.by(1) end.to change { user.emails.count }.by(1)
email = Email.find_by(user_id: user.id, email: email_attrs[:email])
expect(email).not_to be_confirmed
end end
it "returns a 400 for invalid ID" do it "returns a 400 for invalid ID" do
@ -1043,6 +1046,18 @@ describe API::Users do
expect(response).to have_gitlab_http_status(400) expect(response).to have_gitlab_http_status(400)
end end
it "creates verified email" do
email_attrs = attributes_for :email
email_attrs[:skip_confirmation] = true
post api("/users/#{user.id}/emails", admin), email_attrs
expect(response).to have_gitlab_http_status(201)
email = Email.find_by(user_id: user.id, email: email_attrs[:email])
expect(email).to be_confirmed
end
end end
describe 'GET /user/:id/emails' do describe 'GET /user/:id/emails' do