Make verify-account-resend page work if verify_account_resend_explanatory_text calls verify_account_email_recently_sent?

jeremyevans · jeremyevans · commit a13d39aac99e · 2025-01-10T11:06:57.000-08:00
This can happen in Rodauth configurations that want to suppress
the notice if the account has not sent the email recently.

This makes verify_account_email_recently_sent? return falsely if
there is no associated account, such as when the page is visited
directly, instead of being displayed in response to an account
creation or login attempt.  Note that if there is no account,
the warning should be displayed, because at that point you do not
know whether the email was sent recently or not.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,5 +1,7 @@
 === master
 
+* Make verify-account-resend page work if verify_account_resend_explanatory_text calls verify_account_email_recently_sent? (jeremyevans)
+
 * Specify fixed locals for rendered templates by default, disable with use_template_fixed_locals? false (jeremyevans)
 
 * Make rodauth.has_password? method public (enescakir) (#461)
diff --git a/lib/rodauth/features/verify_account.rb b/lib/rodauth/features/verify_account.rb
@@ -241,7 +241,7 @@ def setup_account_verification
     end
 
     def verify_account_email_recently_sent?
-      (email_last_sent = get_verify_account_email_last_sent) && (Time.now - email_last_sent < verify_account_skip_resend_email_within)
+      account && (email_last_sent = get_verify_account_email_last_sent) && (Time.now - email_last_sent < verify_account_skip_resend_email_within)
     end
 
     private
diff --git a/spec/verify_account_spec.rb b/spec/verify_account_spec.rb
@@ -318,6 +318,38 @@ def bcrypt_password.==(other)
     page.find('#notice_flash').text.must_equal "Your account has been verified"
   end
 
+  it "should support accessing verify-account-resend route when not logged in and verify_account_resend_explanatory_text calls verify_account_email_recently_sent?" do
+    rodauth do
+      enable :login, :verify_account
+      verify_account_skip_resend_email_within(-1)
+      verify_account_resend_explanatory_text{super() if verify_account_email_recently_sent?}
+    end
+    roda do |r|
+      r.rodauth
+      r.root{view :content=>"Home"}
+    end
+
+    visit '/create-account'
+    fill_in 'Login', :with=>'foo@example2.com'
+    click_button 'Create Account'
+    page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
+    page.current_path.must_equal '/'
+    Mail::TestMailer.deliveries.size.must_equal 1
+
+    visit '/verify-account-resend'
+    page.title.must_equal 'Resend Verification Email'
+    fill_in 'Login', :with=>'foo@example2.com'
+    click_button 'Send Verification Email Again'
+    Mail::TestMailer.deliveries.size.must_equal 2
+
+    visit '/verify-account-resend?login=foo@example2.com'
+    page.html.wont_include "Login"
+    page.title.must_equal 'Resend Verification Email'
+    click_button 'Send Verification Email Again'
+    Mail::TestMailer.deliveries.size.must_equal 3
+    Mail::TestMailer.deliveries.clear
+  end
+
   it "should not display verify account resend link on login page when route is disabled" do
     route = "verify-account-resend"
     rodauth do
