Merge branch 'fix-unverified-email-badge' into 'master'

Prevent unauthorized display of GitLab employee badge Closes #212618 See merge request gitlab-org/gitlab!28397

Merge branch 'fix-unverified-email-badge' into 'master'
Prevent unauthorized display of GitLab employee badge Closes #212618 See merge request gitlab-org/gitlab!28397
11994821 · Dmytro Zaporozhets · e587c386 · 072f29fd · 11994821 · 11994821
Commit 11994821 authored Apr 02, 2020 by Dmytro Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

app/models/user.rb app/models/user.rb +1 -1

spec/models/user_spec.rb spec/models/user_spec.rb +6 -0

No files found.
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1689,7 +1689,7 @@ class User < ApplicationRecord
  def gitlab_employee?
    strong_memoize(:gitlab_employee) do
      if Gitlab.com?
-        Mail::Address.new(email).domain == "gitlab.com"
+        Mail::Address.new(email).domain == "gitlab.com" && confirmed?
      else
        false
      end

--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -4400,6 +4400,12 @@ describe User, :do_not_mock_admin_mode do

      it { is_expected.to be expected_result }
    end
+
+    context 'when email is of Gitlab and is not confirmed' do
+      let(:user) { build(:user, email: 'test@gitlab.com', confirmed_at: nil) }
+
+      it { is_expected.to be false }
+    end
  end

  describe '#current_highest_access_level' do