From 8c44b723bb7505eb5923019b454ce9abd7ea59c0 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Mon, 3 May 2021 15:45:19 +0200
Subject: [PATCH] Change confirmations controller to redirect to / for approved
 users (#16151)

Clicking the confirmation link multiple times currently leads to entering
account settings, which can be confusing. This commit changes that so that
it redirects to the root path, so it behaves the same way as clicking only
once in most cases.
---
 .../auth/confirmations_controller.rb          |  4 +-
 .../auth/confirmations_controller_spec.rb     | 46 +++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb
index 898525269..1475bbcef 100644
--- a/app/controllers/auth/confirmations_controller.rb
+++ b/app/controllers/auth/confirmations_controller.rb
@@ -17,7 +17,9 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
   private
 
   def require_unconfirmed!
-    redirect_to edit_user_registration_path if user_signed_in? && current_user.confirmed? && current_user.unconfirmed_email.blank?
+    if user_signed_in? && current_user.confirmed? && current_user.unconfirmed_email.blank?
+      redirect_to(current_user.approved? ? root_path : edit_user_registration_path)
+    end
   end
 
   def set_body_classes
diff --git a/spec/controllers/auth/confirmations_controller_spec.rb b/spec/controllers/auth/confirmations_controller_spec.rb
index 0b6b74ff9..8469119d2 100644
--- a/spec/controllers/auth/confirmations_controller_spec.rb
+++ b/spec/controllers/auth/confirmations_controller_spec.rb
@@ -32,6 +32,52 @@ describe Auth::ConfirmationsController, type: :controller do
       end
     end
 
+    context 'when user is unconfirmed and unapproved' do
+      let!(:user) { Fabricate(:user, confirmation_token: 'foobar', confirmed_at: nil, approved: false) }
+
+      before do
+        allow(BootstrapTimelineWorker).to receive(:perform_async)
+        @request.env['devise.mapping'] = Devise.mappings[:user]
+        get :show, params: { confirmation_token: 'foobar' }
+      end
+
+      it 'redirects to login' do
+        expect(response).to redirect_to(new_user_session_path)
+      end
+    end
+
+    context 'when user is already confirmed' do
+      let!(:user) { Fabricate(:user) }
+
+      before do
+        allow(BootstrapTimelineWorker).to receive(:perform_async)
+        @request.env['devise.mapping'] = Devise.mappings[:user]
+        sign_in(user, scope: :user)
+        get :show, params: { confirmation_token: 'foobar' }
+      end
+
+      it 'redirects to root path' do
+        expect(response).to redirect_to(root_path)
+      end
+    end
+
+    context 'when user is already confirmed but unapproved' do
+      let!(:user) { Fabricate(:user, approved: false) }
+
+      before do
+        allow(BootstrapTimelineWorker).to receive(:perform_async)
+        @request.env['devise.mapping'] = Devise.mappings[:user]
+        user.approved = false
+        user.save!
+        sign_in(user, scope: :user)
+        get :show, params: { confirmation_token: 'foobar' }
+      end
+
+      it 'redirects to settings' do
+        expect(response).to redirect_to(edit_user_registration_path)
+      end
+    end
+
     context 'when user is updating email' do
       let!(:user) { Fabricate(:user, confirmation_token: 'foobar', unconfirmed_email: 'new-email@example.com') }