scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-09-20 14:45:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Override password reset action, sign_in user only if 2fa disabled

Browse source
This commit is contained in:
Urban Rotnik 2020-08-07 12:17:27 +02:00
parent 6853caa0c8
commit 3c1c562e4c
4 changed files with 30 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
app/controllers/users/passwords_controller.rb
View file

@ -15,15 +15,32 @@ class Users::PasswordsController < Devise::PasswordsController
# end # end
# PUT /resource/password # PUT /resource/password
# def update def update
# super self.resource = resource_class.reset_password_by_token(resource_params)
# end yield resource if block_given?
# protected if resource.errors.empty?
resource.unlock_access! if unlockable?(resource)
if !resource.two_factor_auth_enabled?
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
set_flash_message!(:notice, flash_message)
resource.after_database_authentication
sign_in(resource_name, resource)
else
set_flash_message!(:notice, :updated_not_active)
end
respond_with resource, location: after_resetting_password_path_for(resource)
else
set_minimum_password_length
respond_with resource
end
end
# def after_resetting_password_path_for(resource) protected
# super(resource)
# end def after_resetting_password_path_for(resource)
resource.two_factor_auth_enabled? ? new_session_path(resource_name) : after_sign_in_path_for(resource)
end
# The path used after sending reset password instructions # The path used after sending reset password instructions
# def after_sending_reset_password_instructions_path_for(resource_name) # def after_sending_reset_password_instructions_path_for(resource_name)

4
config/initializers/devise.rb
View file

@ -243,7 +243,9 @@ Devise.setup do |config|
# When set to false, does not sign a user in automatically after their password is # When set to false, does not sign a user in automatically after their password is
# reset. Defaults to true, so a user is signed in automatically after a reset. # reset. Defaults to true, so a user is signed in automatically after a reset.
config.sign_in_after_reset_password = false #
# This setting has no effect, controller has been overriden at controllers/users/passwords_controller.rb
# config.sign_in_after_reset_password = false
# ==> Configuration for :encryptable # ==> Configuration for :encryptable
# Allow you to use another encryption algorithm besides bcrypt (default). You can use # Allow you to use another encryption algorithm besides bcrypt (default). You can use

3
config/routes.rb
View file

@ -14,7 +14,8 @@ Rails.application.routes.draw do
sessions: 'users/sessions', sessions: 'users/sessions',
invitations: 'users/invitations', invitations: 'users/invitations',
confirmations: 'users/confirmations', confirmations: 'users/confirmations',
omniauth_callbacks: 'users/omniauth_callbacks' } omniauth_callbacks: 'users/omniauth_callbacks',
passwords: 'users/passwords' }
root 'dashboards#show' root 'dashboards#show'

1
features/result.feature
View file

@ -20,6 +20,7 @@ Scenario: Unsuccessful add Text result
Given I am on Task results page Given I am on Task results page
And I click "Add new result" button And I click "Add new result" button
And I click on "Text" within dropdown menu And I click on "Text" within dropdown menu
And WAIT
And I click "Add" button And I click "Add" button
Then I should see "can't be blank" Then I should see "can't be blank"
And I click "Cancel" button And I click "Cancel" button