Clearing perishable token when confirming or reseting password.
This commit is contained in:
parent
73442abe95
commit
3700e9979c
|
@ -35,6 +35,7 @@ module Devise
|
||||||
#
|
#
|
||||||
def confirm!
|
def confirm!
|
||||||
unless_confirmed do
|
unless_confirmed do
|
||||||
|
clear_perishable_token
|
||||||
update_attribute(:confirmed_at, Time.now)
|
update_attribute(:confirmed_at, Time.now)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -36,6 +36,10 @@ module Devise
|
||||||
reset_perishable_token && save(false)
|
reset_perishable_token && save(false)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def clear_perishable_token
|
||||||
|
self.perishable_token = nil
|
||||||
|
end
|
||||||
|
|
||||||
module ClassMethods
|
module ClassMethods
|
||||||
|
|
||||||
# Attempt to find a user by and incoming perishable_token. If no user is
|
# Attempt to find a user by and incoming perishable_token. If no user is
|
||||||
|
|
|
@ -26,11 +26,13 @@ module Devise
|
||||||
self.password_confirmation = new_password_confirmation
|
self.password_confirmation = new_password_confirmation
|
||||||
end
|
end
|
||||||
|
|
||||||
# Update password saving the record. Returns true if the passwords are
|
# Update password saving the record and clearing token. Returns true if
|
||||||
# valid, otherwise false.
|
# the passwords are valid and the record was saved, false otherwise.
|
||||||
#
|
#
|
||||||
def reset_password!(new_password, new_password_confirmation)
|
def reset_password!(new_password, new_password_confirmation)
|
||||||
reset_password(new_password, new_password_confirmation) and save
|
reset_password(new_password, new_password_confirmation)
|
||||||
|
clear_perishable_token
|
||||||
|
save
|
||||||
end
|
end
|
||||||
|
|
||||||
# Resets perishable token and send reset password instructions by email
|
# Resets perishable token and send reset password instructions by email
|
||||||
|
|
|
@ -82,7 +82,8 @@ class UsersPasswordRecoveryTest < ActionController::IntegrationTest
|
||||||
|
|
||||||
test 'not authenticated user with valid perisable token but invalid password should not be able to change his password' do
|
test 'not authenticated user with valid perisable token but invalid password should not be able to change his password' do
|
||||||
user = create_user
|
user = create_user
|
||||||
reset_password :perishable_token => user.perishable_token do
|
request_forgot_password
|
||||||
|
reset_password :perishable_token => user.reload.perishable_token do
|
||||||
fill_in 'Password confirmation', :with => 'other_password'
|
fill_in 'Password confirmation', :with => 'other_password'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -95,7 +96,8 @@ class UsersPasswordRecoveryTest < ActionController::IntegrationTest
|
||||||
|
|
||||||
test 'not authenticated user with valid data should be able to change his password' do
|
test 'not authenticated user with valid data should be able to change his password' do
|
||||||
user = create_user
|
user = create_user
|
||||||
reset_password :perishable_token => user.perishable_token
|
request_forgot_password
|
||||||
|
reset_password :perishable_token => user.reload.perishable_token
|
||||||
|
|
||||||
assert_template 'sessions/new'
|
assert_template 'sessions/new'
|
||||||
assert_contain 'Your password was changed successfully.'
|
assert_contain 'Your password was changed successfully.'
|
||||||
|
|
|
@ -17,6 +17,13 @@ class ConfirmableTest < ActiveSupport::TestCase
|
||||||
assert_not_nil user.confirmed_at
|
assert_not_nil user.confirmed_at
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test 'should clear perishable token while confirming a user' do
|
||||||
|
user = create_user
|
||||||
|
assert_present user.perishable_token
|
||||||
|
user.confirm!
|
||||||
|
assert_nil user.perishable_token
|
||||||
|
end
|
||||||
|
|
||||||
test 'should verify whether a user is confirmed or not' do
|
test 'should verify whether a user is confirmed or not' do
|
||||||
assert_not new_user.confirmed?
|
assert_not new_user.confirmed?
|
||||||
user = create_user
|
user = create_user
|
||||||
|
|
|
@ -17,6 +17,13 @@ class RecoverableTest < ActiveSupport::TestCase
|
||||||
assert create_user.reset_password!('123456789', '123456789')
|
assert create_user.reset_password!('123456789', '123456789')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test 'should clear perishable token while reseting the password' do
|
||||||
|
user = create_user
|
||||||
|
assert_present user.perishable_token
|
||||||
|
user.reset_password!('123456789', '123456789')
|
||||||
|
assert_nil user.perishable_token
|
||||||
|
end
|
||||||
|
|
||||||
test 'should not reset password with invalid data' do
|
test 'should not reset password with invalid data' do
|
||||||
user = create_user
|
user = create_user
|
||||||
user.stubs(:valid?).returns(false)
|
user.stubs(:valid?).returns(false)
|
||||||
|
|
Loading…
Reference in New Issue