Save allow_password_change flag to db to persist across requests

Fixes lynndylanhurley#481
RavenXce · Jan 6, 2016 · 60fab78 · 60fab78
1 parent e7a5062
commit 60fab78
Show file tree

Hide file tree

Showing 12 changed files with 138 additions and 123 deletions.
diff --git a/app/controllers/devise_token_auth/passwords_controller.rb b/app/controllers/devise_token_auth/passwords_controller.rb
@@ -125,6 +125,7 @@ def update
 
       if @resource.send(resource_update_method, password_resource_params)
         @resource.allow_password_change = false
+        @resource.save!
 
         yield if block_given?
         return render_update_success

diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb
@@ -48,9 +48,8 @@ def self.tokens_match?(token_hash, token)
     before_save :remove_tokens_after_password_reset
 
     # allows user to change password without current_password
-    attr_writer :allow_password_change
     def allow_password_change
-      @allow_password_change || false
+      self[:allow_password_change] || false
     end
 
     # don't use default devise email validation

diff --git a/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb b/lib/generators/devise_token_auth/templates/devise_token_auth_create_users.rb.erb
@@ -11,6 +11,7 @@ class DeviseTokenAuthCreate<%= user_class.pluralize %> < ActiveRecord::Migration
       ## Recoverable
       t.string   :reset_password_token
       t.datetime :reset_password_sent_at
+      t.boolean  :allow_password_change, :null => false, :default => false
 
       ## Rememberable
       t.datetime :remember_created_at