kotovalexarian-likes-github
/
heartcombo--devise
mirror of https://github.com/heartcombo/devise.git
1
0
Fork 0
Code Releases Activity

jh - reworking paranoid mode in passwords controller 

Signed-off-by: José Valim <jose.valim@gmail.com>
This commit is contained in:
Jim Herzberg 2011-10-12 14:12:20 -07:00 committed by José Valim
parent fa1034b04c
commit b98720d324
3 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/devise/passwords_controller.rb
View File

@ -12,8 +12,7 @@ class Devise::PasswordsController < ApplicationController
def create def create
self.resource = resource_class.send_reset_password_instructions(params[resource_name]) self.resource = resource_class.send_reset_password_instructions(params[resource_name])
if successful_and_sane?(resource) if successfully_sent?(resource)
set_flash_message(:notice, :send_instructions) if is_navigational_format?
respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name)) respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name))
else else
respond_with_navigational(resource){ render_with_scope :new } respond_with_navigational(resource){ render_with_scope :new }

14
lib/devise/controllers/internal_helpers.rb
View File

@ -112,6 +112,20 @@ MESSAGE
resource.errors.empty? resource.errors.empty?
end end
end end
# Helper for use after calling send_*_instructions methods on a resource. If we are in paranoid mode, we always
# act as if the resource was valid and instructions were sent.
def successfully_sent?(resource)
notice = if Devise.paranoid
:send_paranoid_instructions
elsif resource.errors.empty?
:send_instructions
end
notice.present?.tap do |success|
set_flash_message :notice, notice if success && is_navigational_format?
end
end
# Sets the flash message with :key, using I18n. By default you are able # Sets the flash message with :key, using I18n. By default you are able
# to setup your messages using specific resource scope, and if no one is # to setup your messages using specific resource scope, and if no one is

13
test/integration/recoverable_test.rb
View File

@ -208,6 +208,15 @@ class PasswordTest < ActionController::IntegrationTest
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>) assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
end end
test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do
swap Devise, :paranoid => true do
create_user
post user_password_path(:format => 'xml'), :user => {:email => "invalid@test.com"}
assert_response :success
assert_equal response.body, { }.to_xml
end
end
test 'change password with valid parameters in XML format should return valid response' do test 'change password with valid parameters in XML format should return valid response' do
user = create_user user = create_user
request_forgot_password request_forgot_password
@ -250,7 +259,7 @@ class PasswordTest < ActionController::IntegrationTest
assert_not_contain "1 error prohibited this user from being saved:" assert_not_contain "1 error prohibited this user from being saved:"
assert_not_contain "Email not found" assert_not_contain "Email not found"
assert_contain "If your e-mail exists on our database, you will receive a password recovery link on your e-mail" assert_contain "If your e-mail exists on our database, you will receive a password recovery link on your e-mail"
assert_current_url "/users/password" assert_current_url "/users/sign_in"
end end
end end
@ -262,7 +271,7 @@ class PasswordTest < ActionController::IntegrationTest
click_button 'Send me reset password instructions' click_button 'Send me reset password instructions'
assert_contain "If your e-mail exists on our database, you will receive a password recovery link on your e-mail" assert_contain "If your e-mail exists on our database, you will receive a password recovery link on your e-mail"
assert_current_url "/users/password" assert_current_url "/users/sign_in"
end end
end end
end end