mirror of
https://github.com/heartcombo/devise.git
synced 2022-11-09 12:18:31 -05:00
Ensure inactive user cannot sign in.
This commit is contained in:
parent
4de1e43b7a
commit
c146cad448
2 changed files with 23 additions and 2 deletions
|
@ -26,8 +26,19 @@ module Devise
|
|||
autoload :MongoMapper, 'devise/orm/mongo_mapper'
|
||||
end
|
||||
|
||||
ALL = [:authenticatable, :activatable, :confirmable, :recoverable,
|
||||
:rememberable, :validatable, :trackable, :timeoutable, :lockable, :token_authenticatable]
|
||||
ALL = []
|
||||
|
||||
# Authentication ones first
|
||||
ALL.push :authenticatable, :token_authenticatable, :rememberable
|
||||
|
||||
# Misc after
|
||||
ALL.push :recoverable, :validatable
|
||||
|
||||
# The ones which can sign out after
|
||||
ALL.push :activatable, :confirmable, :lockable, :timeoutable
|
||||
|
||||
# Stats for last, so we make sure the user is really signed in
|
||||
ALL.push :trackable
|
||||
|
||||
# Maps controller names to devise modules
|
||||
CONTROLLERS = {
|
||||
|
|
|
@ -128,4 +128,14 @@ class PasswordTest < ActionController::IntegrationTest
|
|||
|
||||
assert warden.authenticated?(:user)
|
||||
end
|
||||
|
||||
test 'does not sign in user automatically after changing it\'s password if it\'s not active' do
|
||||
user = create_user(:confirm => false)
|
||||
request_forgot_password
|
||||
reset_password :reset_password_token => user.reload.reset_password_token
|
||||
|
||||
assert_redirected_to new_user_session_path(:unconfirmed => true)
|
||||
assert !warden.authenticated?(:user)
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue