mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-09-20 14:45:56 +08:00
Override password reset action, sign_in user only if 2fa disabled
This commit is contained in:
parent
6853caa0c8
commit
3c1c562e4c
|
@ -15,15 +15,32 @@ class Users::PasswordsController < Devise::PasswordsController
|
||||||
# end
|
# end
|
||||||
|
|
||||||
# PUT /resource/password
|
# PUT /resource/password
|
||||||
# def update
|
def update
|
||||||
# super
|
self.resource = resource_class.reset_password_by_token(resource_params)
|
||||||
# end
|
yield resource if block_given?
|
||||||
|
|
||||||
# protected
|
if resource.errors.empty?
|
||||||
|
resource.unlock_access! if unlockable?(resource)
|
||||||
|
if !resource.two_factor_auth_enabled?
|
||||||
|
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
|
||||||
|
set_flash_message!(:notice, flash_message)
|
||||||
|
resource.after_database_authentication
|
||||||
|
sign_in(resource_name, resource)
|
||||||
|
else
|
||||||
|
set_flash_message!(:notice, :updated_not_active)
|
||||||
|
end
|
||||||
|
respond_with resource, location: after_resetting_password_path_for(resource)
|
||||||
|
else
|
||||||
|
set_minimum_password_length
|
||||||
|
respond_with resource
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
# def after_resetting_password_path_for(resource)
|
protected
|
||||||
# super(resource)
|
|
||||||
# end
|
def after_resetting_password_path_for(resource)
|
||||||
|
resource.two_factor_auth_enabled? ? new_session_path(resource_name) : after_sign_in_path_for(resource)
|
||||||
|
end
|
||||||
|
|
||||||
# The path used after sending reset password instructions
|
# The path used after sending reset password instructions
|
||||||
# def after_sending_reset_password_instructions_path_for(resource_name)
|
# def after_sending_reset_password_instructions_path_for(resource_name)
|
||||||
|
|
|
@ -243,7 +243,9 @@ Devise.setup do |config|
|
||||||
|
|
||||||
# When set to false, does not sign a user in automatically after their password is
|
# When set to false, does not sign a user in automatically after their password is
|
||||||
# reset. Defaults to true, so a user is signed in automatically after a reset.
|
# reset. Defaults to true, so a user is signed in automatically after a reset.
|
||||||
config.sign_in_after_reset_password = false
|
#
|
||||||
|
# This setting has no effect, controller has been overriden at controllers/users/passwords_controller.rb
|
||||||
|
# config.sign_in_after_reset_password = false
|
||||||
|
|
||||||
# ==> Configuration for :encryptable
|
# ==> Configuration for :encryptable
|
||||||
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
|
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
|
||||||
|
|
|
@ -14,7 +14,8 @@ Rails.application.routes.draw do
|
||||||
sessions: 'users/sessions',
|
sessions: 'users/sessions',
|
||||||
invitations: 'users/invitations',
|
invitations: 'users/invitations',
|
||||||
confirmations: 'users/confirmations',
|
confirmations: 'users/confirmations',
|
||||||
omniauth_callbacks: 'users/omniauth_callbacks' }
|
omniauth_callbacks: 'users/omniauth_callbacks',
|
||||||
|
passwords: 'users/passwords' }
|
||||||
|
|
||||||
root 'dashboards#show'
|
root 'dashboards#show'
|
||||||
|
|
||||||
|
|
|
@ -20,6 +20,7 @@ Scenario: Unsuccessful add Text result
|
||||||
Given I am on Task results page
|
Given I am on Task results page
|
||||||
And I click "Add new result" button
|
And I click "Add new result" button
|
||||||
And I click on "Text" within dropdown menu
|
And I click on "Text" within dropdown menu
|
||||||
|
And WAIT
|
||||||
And I click "Add" button
|
And I click "Add" button
|
||||||
Then I should see "can't be blank"
|
Then I should see "can't be blank"
|
||||||
And I click "Cancel" button
|
And I click "Cancel" button
|
||||||
|
|
Loading…
Reference in a new issue