From 1009362d268de1a67af0d8c3b8f88d4b06308e3a Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Fri, 8 Apr 2016 13:38:16 -0400
Subject: [PATCH] Have recovery auto-verify the user

Fixes #1355
---
 data/model/user.py     |  4 ++++
 test/test_endpoints.py | 15 +++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/data/model/user.py b/data/model/user.py
index 38e240c9d..29eb51f85 100644
--- a/data/model/user.py
+++ b/data/model/user.py
@@ -427,6 +427,10 @@ def validate_reset_code(code):
     return None
 
   user = code.user
+  if not user.verified:
+    user.verified = True
+    user.save()
+
   code.delete_instance()
 
   return user
diff --git a/test/test_endpoints.py b/test/test_endpoints.py
index 39785711b..8dd200d9b 100644
--- a/test/test_endpoints.py
+++ b/test/test_endpoints.py
@@ -106,6 +106,21 @@ class WebEndpointTestCase(EndpointTestCase):
     code = model.user.create_reset_password_email_code(user.email)
     self.getResponse('web.confirm_recovery', code=code.code, expected_code=302)
 
+  def test_confirm_recovery_verified(self):
+    # Create a valid code and try.
+    user = model.user.get_user('devtable')
+    user.verified = False
+    user.save()
+
+    code = model.user.create_reset_password_email_code(user.email)
+    self.getResponse('web.confirm_recovery', code=code.code, expected_code=302)
+
+    # Ensure the current user is the expected user and that they are verified.
+    user = model.user.get_user('devtable')
+    self.assertTrue(user.verified)
+
+    self.getResponse('web.receipt', expected_code=404) # Will 401 if no user.
+
   def test_build_status_badge(self):
     # Try for an invalid repository.
     self.getResponse('web.build_status_badge', repository='foo/bar', expected_code=404)