mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-14 02:44:13 +00:00
5fb1c3e934
* Clear sessions on password change * Rename User::clear_sessions to revoke_access for a clearer meaning * Add reset paassword controller test * Use User.find instead of User.find_for_authentication for reset password test * Use redirect and render for better test meaning in reset password Co-authored-by: Effy Elden <effy@effy.space>
36 lines
812 B
Ruby
36 lines
812 B
Ruby
# frozen_string_literal: true
|
|
|
|
class Auth::PasswordsController < Devise::PasswordsController
|
|
before_action :check_validity_of_reset_password_token, only: :edit
|
|
before_action :set_body_classes
|
|
|
|
layout 'auth'
|
|
|
|
def update
|
|
super do |resource|
|
|
if resource.errors.empty?
|
|
resource.session_activations.destroy_all
|
|
|
|
resource.revoke_access!
|
|
end
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def check_validity_of_reset_password_token
|
|
unless reset_password_token_is_valid?
|
|
flash[:error] = I18n.t('auth.invalid_reset_password_token')
|
|
redirect_to new_password_path(resource_name)
|
|
end
|
|
end
|
|
|
|
def set_body_classes
|
|
@body_classes = 'lighter'
|
|
end
|
|
|
|
def reset_password_token_is_valid?
|
|
resource_class.with_reset_password_token(params[:reset_password_token]).present?
|
|
end
|
|
end
|