Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Tatuya Kamada
gitlab-ce
Commits
3a4274e1
Commit
3a4274e1
authored
Sep 30, 2015
by
Robert Speicher
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Take advantage of `Devise.sign_in_after_reset_password`
parent
54452412
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
28 additions
and
45 deletions
+28
-45
app/controllers/passwords_controller.rb
app/controllers/passwords_controller.rb
+0
-21
config/initializers/devise.rb
config/initializers/devise.rb
+4
-0
spec/features/password_reset_spec.rb
spec/features/password_reset_spec.rb
+24
-24
No files found.
app/controllers/passwords_controller.rb
View file @
3a4274e1
...
@@ -16,27 +16,6 @@ class PasswordsController < Devise::PasswordsController
...
@@ -16,27 +16,6 @@ class PasswordsController < Devise::PasswordsController
end
end
end
end
# After a user resets their password, prompt for 2FA code if enabled instead
# of signing in automatically
#
# See http://git.io/vURrI
def
update
super
do
|
resource
|
# TODO (rspeicher): In Devise master (> 3.4.1), we can set
# `Devise.sign_in_after_reset_password = false` and avoid this mess.
if
resource
.
errors
.
empty?
&&
resource
.
try
(
:two_factor_enabled?
)
resource
.
unlock_access!
if
unlockable?
(
resource
)
# Since we are not signing this user in, we use the :updated_not_active
# message which only contains "Your password was changed successfully."
set_flash_message
(
:notice
,
:updated_not_active
)
if
is_flashing_format?
# Redirect to sign in so they can enter 2FA code
respond_with
(
resource
,
location:
new_session_path
(
resource
))
and
return
end
end
end
def
edit
def
edit
super
super
reset_password_token
=
Devise
.
token_generator
.
digest
(
reset_password_token
=
Devise
.
token_generator
.
digest
(
...
...
config/initializers/devise.rb
View file @
3a4274e1
...
@@ -148,6 +148,10 @@ Devise.setup do |config|
...
@@ -148,6 +148,10 @@ Devise.setup do |config|
# When someone else invites you to GitLab this time is also used so it should be pretty long.
# When someone else invites you to GitLab this time is also used so it should be pretty long.
config
.
reset_password_within
=
2
.
days
config
.
reset_password_within
=
2
.
days
# When set to false, does not sign a user in automatically after their password is
# reset. Defaults to true, so a user is signed in automatically after a reset.
config
.
sign_in_after_reset_password
=
false
# ==> Configuration for :encryptable
# ==> Configuration for :encryptable
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
# :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
# :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
...
...
spec/features/password_reset_spec.rb
View file @
3a4274e1
require
'spec_helper'
require
'spec_helper'
feature
'Password reset'
,
feature:
true
do
feature
'Password reset'
,
feature:
true
do
def
forgot_password
click_on
'Forgot your password?'
fill_in
'Email'
,
with:
user
.
email
click_button
'Reset password'
user
.
reload
end
def
get_reset_token
mail
=
ActionMailer
::
Base
.
deliveries
.
last
body
=
mail
.
body
.
encoded
body
.
scan
(
/reset_password_token=(.+)\"/
).
flatten
.
first
end
def
reset_password
(
password
=
'password'
)
visit
edit_user_password_path
(
reset_password_token:
get_reset_token
)
fill_in
'New password'
,
with:
password
fill_in
'Confirm new password'
,
with:
password
click_button
'Change your password'
end
describe
'with two-factor authentication'
do
describe
'with two-factor authentication'
do
let
(
:user
)
{
create
(
:user
,
:two_factor
)
}
let
(
:user
)
{
create
(
:user
,
:two_factor
)
}
...
@@ -40,14 +19,35 @@ feature 'Password reset', feature: true do
...
@@ -40,14 +19,35 @@ feature 'Password reset', feature: true do
describe
'without two-factor authentication'
do
describe
'without two-factor authentication'
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
it
'
automatically logs
in after password reset'
do
it
'
requires log
in after password reset'
do
visit
root_path
visit
root_path
forgot_password
forgot_password
reset_password
reset_password
expect
(
current_path
).
to
eq
root_path
expect
(
page
).
to
have_content
(
"Your password was changed successfully."
)
expect
(
page
).
to
have_content
(
"Your password was changed successfully. You are now signed in."
)
expect
(
current_path
).
to
eq
new_user_session_path
end
end
end
end
def
forgot_password
click_on
'Forgot your password?'
fill_in
'Email'
,
with:
user
.
email
click_button
'Reset password'
user
.
reload
end
def
get_reset_token
mail
=
ActionMailer
::
Base
.
deliveries
.
last
body
=
mail
.
body
.
encoded
body
.
scan
(
/reset_password_token=(.+)\"/
).
flatten
.
first
end
def
reset_password
(
password
=
'password'
)
visit
edit_user_password_path
(
reset_password_token:
get_reset_token
)
fill_in
'New password'
,
with:
password
fill_in
'Confirm new password'
,
with:
password
click_button
'Change your password'
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment