diff --git a/app/controllers/api/v1/users_controller.rb b/app/controllers/api/v1/users_controller.rb
index a113f2fca94d8a639379911a44f8ed2b0eca4342..f3dc625210d14b7af47d40d36f9958a3c11d71fb 100644
--- a/app/controllers/api/v1/users_controller.rb
+++ b/app/controllers/api/v1/users_controller.rb
@@ -23,6 +23,7 @@ module Api
# POST /api/v1/users.json
# Creates and saves a new user record in the database with the provided parameters
def create
+ smtp_enabled = ENV['SMTP_SERVER'].present?
# Check if this is an admin creating a user
admin_create = current_user && PermissionsChecker.new(current_user:, permission_names: 'ManageUsers', current_provider:).call
@@ -37,6 +38,8 @@ module Api
user = UserCreator.new(user_params: create_user_params.except(:invite_token), provider: current_provider, role: default_role).call
+ user.verify! unless smtp_enabled
+
# TODO: Add proper error logging for non-verified token hcaptcha
if !admin_create && hcaptcha_enabled? && !verify_hcaptcha(response: params[:token])
return render_error errors: Rails.configuration.custom_error_msgs[:hcaptcha_invalid]
@@ -46,10 +49,12 @@ module Api
user.pending! if !admin_create && registration_method == SiteSetting::REGISTRATION_METHODS[:approval]
if user.save
- token = user.generate_activation_token!
- UserMailer.with(user:, expires_in: User::ACTIVATION_TOKEN_VALIDITY_PERIOD.from_now,
- activation_url: activate_account_url(token), base_url: request.base_url,
- provider: current_provider).activate_account_email.deliver_later
+ if smtp_enabled
+ token = user.generate_activation_token!
+ UserMailer.with(user:, expires_in: User::ACTIVATION_TOKEN_VALIDITY_PERIOD.from_now,
+ activation_url: activate_account_url(token), base_url: request.base_url,
+ provider: current_provider).activate_account_email.deliver_later
+ end
create_default_room(user)
diff --git a/sample.env b/sample.env
index 638c919e90c724c325496a971fba3ccdcf47a4b5..e3a22c6a39cb5cedc79d40e82b46771fc3892e6e 100644
--- a/sample.env
+++ b/sample.env
@@ -20,23 +20,23 @@ DATABASE_URL=
# E.g. redis://redis:6379
REDIS_URL=
+### OPTIONAL ENV VARS
+
### SMTP CONFIGURATION
# Emails are required for the basic features of Greenlight to function.
# Please refer to your SMTP provider to get the values for the variables below
-SMTP_SENDER_EMAIL=
-SMTP_SENDER_NAME=
-SMTP_SERVER=
-SMTP_PORT=
-SMTP_DOMAIN=
-SMTP_USERNAME=
-SMTP_PASSWORD=
-SMTP_AUTH=
-SMTP_STARTTLS_AUTO=
-SMTP_STARTTLS=
-SMTP_TLS=
-SMTP_SSL_VERIFY=
-
-### OPTIONAL ENV VARS
+#SMTP_SENDER_EMAIL=
+#SMTP_SENDER_NAME=
+#SMTP_SERVER=
+#SMTP_PORT=
+#SMTP_DOMAIN=
+#SMTP_USERNAME=
+#SMTP_PASSWORD=
+#SMTP_AUTH=
+#SMTP_STARTTLS_AUTO=true
+#SMTP_STARTTLS=false
+#SMTP_TLS=false
+#SMTP_SSL_VERIFY=true
### EXTERNAL AUTHENTICATION METHODS
#
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 1d80107a2025bc0c098f9719d9706efe6df25242..56dcb2dbd16ed9ee2f82f75c932cd9fb3c032bda 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -8,6 +8,7 @@ RSpec.describe Api::V1::UsersController, type: :controller do
let(:fake_setting_getter) { instance_double(SettingGetter) }
before do
+ ENV['SMTP_SERVER'] = 'test.com'
request.headers['ACCEPT'] = 'application/json'
end
@@ -63,23 +64,39 @@ RSpec.describe Api::V1::UsersController, type: :controller do
end
context 'activation' do
- it 'generates an activation token for the user' do
- freeze_time
+ context 'SMTP enabled' do
+ it 'generates an activation token for the user' do
+ freeze_time
- post :create, params: user_params
- user = User.find_by email: user_params[:user][:email]
- expect(user.verification_digest).to be_present
- expect(user.verification_sent_at).to eq(Time.current)
- expect(user).not_to be_verified
+ post :create, params: user_params
+ user = User.find_by email: user_params[:user][:email]
+ expect(user.verification_digest).to be_present
+ expect(user.verification_sent_at).to eq(Time.current)
+ expect(user).not_to be_verified
+ end
+
+ it 'sends activation email to and does not sign in the created user' do
+ session[:session_token] = nil
+ expect { post :create, params: user_params }.to change(User, :count).by(1)
+ expect(ActionMailer::MailDeliveryJob).to have_been_enqueued.at(:no_wait).exactly(:once).with('UserMailer', 'activate_account_email',
+ 'deliver_now', Hash)
+ expect(response).to have_http_status(:created)
+ expect(session[:session_token]).to be_nil
+ end
end
- it 'sends activation email to and does not sign in the created user' do
- session[:session_token] = nil
- expect { post :create, params: user_params }.to change(User, :count).by(1)
- expect(ActionMailer::MailDeliveryJob).to have_been_enqueued.at(:no_wait).exactly(:once).with('UserMailer', 'activate_account_email',
- 'deliver_now', Hash)
- expect(response).to have_http_status(:created)
- expect(session[:session_token]).to be_nil
+ context 'SMTP disabled' do
+ before do
+ ENV['SMTP_SERVER'] = ''
+ end
+
+ it 'marks the user as verified and signs them in' do
+ post :create, params: user_params
+
+ user = User.find_by email: user_params[:user][:email]
+ expect(user).to be_verified
+ expect(session[:session_token]).to eq(user.session_token)
+ end
end
end