Clearing perishable token when confirming or reseting password.
This commit is contained in:
parent
73442abe95
commit
3700e9979c
|
@ -35,6 +35,7 @@ module Devise
|
|||
#
|
||||
def confirm!
|
||||
unless_confirmed do
|
||||
clear_perishable_token
|
||||
update_attribute(:confirmed_at, Time.now)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -36,6 +36,10 @@ module Devise
|
|||
reset_perishable_token && save(false)
|
||||
end
|
||||
|
||||
def clear_perishable_token
|
||||
self.perishable_token = nil
|
||||
end
|
||||
|
||||
module ClassMethods
|
||||
|
||||
# Attempt to find a user by and incoming perishable_token. If no user is
|
||||
|
|
|
@ -26,11 +26,13 @@ module Devise
|
|||
self.password_confirmation = new_password_confirmation
|
||||
end
|
||||
|
||||
# Update password saving the record. Returns true if the passwords are
|
||||
# valid, otherwise false.
|
||||
# Update password saving the record and clearing token. Returns true if
|
||||
# the passwords are valid and the record was saved, false otherwise.
|
||||
#
|
||||
def reset_password!(new_password, new_password_confirmation)
|
||||
reset_password(new_password, new_password_confirmation) and save
|
||||
reset_password(new_password, new_password_confirmation)
|
||||
clear_perishable_token
|
||||
save
|
||||
end
|
||||
|
||||
# Resets perishable token and send reset password instructions by email
|
||||
|
|
|
@ -82,7 +82,8 @@ class UsersPasswordRecoveryTest < ActionController::IntegrationTest
|
|||
|
||||
test 'not authenticated user with valid perisable token but invalid password should not be able to change his password' do
|
||||
user = create_user
|
||||
reset_password :perishable_token => user.perishable_token do
|
||||
request_forgot_password
|
||||
reset_password :perishable_token => user.reload.perishable_token do
|
||||
fill_in 'Password confirmation', :with => 'other_password'
|
||||
end
|
||||
|
||||
|
@ -95,7 +96,8 @@ class UsersPasswordRecoveryTest < ActionController::IntegrationTest
|
|||
|
||||
test 'not authenticated user with valid data should be able to change his password' do
|
||||
user = create_user
|
||||
reset_password :perishable_token => user.perishable_token
|
||||
request_forgot_password
|
||||
reset_password :perishable_token => user.reload.perishable_token
|
||||
|
||||
assert_template 'sessions/new'
|
||||
assert_contain 'Your password was changed successfully.'
|
||||
|
|
|
@ -17,6 +17,13 @@ class ConfirmableTest < ActiveSupport::TestCase
|
|||
assert_not_nil user.confirmed_at
|
||||
end
|
||||
|
||||
test 'should clear perishable token while confirming a user' do
|
||||
user = create_user
|
||||
assert_present user.perishable_token
|
||||
user.confirm!
|
||||
assert_nil user.perishable_token
|
||||
end
|
||||
|
||||
test 'should verify whether a user is confirmed or not' do
|
||||
assert_not new_user.confirmed?
|
||||
user = create_user
|
||||
|
|
|
@ -17,6 +17,13 @@ class RecoverableTest < ActiveSupport::TestCase
|
|||
assert create_user.reset_password!('123456789', '123456789')
|
||||
end
|
||||
|
||||
test 'should clear perishable token while reseting the password' do
|
||||
user = create_user
|
||||
assert_present user.perishable_token
|
||||
user.reset_password!('123456789', '123456789')
|
||||
assert_nil user.perishable_token
|
||||
end
|
||||
|
||||
test 'should not reset password with invalid data' do
|
||||
user = create_user
|
||||
user.stubs(:valid?).returns(false)
|
||||
|
|
Loading…
Reference in New Issue