Ensure params contains the expected user data

a71fb931 · Ash McKenzie · 9944ee53 · a71fb931 · a71fb931
Commit a71fb931 authored Jun 20, 2019 by Ash McKenzie
Showing with 20 additions and 9 deletions

app/controllers/registrations_controller.rb app/controllers/registrations_controller.rb +12 -8

spec/controllers/registrations_controller_spec.rb spec/controllers/registrations_controller_spec.rb +8 -1

No files found.
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -15,13 +15,6 @@ class RegistrationsController < Devise::RegistrationsController
  end

  def create
-    # To avoid duplicate form fields on the login page, the registration form
-    # names fields using `new_user`, but Devise still wants the params in
-    # `user`.
-    if params["new_#{resource_name}"].present? && params[resource_name].blank?
-      params[resource_name] = params.delete(:"new_#{resource_name}")
-    end
-
    accept_pending_invitations

    super do |new_user|
@@ -85,8 +78,19 @@ class RegistrationsController < Devise::RegistrationsController

  private

+  def ensure_correct_params!
+    # To avoid duplicate form fields on the login page, the registration form
+    # names fields using `new_user`, but Devise still wants the params in
+    # `user`.
+    if params["new_#{resource_name}"].present? && params[resource_name].blank?
+      params[resource_name] = params.delete(:"new_#{resource_name}")
+    end
+  end
+
  def check_captcha
-    return unless Feature.enabled?(:registrations_recaptcha, default_enabled: true)
+    ensure_correct_params!
+
+    return unless Feature.enabled?(:registrations_recaptcha, default_enabled: true) # reCAPTCHA on the UI will still display however
    return unless Gitlab::Recaptcha.load_configurations!

    return if verify_recaptcha

--- a/spec/controllers/registrations_controller_spec.rb
+++ b/spec/controllers/registrations_controller_spec.rb
@@ -6,7 +6,8 @@ describe RegistrationsController do
  include TermsHelper

  describe '#create' do
-    let(:user_params) { { user: { name: 'new_user', username: 'new_username', email: 'new@user.com', password: 'Any_password' } } }
+    let(:base_user_params) { { name: 'new_user', username: 'new_username', email: 'new@user.com', password: 'Any_password' } }
+    let(:user_params) { { user: base_user_params } }

    context 'email confirmation' do
      around do |example|
@@ -105,6 +106,12 @@ describe RegistrationsController do
        expect(subject.current_user.terms_accepted?).to be(true)
      end
    end
+
+    it 'handles when params are new_user' do
+      post(:create, params: { new_user: base_user_params })
+
+      expect(subject.current_user).not_to be_nil
+    end
  end

  describe '#destroy' do