mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-09-20 06:35:56 +08:00
Override password reset action, sign_in user only if 2fa disabled
This commit is contained in:
parent
6853caa0c8
commit
3c1c562e4c
|
@ -15,15 +15,32 @@ class Users::PasswordsController < Devise::PasswordsController
|
|||
# end
|
||||
|
||||
# PUT /resource/password
|
||||
# def update
|
||||
# super
|
||||
# end
|
||||
def update
|
||||
self.resource = resource_class.reset_password_by_token(resource_params)
|
||||
yield resource if block_given?
|
||||
|
||||
# protected
|
||||
if resource.errors.empty?
|
||||
resource.unlock_access! if unlockable?(resource)
|
||||
if !resource.two_factor_auth_enabled?
|
||||
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
|
||||
set_flash_message!(:notice, flash_message)
|
||||
resource.after_database_authentication
|
||||
sign_in(resource_name, resource)
|
||||
else
|
||||
set_flash_message!(:notice, :updated_not_active)
|
||||
end
|
||||
respond_with resource, location: after_resetting_password_path_for(resource)
|
||||
else
|
||||
set_minimum_password_length
|
||||
respond_with resource
|
||||
end
|
||||
end
|
||||
|
||||
# def after_resetting_password_path_for(resource)
|
||||
# super(resource)
|
||||
# end
|
||||
protected
|
||||
|
||||
def after_resetting_password_path_for(resource)
|
||||
resource.two_factor_auth_enabled? ? new_session_path(resource_name) : after_sign_in_path_for(resource)
|
||||
end
|
||||
|
||||
# The path used after sending reset password instructions
|
||||
# def after_sending_reset_password_instructions_path_for(resource_name)
|
||||
|
|
|
@ -243,7 +243,9 @@ Devise.setup do |config|
|
|||
|
||||
# When set to false, does not sign a user in automatically after their password is
|
||||
# reset. Defaults to true, so a user is signed in automatically after a reset.
|
||||
config.sign_in_after_reset_password = false
|
||||
#
|
||||
# This setting has no effect, controller has been overriden at controllers/users/passwords_controller.rb
|
||||
# config.sign_in_after_reset_password = false
|
||||
|
||||
# ==> Configuration for :encryptable
|
||||
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
|
||||
|
|
|
@ -14,7 +14,8 @@ Rails.application.routes.draw do
|
|||
sessions: 'users/sessions',
|
||||
invitations: 'users/invitations',
|
||||
confirmations: 'users/confirmations',
|
||||
omniauth_callbacks: 'users/omniauth_callbacks' }
|
||||
omniauth_callbacks: 'users/omniauth_callbacks',
|
||||
passwords: 'users/passwords' }
|
||||
|
||||
root 'dashboards#show'
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@ Scenario: Unsuccessful add Text result
|
|||
Given I am on Task results page
|
||||
And I click "Add new result" button
|
||||
And I click on "Text" within dropdown menu
|
||||
And WAIT
|
||||
And I click "Add" button
|
||||
Then I should see "can't be blank"
|
||||
And I click "Cancel" button
|
||||
|
|
Loading…
Reference in a new issue