mirror of
https://github.com/heartcombo/devise.git
synced 2022-11-09 12:18:31 -05:00
make User#send_reset_password_instructions to require all authentication_keys
Signed-off-by: José Valim <jose.valim@gmail.com>
This commit is contained in:
parent
fb86f772e7
commit
850afec96e
4 changed files with 44 additions and 3 deletions
|
@ -120,6 +120,30 @@ module Devise
|
||||||
record
|
record
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
|
||||||
|
attributes = attributes.slice(*required_attributes)
|
||||||
|
attributes.delete_if { |key, value| value.blank? }
|
||||||
|
|
||||||
|
if attributes.size == required_attributes.size
|
||||||
|
record = find(:first, :conditions => attributes)
|
||||||
|
end
|
||||||
|
|
||||||
|
unless record
|
||||||
|
record = new
|
||||||
|
record.send(:attributes=, attributes, false)
|
||||||
|
|
||||||
|
if attributes.size == required_attributes.size
|
||||||
|
record.errors.add(:base, error)
|
||||||
|
else
|
||||||
|
required_attributes.reject { |k| attributes[k].present? }.each do |attribute|
|
||||||
|
record.errors.add(attribute, :blank)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
record
|
||||||
|
end
|
||||||
|
|
||||||
# Generate a token by looping and ensuring does not already exist.
|
# Generate a token by looping and ensuring does not already exist.
|
||||||
def generate_token(column)
|
def generate_token(column)
|
||||||
loop do
|
loop do
|
||||||
|
|
|
@ -57,7 +57,7 @@ module Devise
|
||||||
# with an email not found error.
|
# with an email not found error.
|
||||||
# Attributes must contain the user email
|
# Attributes must contain the user email
|
||||||
def send_reset_password_instructions(attributes={})
|
def send_reset_password_instructions(attributes={})
|
||||||
recoverable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
|
recoverable = find_or_initialize_with_errors(authentication_keys, attributes, :not_found)
|
||||||
recoverable.send_reset_password_instructions if recoverable.persisted?
|
recoverable.send_reset_password_instructions if recoverable.persisted?
|
||||||
recoverable
|
recoverable
|
||||||
end
|
end
|
||||||
|
|
|
@ -58,7 +58,7 @@ class PasswordTest < ActionController::IntegrationTest
|
||||||
assert_response :success
|
assert_response :success
|
||||||
assert_template 'passwords/new'
|
assert_template 'passwords/new'
|
||||||
assert_have_selector 'input[type=text][value=\'invalid.test@test.com\']'
|
assert_have_selector 'input[type=text][value=\'invalid.test@test.com\']'
|
||||||
assert_contain 'Email not found'
|
assert_contain 'not found'
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'authenticated user should not be able to visit edit password page' do
|
test 'authenticated user should not be able to visit edit password page' do
|
||||||
|
|
|
@ -83,7 +83,24 @@ class RecoverableTest < ActiveSupport::TestCase
|
||||||
test 'should return a new record with errors if user was not found by e-mail' do
|
test 'should return a new record with errors if user was not found by e-mail' do
|
||||||
reset_password_user = User.send_reset_password_instructions(:email => "invalid@email.com")
|
reset_password_user = User.send_reset_password_instructions(:email => "invalid@email.com")
|
||||||
assert_not reset_password_user.persisted?
|
assert_not reset_password_user.persisted?
|
||||||
assert_equal "not found", reset_password_user.errors[:email].join
|
assert_equal "not found", reset_password_user.errors[:base].join
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'should find a user to send instructions by authentication_keys' do
|
||||||
|
swap Devise, :authentication_keys => [:username, :email] do
|
||||||
|
user = create_user
|
||||||
|
reset_password_user = User.send_reset_password_instructions(:email => user.email, :username => user.username)
|
||||||
|
assert_equal reset_password_user, user
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'should require all authentication_keys' do
|
||||||
|
swap Devise, :authentication_keys => [:username, :email] do
|
||||||
|
user = create_user
|
||||||
|
reset_password_user = User.send_reset_password_instructions(:email => user.email)
|
||||||
|
assert_not reset_password_user.persisted?
|
||||||
|
assert_equal "can't be blank", reset_password_user.errors[:username].join
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'should reset reset_password_token before send the reset instructions email' do
|
test 'should reset reset_password_token before send the reset instructions email' do
|
||||||
|
|
Loading…
Reference in a new issue