Delegate sign_in_after_reset_password to resource class

Allows resource class scopes to overrides the global configuration for sign in after reset password behaviour.
2026-01-08 22:37:57 -05:00 · 2021-11-26 16:38:24 +10:30
parent 90f46bac37
commit 60c5774ff4
2 changed files with 27 additions and 2 deletions
--- a/test/integration/recoverable_test.rb
+++ b/test/integration/recoverable_test.rb
@@ -222,6 +222,31 @@ class PasswordTest < Devise::IntegrationTest
    end
  end

+  test 'does not sign in user automatically after changing its password if resource_class.sign_in_after_reset_password is false' do
+    swap User, sign_in_after_reset_password: false do
+      create_user
+      request_forgot_password
+      reset_password
+
+      assert_contain 'Your password has been changed successfully'
+      assert_not_contain 'You are now signed in.'
+      assert_equal new_user_session_path, @request.path
+      assert !warden.authenticated?(:user)
+    end
+  end
+
+  test 'sign in user automatically after changing its password if resource_class.sign_in_after_reset_password is true' do
+    swap Devise, sign_in_after_reset_password: false do
+      swap User, sign_in_after_reset_password: true do
+        create_user
+        request_forgot_password
+        reset_password
+
+        assert warden.authenticated?(:user)
+      end
+    end
+  end
+
  test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do
    [:none, :time].each do |strategy|
      swap Devise, unlock_strategy: strategy do