make User#send_reset_password_instructions to require all authentication_keys

Signed-off-by: José Valim <jose.valim@gmail.com>
2022-11-09 12:18:31 -05:00 · 2010-07-25 20:53:42 +03:00 · 2010-07-25 20:53:42 +03:00 · 850afec96e
commit 850afec96e
parent fb86f772e7
4 changed files with 44 additions and 3 deletions
--- a/lib/devise/models/authenticatable.rb
+++ b/lib/devise/models/authenticatable.rb
@ -119,6 +119,30 @@ module Devise

          record
        end
+        
+        def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
+          attributes = attributes.slice(*required_attributes)
+          attributes.delete_if { |key, value| value.blank? }
+
+          if attributes.size == required_attributes.size
+            record = find(:first, :conditions => attributes)
+          end
+          
+          unless record
+            record = new
+            record.send(:attributes=, attributes, false)
+
+            if attributes.size == required_attributes.size
+              record.errors.add(:base, error)
+            else
+              required_attributes.reject { |k| attributes[k].present? }.each do |attribute|
+                record.errors.add(attribute, :blank)
+              end
+            end
+          end
+
+          record
+        end

        # Generate a token by looping and ensuring does not already exist.
        def generate_token(column)
--- a/lib/devise/models/recoverable.rb
+++ b/lib/devise/models/recoverable.rb
@ -57,7 +57,7 @@ module Devise
        # with an email not found error.
        # Attributes must contain the user email
        def send_reset_password_instructions(attributes={})
-          recoverable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
+          recoverable = find_or_initialize_with_errors(authentication_keys, attributes, :not_found)
          recoverable.send_reset_password_instructions if recoverable.persisted?
          recoverable
        end
--- a/test/integration/recoverable_test.rb
+++ b/test/integration/recoverable_test.rb
@ -58,7 +58,7 @@ class PasswordTest < ActionController::IntegrationTest
    assert_response :success
    assert_template 'passwords/new'
    assert_have_selector 'input[type=text][value=\'invalid.test@test.com\']'
-    assert_contain 'Email not found'
+    assert_contain 'not found'
  end

  test 'authenticated user should not be able to visit edit password page' do
--- a/test/models/recoverable_test.rb
+++ b/test/models/recoverable_test.rb
@ -83,7 +83,24 @@ class RecoverableTest < ActiveSupport::TestCase
  test 'should return a new record with errors if user was not found by e-mail' do
    reset_password_user = User.send_reset_password_instructions(:email => "invalid@email.com")
    assert_not reset_password_user.persisted?
-    assert_equal "not found", reset_password_user.errors[:email].join
+    assert_equal "not found", reset_password_user.errors[:base].join
+  end
+  
+  test 'should find a user to send instructions by authentication_keys' do
+    swap Devise, :authentication_keys => [:username, :email] do
+      user = create_user
+      reset_password_user = User.send_reset_password_instructions(:email => user.email, :username => user.username)
+      assert_equal reset_password_user, user
+    end
+  end
+  
+  test 'should require all authentication_keys' do
+    swap Devise, :authentication_keys => [:username, :email] do
+      user = create_user
+      reset_password_user = User.send_reset_password_instructions(:email => user.email)
+      assert_not reset_password_user.persisted?
+      assert_equal "can't be blank", reset_password_user.errors[:username].join
+    end
  end

  test 'should reset reset_password_token before send the reset instructions email' do