Refactor "user/active" related logic (#29390)

And add more tests. Remove a lot of fragile "if" blocks. The old logic is kept as-is.
2025-07-22 18:28:37 +00:00 · 2024-02-26 05:55:00 +08:00
parent ed3892d843
commit 49e4826747
4 changed files with 146 additions and 94 deletions
--- a/tests/integration/signup_test.go
+++ b/tests/integration/signup_test.go
@@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/modules/translation"
 	"code.gitea.io/gitea/tests"

@@ -58,7 +59,7 @@ func TestSignupAsRestricted(t *testing.T) {
 	assert.True(t, user2.IsRestricted)
 }

-func TestSignupEmail(t *testing.T) {
+func TestSignupEmailValidation(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()

 	setting.Service.EnableCaptcha = false
@@ -91,3 +92,50 @@ func TestSignupEmail(t *testing.T) {
 		}
 	}
 }
+
+func TestSignupEmailActive(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	defer test.MockVariableValue(&setting.Service.RegisterEmailConfirm, true)()
+
+	// try to sign up and send the activation email
+	req := NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
+		"user_name": "test-user-1",
+		"email":     "email-1@example.com",
+		"password":  "password1",
+		"retype":    "password1",
+	})
+	resp := MakeRequest(t, req, http.StatusOK)
+	assert.Contains(t, resp.Body.String(), `A new confirmation email has been sent to <b>email-1@example.com</b>.`)
+
+	// access "user/active" means trying to re-send the activation email
+	session := loginUserWithPassword(t, "test-user-1", "password1")
+	resp = session.MakeRequest(t, NewRequest(t, "GET", "/user/activate"), http.StatusOK)
+	assert.Contains(t, resp.Body.String(), "You have already requested an activation email recently")
+
+	// access "user/active" with a valid activation code, then get the "verify password" page
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "test-user-1"})
+	activationCode := user.GenerateEmailActivateCode(user.Email)
+	resp = session.MakeRequest(t, NewRequest(t, "GET", "/user/activate?code="+activationCode), http.StatusOK)
+	assert.Contains(t, resp.Body.String(), `<input id="verify-password"`)
+
+	// try to use a wrong password, it should fail
+	req = NewRequestWithValues(t, "POST", "/user/activate", map[string]string{
+		"code":     activationCode,
+		"password": "password-wrong",
+	})
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	assert.Contains(t, resp.Body.String(), `Your password does not match`)
+	assert.Contains(t, resp.Body.String(), `<input id="verify-password"`)
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "test-user-1"})
+	assert.False(t, user.IsActive)
+
+	// then use a correct password, the user should be activated
+	req = NewRequestWithValues(t, "POST", "/user/activate", map[string]string{
+		"code":     activationCode,
+		"password": "password1",
+	})
+	resp = session.MakeRequest(t, req, http.StatusSeeOther)
+	assert.Equal(t, "/", test.RedirectURL(resp))
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "test-user-1"})
+	assert.True(t, user.IsActive)
+}