Upon successful login, clear `reset_password_token` field

Closes #1942

Upon successful login, clear `reset_password_token` field
Closes #1942
57afaf9d · Robert Speicher · e86e1013 · 57afaf9d · 57afaf9d
Commit 57afaf9d authored Apr 08, 2015 by Robert Speicher
Hide whitespace changes
Inline Side-by-side

Showing with 40 additions and 11 deletions

app/controllers/sessions_controller.rb app/controllers/sessions_controller.rb +7 -1

spec/features/users_spec.rb spec/features/users_spec.rb +33 -10

No files found.
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -26,6 +26,12 @@ class SessionsController < Devise::SessionsController
  end

  def create
-    super
+    super do |resource|
+      # User has successfully signed in, so clear any unused reset tokens
+      if resource.reset_password_token.present?
+        resource.update_attributes(reset_password_token: nil,
+                                   reset_password_sent_at: nil)
+      end
+    end
  end
 end
--- a/spec/features/users_spec.rb
+++ b/spec/features/users_spec.rb
 require 'spec_helper'

-describe 'Users', feature: true do
-  describe "GET /users/sign_in" do
-    it "should create a new user account" do
-      visit new_user_session_path
-      fill_in "user_name", with: "Name Surname"
-      fill_in "user_username", with: "Great"
-      fill_in "user_email", with: "name@mail.com"
-      fill_in "user_password_sign_up", with: "password1234"
-      expect { click_button "Sign up" }.to change { User.count }.by(1)
-    end
+feature 'Users' do
+  around do |ex|
+    old_url_options = Rails.application.routes.default_url_options
+    Rails.application.routes.default_url_options = { host: 'example.foo' }
+    ex.run
+    Rails.application.routes.default_url_options = old_url_options
+  end
+
+  scenario 'GET /users/sign_in creates a new user account' do
+    visit new_user_session_path
+    fill_in 'user_name', with: 'Name Surname'
+    fill_in 'user_username', with: 'Great'
+    fill_in 'user_email', with: 'name@mail.com'
+    fill_in 'user_password_sign_up', with: 'password1234'
+    expect { click_button 'Sign up' }.to change { User.count }.by(1)
+  end
+
+  scenario 'Successful user signin invalidates password reset token' do
+    user = create(:user)
+    expect(user.reset_password_token).to be_nil
+
+    visit new_user_password_path
+    fill_in 'user_email', with: user.email
+    click_button 'Reset password'
+
+    user.reload
+    expect(user.reset_password_token).not_to be_nil
+
+    login_with(user)
+    expect(current_path).to eq root_path
+
+    user.reload
+    expect(user.reset_password_token).to be_nil
  end
 end