-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Return helpful error message when attempting to login/signup w Twitter oauth with no email #8734
Conversation
Codecov Report
@@ Coverage Diff @@
## main #8734 +/- ##
==========================================
- Coverage 81.96% 81.93% -0.04%
==========================================
Files 100 100
Lines 5901 5933 +32
==========================================
+ Hits 4837 4861 +24
- Misses 1064 1072 +8
|
assert_not_nil request.env['omniauth.auth'] | ||
#Sign Up for a new user | ||
post :create | ||
assert_equal "You have successfully signed in. Please change your password by editing your profile in the upper right menu.", flash[:notice] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, we'll have to change this too, from assert_equal "You have successfully signed in. Please change your password using the link sent to you via e-mail.", flash[:notice]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
plots2/app/controllers/user_sessions_controller.rb
Lines 92 to 94 in 4b2e532
redirect_to '/dashboard', notice: "You have successfully signed in. Please change your password using the link sent to you via e-mail." | |
else | |
redirect_to "/dashboard", notice: "You have successfully signed in. Please change your password using the link sent to you via e-mail." |
@@ -89,9 +89,17 @@ def handle_social_login_flow(auth) | |||
elsif params[:return_to] && params[:return_to].split('/')[0..3] == ["", "subscribe", "multiple", "tag"] | |||
flash[:notice] = "You are now following '#{params[:return_to].split('/')[4]}'." | |||
subscribe_multiple_tag(params[:return_to].split('/')[4]) | |||
redirect_to '/dashboard', notice: "You have successfully signed in. Please change your password using the link sent to you via e-mail." | |||
if user.email |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Avoid deeply nested control flow statements.
else | ||
redirect_to "/dashboard", notice: "You have successfully signed in. Please change your password using the link sent to you via e-mail." | ||
if user.email |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Avoid deeply nested control flow statements.
So one big unknown is whether we can create User records with no email in the first place. Many things on the site may break, i suppose... maybe we should enter a dummy email? |
I'll write a unit test for it... |
Other than the user email issue, i see:
Indeed, this line means we need an email address! https://github.com/publiclab/plots2/blob/main/app/models/user.rb#L445 email_prefix = auth["info"]["email"].tr('.', '_').split('@')[0]
email_prefix = auth["info"]["email"].tr('.', '_').split('@')[0] + random_chars until User.where(username: email_prefix).empty? Maybe we should just throw an error saying we require an email in your Twitter account to use it to create an account? |
Confirming that removing email address for a test user broke lots of notifications stuff. We'd have to come up with alternative ways for all those features to work... |
OK we are clear (from PL staff) to refusing Twitter OAuth account creation from Twitter accounts that don't have emails - and prompting people to create an email to get around this. Thanks! |
@user_session = UserSession.create(@identity.user) | ||
@user = user | ||
# send key to user email | ||
PasswordResetMailer.reset_notify(user, key).deliver_now unless user.nil? # respond the same to both successes and failures; security |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Avoid deeply nested control flow statements.
@user = user | ||
# send key to user email | ||
PasswordResetMailer.reset_notify(user, key).deliver_now unless user.nil? # respond the same to both successes and failures; security | ||
if session[:openid_return_to] # for openid login, redirects back to openid auth process |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Avoid deeply nested control flow statements.
@user = user | ||
# log in them | ||
@user_session = UserSession.create(@identity.user) | ||
if session[:openid_return_to] # for openid login, redirects back to openid auth process |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Avoid deeply nested control flow statements.
|
Code Climate has analyzed commit 6dd94ab and detected 3 issues on this pull request. Here's the issue category breakdown:
View more on Code Climate. |
post :destroy | ||
assert_equal "Successfully logged out.", flash[:notice] | ||
#auth hash is present so login via a provider | ||
test 'sign up and login via provider basic flow for twitter user with no email' do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Noting this is now protected by a specific test for the Twitter-login-with-no-email scenario!
…r oauth with no email (publiclab#8734) * Attempt a test of Twitter oauth with no email * Update test.rb * Update user_sessions_controller_test.rb * change alerts to prompt for email * try removing email address from a user * revert removing email from user * Update user_sessions_controller_test.rb * Update user_sessions_controller.rb * Update user_sessions_controller_test.rb * Update user_sessions_controller.rb * Update user_sessions_controller_test.rb * use assert_nil session[:user_session]
…r oauth with no email (publiclab#8734) * Attempt a test of Twitter oauth with no email * Update test.rb * Update user_sessions_controller_test.rb * change alerts to prompt for email * try removing email address from a user * revert removing email from user * Update user_sessions_controller_test.rb * Update user_sessions_controller.rb * Update user_sessions_controller_test.rb * Update user_sessions_controller.rb * Update user_sessions_controller_test.rb * use assert_nil session[:user_session]
…r oauth with no email (publiclab#8734) * Attempt a test of Twitter oauth with no email * Update test.rb * Update user_sessions_controller_test.rb * change alerts to prompt for email * try removing email address from a user * revert removing email from user * Update user_sessions_controller_test.rb * Update user_sessions_controller.rb * Update user_sessions_controller_test.rb * Update user_sessions_controller.rb * Update user_sessions_controller_test.rb * use assert_nil session[:user_session]
…r oauth with no email (publiclab#8734) * Attempt a test of Twitter oauth with no email * Update test.rb * Update user_sessions_controller_test.rb * change alerts to prompt for email * try removing email address from a user * revert removing email from user * Update user_sessions_controller_test.rb * Update user_sessions_controller.rb * Update user_sessions_controller_test.rb * Update user_sessions_controller.rb * Update user_sessions_controller_test.rb * use assert_nil session[:user_session]
Fixes #8325 with a test - we may need to remove
uid
as well!Part 1
We need to modify this logic to account for not having a Twitter email:
Both of these pathways could lead to this same error:
plots2/app/controllers/user_sessions_controller.rb
Lines 75 to 99 in c60aaab
And if there's no email provided, perhaps we should divert away here too:
plots2/app/controllers/user_sessions_controller.rb
Lines 52 to 56 in c60aaab
I think this section should divert to the final
else
if there is no email in the provided Twitter response.Part 2
We then should try solving for the scenario with the allocator undefined for Proc error from #8325:
plots2/app/models/user_tag.rb
Lines 25 to 28 in 4b2e532