User#gitlab_employee? should return `false` for users with unverified email
Summary
gitlab_employee?
returns true
even if the user has not verified their email. On gitlab.com a user can register with any email address and post comments without verifying their email. This could potentially cause issues as someone could signup with a @gitlab.com
email address even if they are not a GitLab employee.
Will mostly be an issue for #212259 (closed)
Steps to reproduce
- Turn on Email confirmation in Admin settings: https://docs.gitlab.com/ee/security/user_email_confirmation.html
- Enable the
:soft_email_confirmation
feature flag (used on gitlab.com) - Register with a user with a
@gitlab.com
email address - Check the return value of
gitlab_employee?
in the consoleu = User.last
u.gitlab_employee?
What is the current bug behavior?
gitlab_employee?
returns true
even if user has not verified their email.
What is the expected correct behavior?
gitlab_employee?
should return false
if user has not verified their email.
Relevant logs and/or screenshots
Possible fixes
Add check for verified email
Edited by Aishwarya Subramanian