Keep used confirmation tokens for more user friendly error message (fixes #3429)
This commit is contained in:
parent
c9fb1ebbfe
commit
3f95ac8fec
|
@ -64,7 +64,6 @@ module Devise
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
self.confirmation_token = nil
|
|
||||||
self.confirmed_at = Time.now.utc
|
self.confirmed_at = Time.now.utc
|
||||||
|
|
||||||
saved = if self.class.reconfirmable && unconfirmed_email.present?
|
saved = if self.class.reconfirmable && unconfirmed_email.present?
|
||||||
|
|
|
@ -27,13 +27,6 @@ class ConfirmableTest < ActiveSupport::TestCase
|
||||||
assert_not_nil user.confirmed_at
|
assert_not_nil user.confirmed_at
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'should clear confirmation token while confirming a user' do
|
|
||||||
user = create_user
|
|
||||||
assert_present user.confirmation_token
|
|
||||||
user.confirm!
|
|
||||||
assert_nil user.confirmation_token
|
|
||||||
end
|
|
||||||
|
|
||||||
test 'should verify whether a user is confirmed or not' do
|
test 'should verify whether a user is confirmed or not' do
|
||||||
assert_not new_user.confirmed?
|
assert_not new_user.confirmed?
|
||||||
user = create_user
|
user = create_user
|
||||||
|
@ -80,6 +73,16 @@ class ConfirmableTest < ActiveSupport::TestCase
|
||||||
assert_equal "was already confirmed, please try signing in", confirmed_user.errors[:email].join
|
assert_equal "was already confirmed, please try signing in", confirmed_user.errors[:email].join
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test 'should show error when a token has already been used' do
|
||||||
|
user = create_user
|
||||||
|
raw = user.raw_confirmation_token
|
||||||
|
User.confirm_by_token(raw)
|
||||||
|
assert user.reload.confirmed?
|
||||||
|
|
||||||
|
confirmed_user = User.confirm_by_token(raw)
|
||||||
|
assert_equal "was already confirmed, please try signing in", confirmed_user.errors[:email].join
|
||||||
|
end
|
||||||
|
|
||||||
test 'should send confirmation instructions by email' do
|
test 'should send confirmation instructions by email' do
|
||||||
assert_email_sent "mynewuser@example.com" do
|
assert_email_sent "mynewuser@example.com" do
|
||||||
create_user email: "mynewuser@example.com"
|
create_user email: "mynewuser@example.com"
|
||||||
|
@ -165,13 +168,14 @@ class ConfirmableTest < ActiveSupport::TestCase
|
||||||
|
|
||||||
test 'should not reset confirmation status or token when updating email' do
|
test 'should not reset confirmation status or token when updating email' do
|
||||||
user = create_user
|
user = create_user
|
||||||
|
original_token = user.confirmation_token
|
||||||
user.confirm!
|
user.confirm!
|
||||||
user.email = 'new_test@example.com'
|
user.email = 'new_test@example.com'
|
||||||
user.save!
|
user.save!
|
||||||
|
|
||||||
user.reload
|
user.reload
|
||||||
assert user.confirmed?
|
assert user.confirmed?
|
||||||
assert_nil user.confirmation_token
|
assert_equal original_token, user.confirmation_token
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'should not be able to send instructions if the user is already confirmed' do
|
test 'should not be able to send instructions if the user is already confirmed' do
|
||||||
|
@ -333,17 +337,20 @@ class ReconfirmableTest < ActiveSupport::TestCase
|
||||||
test 'should generate confirmation token after changing email' do
|
test 'should generate confirmation token after changing email' do
|
||||||
admin = create_admin
|
admin = create_admin
|
||||||
assert admin.confirm!
|
assert admin.confirm!
|
||||||
assert_nil admin.confirmation_token
|
residual_token = admin.confirmation_token
|
||||||
assert admin.update_attributes(email: 'new_test@example.com')
|
assert admin.update_attributes(email: 'new_test@example.com')
|
||||||
assert_not_nil admin.confirmation_token
|
assert_not_equal residual_token, admin.confirmation_token
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'should not generate confirmation token if skipping reconfirmation after changing email' do
|
test 'should not regenerate confirmation token or require reconfirmation if skipping reconfirmation after changing email' do
|
||||||
admin = create_admin
|
admin = create_admin
|
||||||
|
original_token = admin.confirmation_token
|
||||||
assert admin.confirm!
|
assert admin.confirm!
|
||||||
admin.skip_reconfirmation!
|
admin.skip_reconfirmation!
|
||||||
assert admin.update_attributes(email: 'new_test@example.com')
|
assert admin.update_attributes(email: 'new_test@example.com')
|
||||||
assert_nil admin.confirmation_token
|
assert admin.confirmed?
|
||||||
|
assert_not admin.pending_reconfirmation?
|
||||||
|
assert_equal original_token, admin.confirmation_token
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'should skip sending reconfirmation email when email is changed and skip_confirmation_notification! is invoked' do
|
test 'should skip sending reconfirmation email when email is changed and skip_confirmation_notification! is invoked' do
|
||||||
|
|
Loading…
Reference in New Issue