From 82a3d2327c32b543a4ff653a6ea9a896d64513f0 Mon Sep 17 00:00:00 2001 From: Chris Oliver Date: Wed, 8 Nov 2023 12:36:26 -0600 Subject: [PATCH 1/2] Support lambdas for sign_in_after_reset_password config --- .../devise/passwords_controller.rb | 9 ++++++-- test/integration/recoverable_test.rb | 23 +++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 3af1f864b7..0666bfd2c6 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -36,7 +36,7 @@ def update if resource.errors.empty? resource.unlock_access! if unlockable?(resource) - if resource_class.sign_in_after_reset_password + if sign_in_after_reset_password?(resource) flash_message = resource.active_for_authentication? ? :updated : :updated_not_active set_flash_message!(:notice, flash_message) resource.after_database_authentication @@ -52,8 +52,13 @@ def update end protected + def sign_in_after_reset_password?(resource) + value = resource_class.sign_in_after_reset_password + value.respond_to?(:call) ? value.call(resource) : value + end + def after_resetting_password_path_for(resource) - resource_class.sign_in_after_reset_password ? after_sign_in_path_for(resource) : new_session_path(resource_name) + sign_in_after_reset_password?(resource) ? after_sign_in_path_for(resource) : new_session_path(resource_name) end # The path used after sending reset password instructions diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index c391b0b2eb..de226ad387 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -247,6 +247,29 @@ def reset_password(options = {}, &block) end end + test 'sign in user automatically with proc' do + swap Devise, sign_in_after_reset_password: ->(resource) { true } do + create_user + request_forgot_password + reset_password + + assert warden.authenticated?(:user) + end + end + + test 'does not sign in user automatically with proc' do + swap Devise, sign_in_after_reset_password: ->(resource) { false }do + create_user + request_forgot_password + reset_password + + assert_contain 'Your password has been changed successfully.' + assert_not_contain 'You are now signed in.' + assert_equal new_user_session_path, @request.path + assert_not warden.authenticated?(:user) + end + end + test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do [:none, :time].each do |strategy| swap Devise, unlock_strategy: strategy do From 871c1b7cf6a0cc24b5f8fd5bc165d9c261a6da23 Mon Sep 17 00:00:00 2001 From: Chris Oliver Date: Mon, 27 Nov 2023 10:13:25 -0600 Subject: [PATCH 2/2] Update test/integration/recoverable_test.rb Co-authored-by: Nuno Costa --- test/integration/recoverable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index de226ad387..e7369b00e0 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -258,7 +258,7 @@ def reset_password(options = {}, &block) end test 'does not sign in user automatically with proc' do - swap Devise, sign_in_after_reset_password: ->(resource) { false }do + swap Devise, sign_in_after_reset_password: ->(resource) { false } do create_user request_forgot_password reset_password