Skip to content

Commit

Permalink
When we edit user password (after asking reset). Do not run skip_conf…
Browse files Browse the repository at this point in the history
…irmation! is the user is not :confirmable
  • Loading branch information
Sébastien Fieloux committed Jul 8, 2015
1 parent 62f3d13 commit b241626
Show file tree
Hide file tree
Showing 6 changed files with 132 additions and 9 deletions.
6 changes: 4 additions & 2 deletions app/controllers/devise_token_auth/passwords_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ def edit
}

# ensure that user is confirmed
@resource.skip_confirmation! unless @resource.confirmed_at
@resource.skip_confirmation! unless !@resource.devise_modules.include?(:confirmable) && @resource.confirmed_at

@resource.save!
yield if block_given?
Expand All @@ -118,7 +118,9 @@ def edit
config: params[:config]
}))
else
raise ActionController::RoutingError.new('Not Found')
render json: {
success: false
}, status: 404
end
end

Expand Down
37 changes: 31 additions & 6 deletions test/controllers/devise_token_auth/passwords_controller_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -68,13 +68,13 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
end

describe 'password reset link failure' do
test 'request should not be authorized' do
assert_raises(ActionController::RoutingError) {
xhr :get, :edit, {
test 'respone should return 404' do
xhr :get, :edit, {
reset_password_token: 'bogus',
redirect_url: @mail_redirect_url
}
}

assert_equal 404, response.status
end
end

Expand Down Expand Up @@ -305,7 +305,7 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase

describe 'unconfirmed user' do
before do
@resource = users(:unconfirmed_email_user)
@resource = unconfirmable_users(:user)
@redirect_url = 'http://ng-token-auth.dev'

xhr :post, :create, {
Expand All @@ -327,9 +327,34 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase

@resource.reload
end
end
describe 'unconfirmable user' do
before do
@resource = unconfirmable_users(:user)
@redirect_url = 'http://ng-token-auth.dev'

puts @resource.inspect
xhr :post, :create, {
email: @resource.email,
redirect_url: @redirect_url
}

@mail = ActionMailer::Base.deliveries.last
@resource.reload

@mail_config_name = CGI.unescape(@mail.body.match(/config=([^&]*)&/)[1])
@mail_redirect_url = CGI.unescape(@mail.body.match(/redirect_url=([^&]*)&/)[1])
@mail_reset_token = @mail.body.match(/reset_password_token=(.*)\"/)[1]

xhr :get, :edit, {
reset_password_token: @mail_reset_token,
redirect_url: @mail_redirect_url
}

@resource.reload
end
test 'unconfirmed email user should now be confirmed' do
assert @resource.confirmed_at
# assert @resource.confirmed_at
end
end

Expand Down
8 changes: 8 additions & 0 deletions test/dummy/app/models/unconfirmable_user.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
class UnconfirmableUser < ActiveRecord::Base
# Include default devise modules.
devise :database_authenticatable, :registerable,
:recoverable, :rememberable,
:trackable, :validatable,
:omniauthable
include DeviseTokenAuth::Concerns::User
end
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
class DeviseTokenAuthCreateUnconfirmableUsers < ActiveRecord::Migration
def change
create_table(:unconfirmable_users) do |t|
## Required
t.string :provider, :null => false
t.string :uid, :null => false, :default => ""

## Database authenticatable
t.string :encrypted_password, :null => false, :default => ""

## Recoverable
t.string :reset_password_token
t.datetime :reset_password_sent_at

## Rememberable
t.datetime :remember_created_at

## Trackable
t.integer :sign_in_count, :default => 0, :null => false
t.datetime :current_sign_in_at
t.datetime :last_sign_in_at
t.string :current_sign_in_ip
t.string :last_sign_in_ip

## Confirmable
# t.string :confirmation_token
# t.datetime :confirmed_at
# t.datetime :confirmation_sent_at
# t.string :unconfirmed_email # Only if using reconfirmable

## Lockable
# t.integer :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
# t.string :unlock_token # Only if unlock strategy is :email or :both
# t.datetime :locked_at

## User Info
t.string :name
t.string :nickname
t.string :image
t.string :email

## Tokens
t.text :tokens

t.timestamps
end

add_index :unconfirmable_users, :email
add_index :unconfirmable_users, [:uid, :provider], :unique => true
add_index :unconfirmable_users, :reset_password_token, :unique => true
# add_index :nice_users, :confirmation_token, :unique => true
# add_index :nice_users, :unlock_token, :unique => true
end
end
27 changes: 26 additions & 1 deletion test/dummy/db/schema.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.

ActiveRecord::Schema.define(version: 20150409095712) do
ActiveRecord::Schema.define(version: 20150708104536) do

create_table "evil_users", force: :cascade do |t|
t.string "email", limit: 255
Expand Down Expand Up @@ -122,6 +122,31 @@
add_index "only_email_users", ["email"], name: "index_only_email_users_on_email"
add_index "only_email_users", ["uid", "provider"], name: "index_only_email_users_on_uid_and_provider", unique: true

create_table "unconfirmable_users", force: :cascade do |t|
t.string "provider", null: false
t.string "uid", default: "", null: false
t.string "encrypted_password", default: "", null: false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.datetime "remember_created_at"
t.integer "sign_in_count", default: 0, null: false
t.datetime "current_sign_in_at"
t.datetime "last_sign_in_at"
t.string "current_sign_in_ip"
t.string "last_sign_in_ip"
t.string "name"
t.string "nickname"
t.string "image"
t.string "email"
t.text "tokens"
t.datetime "created_at"
t.datetime "updated_at"
end

add_index "unconfirmable_users", ["email"], name: "index_unconfirmable_users_on_email"
add_index "unconfirmable_users", ["reset_password_token"], name: "index_unconfirmable_users_on_reset_password_token", unique: true
add_index "unconfirmable_users", ["uid", "provider"], name: "index_unconfirmable_users_on_uid_and_provider", unique: true

create_table "unregisterable_users", force: :cascade do |t|
t.string "provider", limit: 255, null: false
t.string "uid", limit: 255, default: "", null: false
Expand Down
9 changes: 9 additions & 0 deletions test/fixtures/unconfirmable_users.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
<% timestamp = DateTime.parse(2.weeks.ago.to_s).to_time.strftime("%F %T") %>
<% @email = Faker::Internet.email %>
user:
uid: "<%= @email %>"
email: "<%= @email %>"
provider: 'email'
created_at: '<%= timestamp %>'
updated_at: '<%= timestamp %>'
encrypted_password: <%= User.new.send(:password_digest, 'secret123') %>

0 comments on commit b241626

Please sign in to comment.