auth: Make "Continue to registration" actually register you.

The main change here is to send a proper confirmation link to the frontend in the `confirm_continue_registration` code path even if the user didn't request signup, so that we don't need to re-authenticate the user's control over their email address in that flow. This also lets us delete some now-unnecessary code: The `invalid_email` case is now handled by HomepageForm.is_valid(), which has nice error handling, so we no longer need logic in the context computation or template for `confirm_continue_registration` for the corner case where the user somehow has an invalid email address authenticated. We split one GitHub auth backend test to now cover both corner cases (invalid email for realm, and valid email for realm), and rewrite the Google auth test for this code path as well. Fixes #5895.
2025-11-03 21:43:21 +00:00 · 2018-04-22 15:12:52 -07:00
parent c65a4e8f0b
commit c88163eea8
3 changed files with 90 additions and 68 deletions
--- a/zerver/views/auth.py
+++ b/zerver/views/auth.py
@@ -67,26 +67,6 @@ def create_preregistration_user(email: Text, request: HttpRequest, realm_creatio

 def maybe_send_to_registration(request: HttpRequest, email: Text, full_name: Text='',
                               is_signup: bool=False, password_required: bool=True) -> HttpResponse:
-
-    if not is_signup:
-        # If the user isn't trying to sign up, we take them to a
-        # special page asking them whether that's their intent; this
-        # helps prevent accidental account creation when users pick
-        # the wrong Google account.
-        try:
-            validate_email(email)
-            invalid_email = False
-        except ValidationError:
-            # If email address is invalid, we can't send the user
-            # PreregistrationUser flow.
-            invalid_email = True
-        context = {'full_name': full_name,
-                   'email': email,
-                   'invalid_email': invalid_email}
-        return render(request,
-                      'zerver/confirm_continue_registration.html',
-                      context=context)
-
    realm = get_realm(get_subdomain(request))
    from_multiuse_invite = False
    multiuse_obj = None
@@ -126,7 +106,14 @@ def maybe_send_to_registration(request: HttpRequest, email: Text, full_name: Tex
            # urllib does not handle Unicode, so coerece to encoded byte string
            # Explanation: http://stackoverflow.com/a/5605354/90777
            urllib.parse.quote_plus(full_name.encode('utf8'))))
-        return redirect(confirmation_link)
+        if is_signup:
+            return redirect(confirmation_link)
+
+        context = {'email': email,
+                   'continue_link': confirmation_link}
+        return render(request,
+                      'zerver/confirm_continue_registration.html',
+                      context=context)
    else:
        url = reverse('register')
        return render(request,