diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-12-23 01:05:48 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-12-23 01:05:48 +0300 |
commit | d28820e6038fcf5e40e8ee792560d38b1f0440b8 (patch) | |
tree | 88c6697bd5b07d53d2cfcdde85ffb38d8c3f0ab6 | |
parent | e6b6ac769bd034aeb14d312db923fc5a2ae1fb89 (diff) |
Add latest changes from gitlab-org/security/gitlab@16-7-stable-ee
-rw-r--r-- | app/models/concerns/recoverable_by_any_email.rb | 6 | ||||
-rw-r--r-- | spec/models/concerns/recoverable_by_any_email_spec.rb | 36 |
2 files changed, 16 insertions, 26 deletions
diff --git a/app/models/concerns/recoverable_by_any_email.rb b/app/models/concerns/recoverable_by_any_email.rb index c946e7e78c6..3a56e58ca00 100644 --- a/app/models/concerns/recoverable_by_any_email.rb +++ b/app/models/concerns/recoverable_by_any_email.rb @@ -11,7 +11,7 @@ module RecoverableByAnyEmail super unless email recoverable = by_email_with_errors(email) - recoverable.send_reset_password_instructions(to: email) if recoverable&.persisted? + recoverable.send_reset_password_instructions if recoverable&.persisted? recoverable end @@ -24,8 +24,10 @@ module RecoverableByAnyEmail end end - def send_reset_password_instructions(opts = {}) + def send_reset_password_instructions token = set_reset_password_token + opts = { to: verified_emails(include_private_email: false) } + send_reset_password_instructions_notification(token, opts) token diff --git a/spec/models/concerns/recoverable_by_any_email_spec.rb b/spec/models/concerns/recoverable_by_any_email_spec.rb index 1e701f145be..c17507cae83 100644 --- a/spec/models/concerns/recoverable_by_any_email_spec.rb +++ b/spec/models/concerns/recoverable_by_any_email_spec.rb @@ -52,31 +52,19 @@ RSpec.describe RecoverableByAnyEmail, feature_category: :system_access do it_behaves_like 'does not send the password reset email' end - end - - describe '#send_reset_password_instructions' do - let_it_be(:user) { create(:user) } - let_it_be(:opts) { { email: 'random@email.com' } } - let_it_be(:token) { 'passwordresettoken' } - - before do - allow(user).to receive(:set_reset_password_token).and_return(token) - end - - subject { user.send_reset_password_instructions(opts) } - it 'sends the email' do - expect { subject }.to have_enqueued_mail(DeviseMailer, :reset_password_instructions) - end - - it 'calls send_reset_password_instructions_notification with correct arguments' do - expect(user).to receive(:send_reset_password_instructions_notification).with(token, opts) - - subject - end - - it 'returns the generated token' do - expect(subject).to eq(token) + context 'with one email matching user and one not matching' do + let(:email) { [verified_email.email, 'other_email@example.com'] } + + it 'sends an email only to the user verified email' do + expect { send_reset_password_instructions } + .to have_enqueued_mail(DeviseMailer, :reset_password_instructions) + .with( + user, + anything, # reset token + to: user.verified_emails(include_private_email: false) + ) + end end end end |