only send password reset emails to pseudonyms on the active domain

fixes CNVS-28547 test plan: - create two root accounts that trust each other - create a user with a pseudonym in each account with different email addresses - request a forgot password email from 1 of the domains - you should only get an email at the address associated with the pseudonym in that account Change-Id: I68af8f516739a5c23dbbd4082f229fe4f4651aa2 Reviewed-on: https://gerrit.instructure.com/78312 Reviewed-by: Cody Cutrer <cody@instructure.com> Tested-by: Jenkins QA-Review: August Thornton <august@instructure.com> Product-Review: Simon Williams <simon@instructure.com>
2016-04-28 16:51:09 -06:00 · 2016-04-28 16:51:09 -06:00 · 7be36aea64
parent 42e96465ab
commit 7be36aea64
2 changed files with 3 additions and 5 deletions
--- a/app/controllers/pseudonyms_controller.rb
+++ b/app/controllers/pseudonyms_controller.rb
@ -91,7 +91,7 @@ class PseudonymsController < ApplicationController
      else
        cc.pseudonym ||= cc.user.pseudonym rescue nil
        cc.save if cc.changed?
-        !cc.user.pseudonyms.active.empty? && cc.user.pseudonyms.active.any?{|p| p.account_id == @domain_root_account.id || (p.works_for_account?(@domain_root_account) && p.account && p.account.canvas_authentication?) }
+        @domain_root_account.pseudonyms.active.where(user_id: cc.user_id).exists?
      end
    end
    respond_to do |format|
--- a/spec/controllers/pseudonyms_controller_spec.rb
+++ b/spec/controllers/pseudonyms_controller_spec.rb
@ -107,13 +107,11 @@ describe PseudonymsController do
        expect(assigns[:ccs].detect{|cc| cc == @cc}.messages_sent).not_to be_empty
      end

-      it "should send password-change email for users with pseudonyms in a different account" do
+      it "should not send password-change email for users with pseudonyms in a different account" do
        pseudonym(@user, :account => Account.site_admin)
        get 'forgot_password', :pseudonym_session => {:unique_id_forgot => @pseudonym.unique_id}
        expect(response).to be_redirect
-        expect(assigns[:ccs]).to include(@cc)
-        expect(assigns[:ccs].detect{|cc| cc == @cc}.messages_sent).not_to be_nil
-        expect(assigns[:ccs].detect{|cc| cc == @cc}.messages_sent).not_to be_empty
+        expect(assigns[:ccs]).not_to include(@cc)
      end
    end