From 72918f53ce5ed032f6345c8e47161549e91bff57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Ignacio=20S=C3=A1nchez=20Lara?=
 <juanignaciosl@gmail.com>
Date: Mon, 22 Jun 2015 09:17:19 +0200
Subject: [PATCH] Account not validated error on login and resend email support

---
 app/controllers/account_tokens_controller.rb  | 11 ++++++++
 app/controllers/sessions_controller.rb        |  6 ++++
 ...ccount_token_authentication_error.html.erb |  3 ++
 app/views/signup/resend.html.erb              |  1 +
 config/initializers/warden.rb                 | 12 ++++++--
 config/routes.rb                              |  1 +
 .../account_tokens_controller_spec.rb         | 28 +++++++++++++++++++
 7 files changed, 59 insertions(+), 3 deletions(-)
 create mode 100644 app/views/sessions/account_token_authentication_error.html.erb
 create mode 100644 app/views/signup/resend.html.erb

diff --git a/app/controllers/account_tokens_controller.rb b/app/controllers/account_tokens_controller.rb
index 330a914552..5e55779a46 100644
--- a/app/controllers/account_tokens_controller.rb
+++ b/app/controllers/account_tokens_controller.rb
@@ -18,4 +18,15 @@ class AccountTokensController < ApplicationController
     render 'signup/account_enabled'
   end
 
+  def resend
+    user_id = params[:user_id]
+    render_404 and return unless user_id
+    @user = User.where(id: user_id).first
+    render_404 and return unless @user
+
+    @user.notify_new_organization_user
+
+    render 'signup/resend'
+  end
+
 end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 34a5f3a4db..fa39ffd4af 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -70,6 +70,12 @@ class SessionsController < ApplicationController
     end
   end
 
+  def account_token_authentication_error
+    @user = User.where(id: warden.env['warden.options'][:user_id]).first
+    flash.now[:error] = "You need to validate your account by clicking the button we sent you to the email address #{@user.email}."
+    render 'account_token_authentication_error'
+  end
+
   protected
 
   def initialize_google_plus_config
diff --git a/app/views/sessions/account_token_authentication_error.html.erb b/app/views/sessions/account_token_authentication_error.html.erb
new file mode 100644
index 0000000000..fa0f268d7b
--- /dev/null
+++ b/app/views/sessions/account_token_authentication_error.html.erb
@@ -0,0 +1,3 @@
+<%= render :partial => 'shared/flash_message' %>
+
+Didn't you receive the email? <a href="<%= CartoDB.url(self, 'resend_validation_mail', :user_id => @user.id) %>">Click here to send it again</a>.
diff --git a/app/views/signup/resend.html.erb b/app/views/signup/resend.html.erb
new file mode 100644
index 0000000000..f439d8a76a
--- /dev/null
+++ b/app/views/signup/resend.html.erb
@@ -0,0 +1 @@
+A new validation mail has been sent to <%= @user.email %>.
diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb
index de35f6c66a..481e2013aa 100644
--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@@ -17,9 +17,15 @@ end
 Warden::Strategies.add(:password) do
   def authenticate!
     if params[:email] && params[:password]
-      if (user = User.authenticate(params[:email], params[:password])) && user.enabled?
-        success!(user, :message => "Success")
-        request.flash['logged'] = true
+      if (user = User.authenticate(params[:email], params[:password]))
+        if user.enabled?
+          success!(user, :message => "Success")
+          request.flash['logged'] = true
+        elsif !user.enable_account_token.nil?
+          throw(:warden, :action => 'account_token_authentication_error', :user_id => user.id)
+        else
+          fail!
+        end
       else
         fail!
       end
diff --git a/config/routes.rb b/config/routes.rb
index b162138acc..d15db4067a 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -15,6 +15,7 @@ CartoDB::Application.routes.draw do
   post   '(/user/:user_domain)(/u/:user_domain)/signup'           => 'signup#create',  as: :signup_organization_user
 
   get   '(/user/:user_domain)(/u/:user_domain)/enable_account_token/:id' => 'account_tokens#enable',     as: :enable_account_token_show
+  get   '(/user/:user_domain)(/u/:user_domain)/resend_validation_mail/:user_id' => 'account_tokens#resend',     as: :resend_validation_mail
 
   get   '(/user/:user_domain)(/u/:user_domain)/login'           => 'sessions#new',     as: :login
   get   '(/user/:user_domain)(/u/:user_domain)/logout'          => 'sessions#destroy', as: :logout
diff --git a/spec/requests/account_tokens_controller_spec.rb b/spec/requests/account_tokens_controller_spec.rb
index 421640ac7d..3b5860ed7b 100644
--- a/spec/requests/account_tokens_controller_spec.rb
+++ b/spec/requests/account_tokens_controller_spec.rb
@@ -33,6 +33,34 @@ describe AccountTokensController do
 
     end
 
+    describe 'resend validation mail' do
+
+      it 'returns 404 for nonexisting users' do
+        get resend_validation_mail_url(user_id: UUIDTools::UUID.timestamp_create.to_s)
+        response.status.should == 404
+      end
+
+      describe 'valid user behaviour' do
+
+        before(:each) do
+          User.any_instance.stubs(:enable_remote_db_user).returns(true)
+          @user = FactoryGirl.create(:valid_user)
+        end
+
+        after(:each) do
+          @user.destroy
+        end
+
+        it 'triggers a NewOrganizationUser job with user_id' do
+          ::Resque.expects(:enqueue).with(::Resque::UserJobs::Mail::NewOrganizationUser, @user.id).returns(true)
+          get resend_validation_mail_url(user_id: @user.id)
+          response.status.should == 200
+        end
+
+      end
+
+    end
+
   end
 
 end