Unlock user when re-setting password and unlock strategy is :email or :both
This commit is contained in:
parent
5d311e7557
commit
ac58c28617
|
@ -30,6 +30,7 @@ class Devise::PasswordsController < DeviseController
|
|||
self.resource = resource_class.reset_password_by_token(resource_params)
|
||||
|
||||
if resource.errors.empty?
|
||||
resource.unlock_access! if unlockable?(resource)
|
||||
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
|
||||
set_flash_message(:notice, flash_message) if is_navigational_format?
|
||||
sign_in(resource_name, resource)
|
||||
|
@ -53,4 +54,12 @@ class Devise::PasswordsController < DeviseController
|
|||
redirect_to new_session_path(resource_name)
|
||||
end
|
||||
end
|
||||
|
||||
# Check if proper Lockable module methods are present & unlock strategy
|
||||
# allows to unlock resource on password reset
|
||||
def unlockable?(resource)
|
||||
resource.respond_to?(:unlock_access!) &&
|
||||
resource.respond_to?(:unlock_strategy_enabled?) &&
|
||||
resource.unlock_strategy_enabled?(:email)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -190,15 +190,43 @@ class PasswordTest < ActionController::IntegrationTest
|
|||
assert warden.authenticated?(:user)
|
||||
end
|
||||
|
||||
test 'does not sign in user automatically after changing its password if it\'s locked' do
|
||||
user = create_user(:locked => true)
|
||||
request_forgot_password
|
||||
reset_password :reset_password_token => user.reload.reset_password_token
|
||||
test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do
|
||||
[:none, :time].each do |strategy|
|
||||
swap Devise, :unlock_strategy => strategy do
|
||||
user = create_user(:locked => true)
|
||||
request_forgot_password
|
||||
reset_password :reset_password_token => user.reload.reset_password_token
|
||||
|
||||
assert_contain 'Your password was changed successfully.'
|
||||
assert_not_contain 'You are now signed in.'
|
||||
assert_equal new_user_session_path, @request.path
|
||||
assert !warden.authenticated?(:user)
|
||||
assert_contain 'Your password was changed successfully.'
|
||||
assert_not_contain 'You are now signed in.'
|
||||
assert_equal new_user_session_path, @request.path
|
||||
assert !warden.authenticated?(:user)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :email' do
|
||||
swap Devise, :unlock_strategy => :email do
|
||||
user = create_user(:locked => true)
|
||||
request_forgot_password
|
||||
reset_password :reset_password_token => user.reload.reset_password_token
|
||||
|
||||
assert_contain 'Your password was changed successfully.'
|
||||
assert !user.reload.access_locked?
|
||||
assert warden.authenticated?(:user)
|
||||
end
|
||||
end
|
||||
|
||||
test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :both' do
|
||||
swap Devise, :unlock_strategy => :both do
|
||||
user = create_user(:locked => true)
|
||||
request_forgot_password
|
||||
reset_password :reset_password_token => user.reload.reset_password_token
|
||||
|
||||
assert_contain 'Your password was changed successfully.'
|
||||
assert !user.reload.access_locked?
|
||||
assert warden.authenticated?(:user)
|
||||
end
|
||||
end
|
||||
|
||||
test 'sign in user automatically and confirm after changing its password if it\'s not confirmed' do
|
||||
|
|
Loading…
Reference in New Issue