[webui] user controller: Move unconfirmed state check to the model

src/api/app/controllers/webui/user_controller.rb

@@ -41,7 +41,7 @@ def do_login
       user = User.authenticate(params[:username], params[:password])
     end
 
-    if user.nil? || (user.state == User::STATES['ichainrequest'] || user.state == User::STATES['unconfirmed'])
+    unless user
       redirect_to(user_login_path, error: 'Authentication failed')
       return
     end

src/api/app/models/user.rb

@@ -375,6 +375,12 @@ def authenticate(user_login, password = nil)
       else
         user = User.find_with_credentials(user_login, password)
       end
+
+      # User account is not confirmed yet
+      if [STATES['ichainrequest'], STATES['unconfirmed']].include?(user.try(:state))
+        return
+      end
+
       User.current = user
     end
 

src/api/test/fixtures/users.yml

@@ -281,3 +281,16 @@ user6:
   password_salt: Vibb8QsN4I
   password_crypted: osEJSjdDGtlBY
   state: 2
+unconfirmed_user:
+  created_at: 2012-01-16 13:36:00.000000000 Z
+  updated_at: 2012-01-16 13:36:00.000000000 Z
+  last_logged_in_at: 2012-01-16 13:36:00.000000000 Z
+  login_failure_count: 0
+  login: unconfirmed_user
+  email: test@example.com
+  realname: ''
+  password: df9a257e5a7c1af44987f695369adc44
+  password_hash_type: md5
+  password_salt: Vibb8QsN4I
+  password_crypted: osEJSjdDGtlBY
+  state: 1

src/api/test/unit/user_test.rb

@@ -25,6 +25,10 @@ def test_login
     user = User.authenticate("nonexistant")
     assert_equal nil, user
     assert_equal nil, User.current
+
+    user = User.authenticate("unconfirmed_user")
+    assert_equal nil, user
+    assert_equal nil, User.current
   end
 
   def test_create_home_project