Fix bug where activation messages were shown first than the credentials error message, closes #1410

2011-11-05 19:47:58 -02:00 · 2011-11-05 19:47:58 -02:00 · a816e538ab
parent d448e7d841
commit a816e538ab
4 changed files with 19 additions and 7 deletions
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@ -7,6 +7,7 @@
  * Allow idempotent API requests
  * Fix bug where logs did not show 401 as status code
  * Change paranoid settings to behave as success instead of as failure
+  * Fix bug where activation messages were shown first than the credentials error message

 * deprecation
  * redirect_location is deprecated, please use after_sign_in_path_for
--- a/lib/devise/models/authenticatable.rb
+++ b/lib/devise/models/authenticatable.rb
@ -61,10 +61,11 @@ module Devise
      # However, you should not overwrite this method, you should overwrite active_for_authentication?
      # and inactive_message instead.
      def valid_for_authentication?
-        if active_for_authentication?
-          block_given? ? yield : true
+        authenticated = block_given? ? yield : true
+        if authenticated
+          active_for_authentication? || inactive_message
        else
-          inactive_message
+          authenticated
        end
      end

@ -156,7 +157,7 @@ module Devise
            conditions[k] = v.to_s if auth_param_requires_string_conversion?(v)
          end if conditions.is_a?(Hash)
        end
-        
+
        # Determine which values should be transformed to string or passed as-is to the query builder underneath
        def auth_param_requires_string_conversion?(value)
          true unless value.is_a?(TrueClass) || value.is_a?(FalseClass) || value.is_a?(Fixnum)
--- a/lib/devise/models/lockable.rb
+++ b/lib/devise/models/lockable.rb
@ -85,12 +85,11 @@ module Devise
        when TrueClass
          self.failed_attempts = 0
          save(:validate => false)
-        when FalseClass
-          # PostgreSQL uses nil as the default value for integer columns set to 0
+        else
          self.failed_attempts ||= 0
          self.failed_attempts += 1
          if attempts_exceeded?
-            lock_access!
+            lock_access! unless access_locked?
            return :locked
          else
            save(:validate => false)
--- a/test/integration/confirmable_test.rb
+++ b/test/integration/confirmable_test.rb
@ -93,6 +93,17 @@ class ConfirmationTest < ActionController::IntegrationTest
    end
  end

+  test 'not confirmed user should not see confirmation message if invalid credentials are given' do
+    swap Devise, :confirm_within => 0.days do
+      sign_in_as_user(:confirm => false) do
+        fill_in 'password', :with => 'invalid'
+      end
+
+      assert_contain 'Invalid email or password'
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
  test 'not confirmed user but configured with some days to confirm should be able to sign in' do
    swap Devise, :confirm_within => 1.day do
      sign_in_as_user(:confirm => false)