Change all paranoid settings to behave as success instead of as failure, closes #1375.

2022-11-09 12:18:31 -05:00 · 2011-10-15 10:51:40 +02:00 · 2011-10-15 10:51:40 +02:00 · 2a5ad4664b
commit 2a5ad4664b
parent b98720d324
6 changed files with 17 additions and 29 deletions
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@ -3,6 +3,7 @@
 * bug fix
  * Allow idempotent API requests
  * Fix bug where logs did not show 401 as status code
+  * Change paranoid settings to behave as success instead of as failure

 * deprecation
  * redirect_location is deprecated, please use after_sign_in_path_for
--- a/app/controllers/devise/confirmations_controller.rb
+++ b/app/controllers/devise/confirmations_controller.rb
@ -11,8 +11,7 @@ class Devise::ConfirmationsController < ApplicationController
  def create
    self.resource = resource_class.send_confirmation_instructions(params[resource_name])

-    if successful_and_sane?(resource)
-      set_flash_message(:notice, :send_instructions) if is_navigational_format?
+    if successfully_sent?(resource)
      respond_with({}, :location => after_resending_confirmation_instructions_path_for(resource_name))
    else
      respond_with_navigational(resource){ render_with_scope :new }
--- a/app/controllers/devise/unlocks_controller.rb
+++ b/app/controllers/devise/unlocks_controller.rb
@ -12,8 +12,7 @@ class Devise::UnlocksController < ApplicationController
  def create
    self.resource = resource_class.send_unlock_instructions(params[resource_name])

-    if successful_and_sane?(resource)
-      set_flash_message :notice, :send_instructions if is_navigational_format?
+    if successfully_sent?(resource)
      respond_with({}, :location => new_session_path(resource_name))
    else
      respond_with_navigational(resource){ render_with_scope :new }
--- a/lib/devise/controllers/internal_helpers.rb
+++ b/lib/devise/controllers/internal_helpers.rb
@ -101,29 +101,20 @@ MESSAGE
        end
      end

-      # Helper for use to validate if an resource is errorless. If we are on paranoid mode, we always should assume it is
-      # and return false.
-      def successful_and_sane?(resource)
-        if Devise.paranoid
-          set_flash_message :notice, :send_paranoid_instructions if is_navigational_format?
-          resource.errors.clear
-          false
-        else
-          resource.errors.empty?
-        end
-      end
-      
-      # Helper for use after calling send_*_instructions methods on a resource. If we are in paranoid mode, we always
-      # act as if the resource was valid and instructions were sent.
+      # Helper for use after calling send_*_instructions methods on a resource.
+      # If we are in paranoid mode, we always act as if the resource was valid
+      # and instructions were sent.
      def successfully_sent?(resource)
        notice = if Devise.paranoid
+          resource.errors.clear
          :send_paranoid_instructions
        elsif resource.errors.empty?
          :send_instructions
        end

-        notice.present?.tap do |success| 
-          set_flash_message :notice, notice if success && is_navigational_format?
+        if notice
+          set_flash_message :notice, notice if is_navigational_format?
+          true
        end
      end

--- a/test/integration/confirmable_test.rb
+++ b/test/integration/confirmable_test.rb
@ -157,7 +157,7 @@ class ConfirmationTest < ActionController::IntegrationTest
      click_button 'Resend confirmation instructions'

      assert_contain "If your e-mail exists on our database, you will receive an email with instructions about how to confirm your account in a few minutes."
-      assert_current_url "/users/confirmation"
+      assert_current_url "/users/sign_in"
    end
  end

@ -173,7 +173,7 @@ class ConfirmationTest < ActionController::IntegrationTest
      assert_not_contain "Email not found"

      assert_contain "If your e-mail exists on our database, you will receive an email with instructions about how to confirm your account in a few minutes."
-      assert_current_url "/users/confirmation"
+      assert_current_url "/users/sign_in"
    end
  end
 end
--- a/test/integration/lockable_test.rb
+++ b/test/integration/lockable_test.rb
@ -159,8 +159,7 @@ class LockTest < ActionController::IntegrationTest
      fill_in 'email', :with => user.email
      click_button 'Resend unlock instructions'

-      assert_current_url "/users/unlock"
-
+      assert_current_url "/users/sign_in"
      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
    end
  end
@ -175,8 +174,7 @@ class LockTest < ActionController::IntegrationTest
      fill_in 'email', :with => user.email
      click_button 'Resend unlock instructions'

-      assert_current_url "/users/unlock"
-
+      assert_current_url "/users/sign_in"
      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
    end
  end
@ -191,7 +189,7 @@ class LockTest < ActionController::IntegrationTest

      assert_not_contain "1 error prohibited this user from being saved:"
      assert_not_contain "Email not found"
-      assert_current_url "/users/unlock"
+      assert_current_url "/users/sign_in"

      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."