From: Tom Hughes Date: Tue, 18 Jul 2017 23:31:03 +0000 (+0100) Subject: Mark account suspended flash message as HTML safe X-Git-Tag: live~3313 X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/4874219ab83c9e56d17be2aaca0d43ffc51da4cf Mark account suspended flash message as HTML safe Fixes #1590 --- diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 82373c90a..f80df8623 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -547,7 +547,7 @@ class UserController < ApplicationController when "active", "confirmed" then successful_login(user, request.env["omniauth.params"]["referer"]) when "suspended" then - failed_login t("user.login.account is suspended", :webmaster => "mailto:#{SUPPORT_EMAIL}") + failed_login t("user.login.account is suspended", :webmaster => "mailto:#{SUPPORT_EMAIL}").html_safe else failed_login t("user.login.auth failure") end @@ -575,7 +575,7 @@ class UserController < ApplicationController elsif user = User.authenticate(:username => username, :password => password, :pending => true) unconfirmed_login(user) elsif User.authenticate(:username => username, :password => password, :suspended => true) - failed_login t("user.login.account is suspended", :webmaster => "mailto:#{SUPPORT_EMAIL}"), username + failed_login t("user.login.account is suspended", :webmaster => "mailto:#{SUPPORT_EMAIL}").html_safe, username else failed_login t("user.login.auth failure"), username end diff --git a/test/integration/user_login_test.rb b/test/integration/user_login_test.rb index 538c03999..2c3e61be6 100644 --- a/test/integration/user_login_test.rb +++ b/test/integration/user_login_test.rb @@ -113,7 +113,9 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_template "login" assert_select "span.username", false - assert_select "div.flash.error", /your account has been suspended/ + assert_select "div.flash.error", /your account has been suspended/ do + assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster" + end end def test_login_email_password_suspended_upcase @@ -123,7 +125,9 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_template "login" assert_select "span.username", false - assert_select "div.flash.error", /your account has been suspended/ + assert_select "div.flash.error", /your account has been suspended/ do + assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster" + end end def test_login_email_password_suspended_titlecase @@ -133,7 +137,9 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_template "login" assert_select "span.username", false - assert_select "div.flash.error", /your account has been suspended/ + assert_select "div.flash.error", /your account has been suspended/ do + assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster" + end end def test_login_email_password_blocked @@ -264,7 +270,9 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_template "login" assert_select "span.username", false - assert_select "div.flash.error", /your account has been suspended/ + assert_select "div.flash.error", /your account has been suspended/ do + assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster" + end end def test_login_username_password_suspended_upcase @@ -274,7 +282,9 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_template "login" assert_select "span.username", false - assert_select "div.flash.error", /your account has been suspended/ + assert_select "div.flash.error", /your account has been suspended/ do + assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster" + end end def test_login_username_password_suspended_downcase @@ -284,7 +294,9 @@ class UserLoginTest < ActionDispatch::IntegrationTest assert_template "login" assert_select "span.username", false - assert_select "div.flash.error", /your account has been suspended/ + assert_select "div.flash.error", /your account has been suspended/ do + assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster" + end end def test_login_username_password_blocked