Do not require invited users to confirm their email address
What does this MR do?
- Allows an invited user to skip the confirmation step on registration for their email if the email used matches the one from the invite that was 'clicked'.
Testing this via GDK(locally)
- Ensure
ApplicationSetting
ofsend_user_confirmation_email
is set to true by starting rails consolebundle exec rails c
:a = ApplicationSetting.first a.send_user_confirmation_email = true a.save
- Visit any project members page and invite a user by email(non-existing user) to that project.
- Open Rails letter opener(
http://localhost:3000/rails/letter_opener/
) to see the invite email(if non is there, check that your background jobs are running withgdk status
). - Once you find the email, open the
Join now
link in an incognito browser window. - Register using email from invite(should be pre-filled).
- Confirm you are not asked to confirm email.
Test behaviour for an email that doesn't match
- Try the same steps above with a different invite email.
- Change the email on the registration form so that it does not match the invite email.
- Confirm you are asked to confirm email.
Test behaviour before this change
- Try the same steps above against master branch with a different email.
- Confirm you see a confirm email step after registering.
Does this MR meet the acceptance criteria?
Conformity
-
📋 Does this MR need a changelog?-
I have included a changelog entry. -
I have not included a changelog entry because _____.
-
-
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Related to #328229
Edited by Dylan Griffith