From b98720d324f8388e5718a671250057ce3e140d3e Mon Sep 17 00:00:00 2001 From: Jim Herzberg Date: Wed, 12 Oct 2011 14:12:20 -0700 Subject: [PATCH] jh - reworking paranoid mode in passwords controller MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: José Valim --- app/controllers/devise/passwords_controller.rb | 3 +-- lib/devise/controllers/internal_helpers.rb | 14 ++++++++++++++ test/integration/recoverable_test.rb | 13 +++++++++++-- 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 74b589ca..afdd92cf 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -12,8 +12,7 @@ class Devise::PasswordsController < ApplicationController def create self.resource = resource_class.send_reset_password_instructions(params[resource_name]) - if successful_and_sane?(resource) - set_flash_message(:notice, :send_instructions) if is_navigational_format? + if successfully_sent?(resource) respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name)) else respond_with_navigational(resource){ render_with_scope :new } diff --git a/lib/devise/controllers/internal_helpers.rb b/lib/devise/controllers/internal_helpers.rb index 70bffb53..0127384d 100644 --- a/lib/devise/controllers/internal_helpers.rb +++ b/lib/devise/controllers/internal_helpers.rb @@ -112,6 +112,20 @@ MESSAGE resource.errors.empty? end end + + # Helper for use after calling send_*_instructions methods on a resource. If we are in paranoid mode, we always + # act as if the resource was valid and instructions were sent. + def successfully_sent?(resource) + notice = if Devise.paranoid + :send_paranoid_instructions + elsif resource.errors.empty? + :send_instructions + end + + notice.present?.tap do |success| + set_flash_message :notice, notice if success && is_navigational_format? + end + end # Sets the flash message with :key, using I18n. By default you are able # to setup your messages using specific resource scope, and if no one is diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index a9093aef..f8a3acac 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -208,6 +208,15 @@ class PasswordTest < ActionController::IntegrationTest assert response.body.include? %(\n) end + test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do + swap Devise, :paranoid => true do + create_user + post user_password_path(:format => 'xml'), :user => {:email => "invalid@test.com"} + assert_response :success + assert_equal response.body, { }.to_xml + end + end + test 'change password with valid parameters in XML format should return valid response' do user = create_user request_forgot_password @@ -250,7 +259,7 @@ class PasswordTest < ActionController::IntegrationTest assert_not_contain "1 error prohibited this user from being saved:" assert_not_contain "Email not found" assert_contain "If your e-mail exists on our database, you will receive a password recovery link on your e-mail" - assert_current_url "/users/password" + assert_current_url "/users/sign_in" end end @@ -262,7 +271,7 @@ class PasswordTest < ActionController::IntegrationTest click_button 'Send me reset password instructions' assert_contain "If your e-mail exists on our database, you will receive a password recovery link on your e-mail" - assert_current_url "/users/password" + assert_current_url "/users/sign_in" end end end