Also reset password token on email change
This commit is contained in:
parent
fe49e625e8
commit
e641b4b7b9
|
@ -31,7 +31,11 @@ module Devise
|
|||
end
|
||||
|
||||
included do
|
||||
before_update :clear_reset_password_token, if: :encrypted_password_changed?
|
||||
before_save do
|
||||
if email_changed? || encrypted_password_changed?
|
||||
clear_reset_password_token
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# Update password saving the record and clearing token. Returns true if
|
||||
|
|
|
@ -54,6 +54,17 @@ class RecoverableTest < ActiveSupport::TestCase
|
|||
assert_nil user.reset_password_token
|
||||
end
|
||||
|
||||
test 'should clear reset password token if changing email' do
|
||||
user = create_user
|
||||
assert_nil user.reset_password_token
|
||||
|
||||
user.send_reset_password_instructions
|
||||
assert_present user.reset_password_token
|
||||
user.email = "another@example.com"
|
||||
user.save!
|
||||
assert_nil user.reset_password_token
|
||||
end
|
||||
|
||||
test 'should not clear reset password token if record is invalid' do
|
||||
user = create_user
|
||||
user.send_reset_password_instructions
|
||||
|
|
Loading…
Reference in New Issue