Fix clearing reset password token while reseting password.

2026-01-10 08:08:00 -05:00 · 2009-10-18 09:54:53 -02:00
parent 75e98d3041
commit 29ea916e9f
4 changed files with 31 additions and 6 deletions
--- a/lib/devise/models/confirmable.rb
+++ b/lib/devise/models/confirmable.rb
@@ -85,9 +85,9 @@ module Devise

        # Resets the confirmation token with and save the record without
        # validating.
-#        def generate_confirmation_token!
-#          generate_confirmation_token && save(false)
-#        end
+        def generate_confirmation_token!
+          generate_confirmation_token && save(false)
+        end

        # Removes confirmation token
        def clear_confirmation_token
--- a/lib/devise/models/recoverable.rb
+++ b/lib/devise/models/recoverable.rb
@@ -28,7 +28,7 @@ module Devise
      # the passwords are valid and the record was saved, false otherwise.
      def reset_password!(new_password, new_password_confirmation)
        reset_password(new_password, new_password_confirmation)
-        clear_reset_password_token
+        clear_reset_password_token if valid?
        save
      end

--- a/test/integration/recoverable_test.rb
+++ b/test/integration/recoverable_test.rb
@@ -20,7 +20,9 @@ class PasswordTest < ActionController::IntegrationTest
  end

  def reset_password(options={}, &block)
-    visit edit_user_password_path(:reset_password_token => options[:reset_password_token])
+    unless options[:visit] == false
+      visit edit_user_password_path(:reset_password_token => options[:reset_password_token])
+    end
    assert_response :success
    assert_template 'passwords/edit'

@@ -103,4 +105,19 @@ class PasswordTest < ActionController::IntegrationTest
    assert_contain 'Your password was changed successfully.'
    assert user.reload.valid_password?('987654321')
  end
+
+  test 'after entering invalid data user should still be able to change his password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token do
+      fill_in 'Password confirmation', :with => 'other_password'
+    end
+    assert_response :success
+    assert_have_selector '#errorExplanation'
+    assert_not user.reload.valid_password?('987654321')
+
+    reset_password :reset_password_token => user.reload.reset_password_token, :visit => false
+    assert_contain 'Your password was changed successfully.'
+    assert user.reload.valid_password?('987654321')
+  end
 end
--- a/test/models/recoverable_test.rb
+++ b/test/models/recoverable_test.rb
@@ -51,10 +51,18 @@ class RecoverableTest < ActiveSupport::TestCase
    assert_nil user.reset_password_token
    user.send_reset_password_instructions
    assert_present user.reset_password_token
-    user.reset_password!('123456789', '123456789')
+    assert user.reset_password!('123456789', '123456789')
    assert_nil user.reset_password_token
  end

+  test 'should not clear reset password token if record is invalid' do
+    user = create_user
+    user.send_reset_password_instructions
+    assert_present user.reset_password_token
+    assert_not user.reset_password!('123456789', '987654321')
+    assert_present user.reset_password_token
+  end
+
  test 'should not reset password with invalid data' do
    user = create_user
    user.stubs(:valid?).returns(false)