Commit ced2a932 authored by Stan Hu's avatar Stan Hu

Add ability to skip user email confirmation with API

This gives admins the ability to send a `skip_confirmation` flag in the
`POST /users/:id/email` API endpoint to skip the verification step and
assume the given e-mail address is verified.

Closes #50876
parent 2f990e34
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
module Emails module Emails
class BaseService class BaseService
attr_reader :current_user
def initialize(current_user, params = {}) def initialize(current_user, params = {})
@current_user, @params = current_user, params.dup @current_user, @params = current_user, params.dup
@user = params.delete(:user) @user = params.delete(:user)
......
...@@ -3,7 +3,12 @@ ...@@ -3,7 +3,12 @@
module Emails module Emails
class CreateService < ::Emails::BaseService class CreateService < ::Emails::BaseService
def execute(extra_params = {}) def execute(extra_params = {})
@user.emails.create(@params.merge(extra_params)) skip_confirmation = @params.delete(:skip_confirmation)
email = @user.emails.create(@params.merge(extra_params))
email&.confirm if skip_confirmation && current_user.admin?
email
end end
end end
end end
---
title: Add ability to skip user email confirmation with API
merge_request: 21630
author:
type: added
...@@ -972,6 +972,7 @@ Parameters: ...@@ -972,6 +972,7 @@ Parameters:
- `id` (required) - id of specified user - `id` (required) - id of specified user
- `email` (required) - email address - `email` (required) - email address
- `skip_confirmation` (optional) - Skip confirmation and assume e-mail is verified - true or false (default)
## Delete email for current user ## Delete email for current user
......
...@@ -361,6 +361,7 @@ module API ...@@ -361,6 +361,7 @@ module API
params do params do
requires :id, type: Integer, desc: 'The ID of the user' requires :id, type: Integer, desc: 'The ID of the user'
requires :email, type: String, desc: 'The email of the user' requires :email, type: String, desc: 'The email of the user'
optional :skip_confirmation, type: Boolean, desc: 'Skip confirmation of email and assume it is verified'
end end
post ":id/emails" do post ":id/emails" do
authenticated_as_admin! authenticated_as_admin!
......
...@@ -1031,11 +1031,14 @@ describe API::Users do ...@@ -1031,11 +1031,14 @@ describe API::Users do
expect(json_response['error']).to eq('email is missing') expect(json_response['error']).to eq('email is missing')
end end
it "creates email" do it "creates unverified email" do
email_attrs = attributes_for :email email_attrs = attributes_for :email
expect do expect do
post api("/users/#{user.id}/emails", admin), email_attrs post api("/users/#{user.id}/emails", admin), email_attrs
end.to change { user.emails.count }.by(1) end.to change { user.emails.count }.by(1)
email = Email.find_by(user_id: user.id, email: email_attrs[:email])
expect(email).not_to be_confirmed
end end
it "returns a 400 for invalid ID" do it "returns a 400 for invalid ID" do
...@@ -1043,6 +1046,18 @@ describe API::Users do ...@@ -1043,6 +1046,18 @@ describe API::Users do
expect(response).to have_gitlab_http_status(400) expect(response).to have_gitlab_http_status(400)
end end
it "creates verified email" do
email_attrs = attributes_for :email
email_attrs[:skip_confirmation] = true
post api("/users/#{user.id}/emails", admin), email_attrs
expect(response).to have_gitlab_http_status(201)
email = Email.find_by(user_id: user.id, email: email_attrs[:email])
expect(email).to be_confirmed
end
end end
describe 'GET /user/:id/emails' do describe 'GET /user/:id/emails' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment