Recover more flexibly from an already-verified email

Summary:
Ref T4140. We could hit a redirect loop for a user with a verified primary email address but no "is verified" flag on their account. This shouldn't be possible since the migration should have set the flag, but we can deal with it more gracefully when it does happen (maybe because users forgot to run `storage/upgrade`, or because of ghosts).

In the controller, check the same flag we check before forcing the user to the controller.

When verifying, allow the verification if either the email or user flag isn't set.

Test Plan: Hit `/login/mustverify/`; verified an address.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4140

Differential Revision: https://secure.phabricator.com/D7621

src/applications/auth/controller/PhabricatorEmailVerificationController.php

@@ -44,7 +44,7 @@ final class PhabricatorEmailVerificationController
         'user. Make sure you followed the link in the email correctly and are '.
         'logged in with the user account associated with the email address.');
       $continue = pht('Rats!');
-    } else if ($email->getIsVerified()) {
+    } else if ($email->getIsVerified() && $user->getIsEmailVerified()) {
       $title = pht('Address Already Verified');
       $content = pht(
         'This email address has already been verified.');

src/applications/auth/controller/PhabricatorMustVerifyEmailController.php

@@ -19,7 +19,7 @@ final class PhabricatorMustVerifyEmailController
 
     $email = $user->loadPrimaryEmail();
 
-    if ($email->getIsVerified()) {
+    if ($user->getIsEmailVerified()) {
       return id(new AphrontRedirectResponse())->setURI('/');
     }