diff --git a/app/controllers/confirmations_controller.rb b/app/controllers/confirmations_controller.rb index a4019983e97..07a179c44e9 100644 --- a/app/controllers/confirmations_controller.rb +++ b/app/controllers/confirmations_controller.rb @@ -60,11 +60,12 @@ def confirm_resend if user.nil? || user.id != session[:pending_user] flash[:error] = t ".failure", :name => params[:display_name] else - UserMailer.signup_confirm(user, user.generate_token_for(:new_user)).deliver_later + referer = session[:referer] + UserMailer.signup_confirm(user, user.generate_token_for(:new_user), referer).deliver_later flash[:notice] = { :partial => "confirmations/resend_success_flash", :locals => { :email => user.email, :sender => Settings.email_from } } end - redirect_to login_path + redirect_to login_path(:referer => session[:referer]) end def confirm_email diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 29fae6491fc..6e0928cdc74 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -89,6 +89,7 @@ def create successful_login(current_user, referer) else session[:pending_user] = current_user.id + session[:referer] = params[:referer] UserMailer.signup_confirm(current_user, current_user.generate_token_for(:new_user), referer).deliver_later redirect_to :controller => :confirmations, :action => :confirm, :display_name => current_user.display_name end diff --git a/test/controllers/confirmations_controller_test.rb b/test/controllers/confirmations_controller_test.rb index d5ac542a3c8..05856161536 100644 --- a/test/controllers/confirmations_controller_test.rb +++ b/test/controllers/confirmations_controller_test.rb @@ -300,4 +300,63 @@ def test_gravatar_auto_disable # gravatar use should now be disabled assert_not User.find(user.id).image_use_gravatar end + + ## + # Test that OAuth referer is preserved through initial signup confirmation + def test_confirm_success_with_oauth_referer + user = build(:user, :pending) + stub_gravatar_request(user.email) + + oauth_referer = "/oauth2/authorize?client_id=test_client&response_type=code&scope=read_prefs" + post users_path, :params => { :user => user.attributes, :referer => oauth_referer } + + # Process enqueued jobs to deliver the signup confirmation email + perform_enqueued_jobs + + confirm_string = User.find_by(:email => user.email).generate_token_for(:new_user) + + # confirmation email + email = ActionMailer::Base.deliveries.last + assert_not_nil email + + email_body = email.html_part.body.to_s + assert_match(/oauth_return_url/, email_body, "Initial confirmation email should contain oauth_return_url") + + welcome_referer = "/welcome?oauth_return_url=#{CGI.escape(oauth_referer)}" + post user_confirm_path, :params => { + :display_name => user.display_name, + :confirm_string => confirm_string, + :referer => welcome_referer + } + + assert_redirected_to welcome_referer + end + + ## + # Test that OAuth referer is preserved when resending confirmation email + def test_confirm_resend_preserves_oauth_referer + user = build(:user, :pending) + + oauth_referer = "/oauth2/authorize?client_id=test_client&response_type=code&scope=read_prefs" + post users_path, :params => { :user => user.attributes, :referer => oauth_referer } + + # Get the first confirmation email sent during signup + ActionMailer::Base.deliveries.clear + + # User clicks "Resend confirmation email" + assert_difference "ActionMailer::Base.deliveries.size", 1 do + perform_enqueued_jobs do + post user_confirm_resend_path(user) + end + end + + email = ActionMailer::Base.deliveries.last + assert_not_nil email + assert_equal user.email, email.to.first + + email_body = email.html_part.body.to_s + + assert_match(/referer=.*oauth2.*authorize/i, email_body, + "Resent confirmation email should preserve oauth referer in confirmation URL") + end end