Unlock user when re-setting password and unlock strategy is :email or :both

2012-11-07 10:45:46 +01:00 · 2012-11-07 10:45:46 +01:00 · ac58c28617
parent 5d311e7557
commit ac58c28617
2 changed files with 45 additions and 8 deletions
--- a/app/controllers/devise/passwords_controller.rb
+++ b/app/controllers/devise/passwords_controller.rb
@ -30,6 +30,7 @@ class Devise::PasswordsController < DeviseController
    self.resource = resource_class.reset_password_by_token(resource_params)

    if resource.errors.empty?
+      resource.unlock_access! if unlockable?(resource)
      flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
      set_flash_message(:notice, flash_message) if is_navigational_format?
      sign_in(resource_name, resource)
@ -53,4 +54,12 @@ class Devise::PasswordsController < DeviseController
        redirect_to new_session_path(resource_name)
      end
    end
+
+    # Check if proper Lockable module methods are present & unlock strategy
+    # allows to unlock resource on password reset
+    def unlockable?(resource)
+      resource.respond_to?(:unlock_access!) &&
+        resource.respond_to?(:unlock_strategy_enabled?) &&
+        resource.unlock_strategy_enabled?(:email)
+    end
 end
--- a/test/integration/recoverable_test.rb
+++ b/test/integration/recoverable_test.rb
@ -190,15 +190,43 @@ class PasswordTest < ActionController::IntegrationTest
    assert warden.authenticated?(:user)
  end

-  test 'does not sign in user automatically after changing its password if it\'s locked' do
-    user = create_user(:locked => true)
-    request_forgot_password
-    reset_password :reset_password_token => user.reload.reset_password_token
+  test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do
+    [:none, :time].each do |strategy|
+      swap Devise, :unlock_strategy => strategy do
+        user = create_user(:locked => true)
+        request_forgot_password
+        reset_password :reset_password_token => user.reload.reset_password_token

-    assert_contain 'Your password was changed successfully.'
-    assert_not_contain 'You are now signed in.'
-    assert_equal new_user_session_path, @request.path
-    assert !warden.authenticated?(:user)
+        assert_contain 'Your password was changed successfully.'
+        assert_not_contain 'You are now signed in.'
+        assert_equal new_user_session_path, @request.path
+        assert !warden.authenticated?(:user)
+      end
+    end
+  end
+
+  test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :email' do
+    swap Devise, :unlock_strategy => :email do
+      user = create_user(:locked => true)
+      request_forgot_password
+      reset_password :reset_password_token => user.reload.reset_password_token
+
+      assert_contain 'Your password was changed successfully.'
+      assert !user.reload.access_locked?
+      assert warden.authenticated?(:user)
+    end
+  end
+
+  test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :both' do
+    swap Devise, :unlock_strategy => :both do
+      user = create_user(:locked => true)
+      request_forgot_password
+      reset_password :reset_password_token => user.reload.reset_password_token
+
+      assert_contain 'Your password was changed successfully.'
+      assert !user.reload.access_locked?
+      assert warden.authenticated?(:user)
+    end
  end

  test 'sign in user automatically and confirm after changing its password if it\'s not confirmed' do