Add ability to skip user email confirmation with API

This gives admins the ability to send a `skip_confirmation` flag in the `POST /users/:id/email` API endpoint to skip the verification step and assume the given e-mail address is verified. Closes #50876

Add ability to skip user email confirmation with API
ced2a932 · Stan Hu · 2f990e34 · ced2a932 · ced2a932 · ced2a932
Commit ced2a932 authored 6 years ago by Stan Hu
--- a/app/services/emails/base_service.rb
+++ b/app/services/emails/base_service.rb
@@ -2,6 +2,8 @@
  
 module Emails
  class BaseService
+    attr_reader :current_user
+
    def initialize(current_user, params = {})
      @current_user, @params = current_user, params.dup
      @user = params.delete(:user)

--- a/app/services/emails/create_service.rb
+++ b/app/services/emails/create_service.rb
@@ -3,7 +3,12 @@
 module Emails
  class CreateService < ::Emails::BaseService
    def execute(extra_params = {})
-      @user.emails.create(@params.merge(extra_params))
+      skip_confirmation = @params.delete(:skip_confirmation)
+
+      email = @user.emails.create(@params.merge(extra_params))
+
+      email&.confirm if skip_confirmation && current_user.admin?
+      email
    end
  end
 end
--- a/changelogs/unreleased/sh-support-adding-confirmed-emails.yml
+++ b/changelogs/unreleased/sh-support-adding-confirmed-emails.yml
+---
+title: Add ability to skip user email confirmation with API
+merge_request: 21630
+author:
+type: added
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -972,6 +972,7 @@ Parameters:
  
 - `id` (required)    - id of specified user
 - `email` (required) - email address
+- `skip_confirmation` (optional) - Skip confirmation and assume e-mail is verified - true or false (default)
  
 ## Delete email for current user
  

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -361,6 +361,7 @@ module API
      params do
        requires :id, type: Integer, desc: 'The ID of the user'
        requires :email, type: String, desc: 'The email of the user'
+        optional :skip_confirmation, type: Boolean, desc: 'Skip confirmation of email and assume it is verified'
      end
      post ":id/emails" do
        authenticated_as_admin!

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -1031,11 +1031,14 @@ describe API::Users do
      expect(json_response['error']).to eq('email is missing')
    end
  
-    it "creates email" do
+    it "creates unverified email" do
      email_attrs = attributes_for :email
      expect do
        post api("/users/#{user.id}/emails", admin), email_attrs
      end.to change { user.emails.count }.by(1)
+
+      email = Email.find_by(user_id: user.id, email: email_attrs[:email])
+      expect(email).not_to be_confirmed
    end
  
    it "returns a 400 for invalid ID" do
@@ -1043,6 +1046,18 @@ describe API::Users do
  
      expect(response).to have_gitlab_http_status(400)
    end
+
+    it "creates verified email" do
+      email_attrs = attributes_for :email
+      email_attrs[:skip_confirmation] = true
+
+      post api("/users/#{user.id}/emails", admin), email_attrs
+
+      expect(response).to have_gitlab_http_status(201)
+
+      email = Email.find_by(user_id: user.id, email: email_attrs[:email])
+      expect(email).to be_confirmed
+    end
  end
  
  describe 'GET /user/:id/emails' do