1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00

make User#send_reset_password_instructions to require all authentication_keys

Signed-off-by: José Valim <jose.valim@gmail.com>
This commit is contained in:
RStankov 2010-07-25 20:53:42 +03:00 committed by José Valim
parent fb86f772e7
commit 850afec96e
4 changed files with 44 additions and 3 deletions

View file

@ -120,6 +120,30 @@ module Devise
record
end
def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
attributes = attributes.slice(*required_attributes)
attributes.delete_if { |key, value| value.blank? }
if attributes.size == required_attributes.size
record = find(:first, :conditions => attributes)
end
unless record
record = new
record.send(:attributes=, attributes, false)
if attributes.size == required_attributes.size
record.errors.add(:base, error)
else
required_attributes.reject { |k| attributes[k].present? }.each do |attribute|
record.errors.add(attribute, :blank)
end
end
end
record
end
# Generate a token by looping and ensuring does not already exist.
def generate_token(column)
loop do

View file

@ -57,7 +57,7 @@ module Devise
# with an email not found error.
# Attributes must contain the user email
def send_reset_password_instructions(attributes={})
recoverable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
recoverable = find_or_initialize_with_errors(authentication_keys, attributes, :not_found)
recoverable.send_reset_password_instructions if recoverable.persisted?
recoverable
end

View file

@ -58,7 +58,7 @@ class PasswordTest < ActionController::IntegrationTest
assert_response :success
assert_template 'passwords/new'
assert_have_selector 'input[type=text][value=\'invalid.test@test.com\']'
assert_contain 'Email not found'
assert_contain 'not found'
end
test 'authenticated user should not be able to visit edit password page' do

View file

@ -83,7 +83,24 @@ class RecoverableTest < ActiveSupport::TestCase
test 'should return a new record with errors if user was not found by e-mail' do
reset_password_user = User.send_reset_password_instructions(:email => "invalid@email.com")
assert_not reset_password_user.persisted?
assert_equal "not found", reset_password_user.errors[:email].join
assert_equal "not found", reset_password_user.errors[:base].join
end
test 'should find a user to send instructions by authentication_keys' do
swap Devise, :authentication_keys => [:username, :email] do
user = create_user
reset_password_user = User.send_reset_password_instructions(:email => user.email, :username => user.username)
assert_equal reset_password_user, user
end
end
test 'should require all authentication_keys' do
swap Devise, :authentication_keys => [:username, :email] do
user = create_user
reset_password_user = User.send_reset_password_instructions(:email => user.email)
assert_not reset_password_user.persisted?
assert_equal "can't be blank", reset_password_user.errors[:username].join
end
end
test 'should reset reset_password_token before send the reset instructions email' do