Skip to content

[Bug] Logged-in users cannot verify their email under certain conditions

Summary

Upstream requires users to fill in their email when registering, and forces users to verify their email before they can log in.

On Upstream, when OAuth does not carry email, the system will automatically fill in the virtual email:

temp-email-for-oauth-#{username}@gitlab.localhost.

Upstream allows users to log in and then verify their real email address.

JH’s mobile phone number registration function is similar to Upstream’s OAuth’s automatic filling of virtual email:

temp-email-for-phone-#{SecureRandom.uuid}@gitlab.localhost,

JH allows users to experience 24 hours, and forced email verification after expiration (redirect to profile page).

If the user verifies their email after the trial period, they will still be redirected to the profile page, causing the email verification to fail.

example link: http://127.0.0.1:3000/users/confirmation?confirmation_token=TOKEN

Root cause: /users/confirmation should not check :require_email and :onboarding_redirect.

Upstream may have similar bug.

Steps to reproduce

  1. SAAS ENV
  2. sign up a new user without onboard processing
  3. after trial period (24 hours)
  4. send verification email
  5. lick verification link (Bug here)

What is the current bug behavior?

http://127.0.0.1:3000/users/confirmation?confirmation_token=TOKEN

Logged-in users cannot verify their email under certain conditions

What is the expected correct behavior?

http://127.0.0.1:3000/users/confirmation?confirmation_token=TOKEN User email can be verified in any situation.

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Bug case 1: fail to redirect to /profile page

bug-redirect-to-profile-confirmation_token.log

Bug case 2: fail to redirect to /users/sign_up/welcome page

bug-redirect-to-welcome-confirmation_token.log

Possible fixes

/users/confirmation should not check :require_email and :onboarding_redirect.

Baodong 编辑于