Unlock user when re-setting password and unlock strategy is :email or :both
This commit is contained in:
parent
5d311e7557
commit
ac58c28617
|
@ -30,6 +30,7 @@ class Devise::PasswordsController < DeviseController
|
||||||
self.resource = resource_class.reset_password_by_token(resource_params)
|
self.resource = resource_class.reset_password_by_token(resource_params)
|
||||||
|
|
||||||
if resource.errors.empty?
|
if resource.errors.empty?
|
||||||
|
resource.unlock_access! if unlockable?(resource)
|
||||||
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
|
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
|
||||||
set_flash_message(:notice, flash_message) if is_navigational_format?
|
set_flash_message(:notice, flash_message) if is_navigational_format?
|
||||||
sign_in(resource_name, resource)
|
sign_in(resource_name, resource)
|
||||||
|
@ -53,4 +54,12 @@ class Devise::PasswordsController < DeviseController
|
||||||
redirect_to new_session_path(resource_name)
|
redirect_to new_session_path(resource_name)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Check if proper Lockable module methods are present & unlock strategy
|
||||||
|
# allows to unlock resource on password reset
|
||||||
|
def unlockable?(resource)
|
||||||
|
resource.respond_to?(:unlock_access!) &&
|
||||||
|
resource.respond_to?(:unlock_strategy_enabled?) &&
|
||||||
|
resource.unlock_strategy_enabled?(:email)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -190,15 +190,43 @@ class PasswordTest < ActionController::IntegrationTest
|
||||||
assert warden.authenticated?(:user)
|
assert warden.authenticated?(:user)
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'does not sign in user automatically after changing its password if it\'s locked' do
|
test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do
|
||||||
user = create_user(:locked => true)
|
[:none, :time].each do |strategy|
|
||||||
request_forgot_password
|
swap Devise, :unlock_strategy => strategy do
|
||||||
reset_password :reset_password_token => user.reload.reset_password_token
|
user = create_user(:locked => true)
|
||||||
|
request_forgot_password
|
||||||
|
reset_password :reset_password_token => user.reload.reset_password_token
|
||||||
|
|
||||||
assert_contain 'Your password was changed successfully.'
|
assert_contain 'Your password was changed successfully.'
|
||||||
assert_not_contain 'You are now signed in.'
|
assert_not_contain 'You are now signed in.'
|
||||||
assert_equal new_user_session_path, @request.path
|
assert_equal new_user_session_path, @request.path
|
||||||
assert !warden.authenticated?(:user)
|
assert !warden.authenticated?(:user)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :email' do
|
||||||
|
swap Devise, :unlock_strategy => :email do
|
||||||
|
user = create_user(:locked => true)
|
||||||
|
request_forgot_password
|
||||||
|
reset_password :reset_password_token => user.reload.reset_password_token
|
||||||
|
|
||||||
|
assert_contain 'Your password was changed successfully.'
|
||||||
|
assert !user.reload.access_locked?
|
||||||
|
assert warden.authenticated?(:user)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :both' do
|
||||||
|
swap Devise, :unlock_strategy => :both do
|
||||||
|
user = create_user(:locked => true)
|
||||||
|
request_forgot_password
|
||||||
|
reset_password :reset_password_token => user.reload.reset_password_token
|
||||||
|
|
||||||
|
assert_contain 'Your password was changed successfully.'
|
||||||
|
assert !user.reload.access_locked?
|
||||||
|
assert warden.authenticated?(:user)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'sign in user automatically and confirm after changing its password if it\'s not confirmed' do
|
test 'sign in user automatically and confirm after changing its password if it\'s not confirmed' do
|
||||||
|
|
Loading…
Reference in New Issue