mirror of
https://github.com/heartcombo/devise.git
synced 2022-11-09 12:18:31 -05:00
Properly check for authentication_keys
or encrypted_password
changes when clearing the reset password token
This change is required to better support scenarios where records don't have an `encrypted_password` column and the password is managed elsewhere (LDAP, for instance). The move from `email_changed?` to loop through the `authentication_keys` is also useful to support edge cases where users can authenticate with different attributes besides their email. Closes #3624.
This commit is contained in:
parent
5b57aa0b85
commit
b1508e93e1
1 changed files with 10 additions and 5 deletions
|
@ -27,11 +27,7 @@ module Devise
|
||||||
end
|
end
|
||||||
|
|
||||||
included do
|
included do
|
||||||
before_update do
|
before_update :clear_reset_password_token, if: :clear_reset_password_token?
|
||||||
if (respond_to?(:email_changed?) && email_changed?) || encrypted_password_changed?
|
|
||||||
clear_reset_password_token
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# Update password saving the record and clearing token. Returns true if
|
# Update password saving the record and clearing token. Returns true if
|
||||||
|
@ -97,6 +93,15 @@ module Devise
|
||||||
send_devise_notification(:reset_password_instructions, token, {})
|
send_devise_notification(:reset_password_instructions, token, {})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def clear_reset_password_token?
|
||||||
|
encrypted_password_changed = respond_to?(:encrypted_password_changed?) && encrypted_password_changed?
|
||||||
|
authentication_keys_changed = self.class.authentication_keys.any? do |attribute|
|
||||||
|
respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?")
|
||||||
|
end
|
||||||
|
|
||||||
|
authentication_keys_changed || encrypted_password_changed
|
||||||
|
end
|
||||||
|
|
||||||
module ClassMethods
|
module ClassMethods
|
||||||
# Attempt to find a user by password reset token. If a user is found, return it
|
# Attempt to find a user by password reset token. If a user is found, return it
|
||||||
# If a user is not found, return nil
|
# If a user is not found, return nil
|
||||||
|
|
Loading…
Reference in a new issue