Sign user in automatically after confirming or changing it's password

2026-01-14 17:27:58 -05:00 · 2009-10-18 10:36:20 -02:00
parent 1f9718c120
commit 8d85db3b57
7 changed files with 41 additions and 7 deletions
--- a/1
+++ b/1
@@ -30,3 +30,4 @@
 * Remove perishable token and create attributes for confirmation_token and reset_password_token
 * Add confirmation_sent_at for confirmable
 * Add confirmable filters
+* Sign user in automatically after confirming or changing it's password
--- a/app/controllers/confirmations_controller.rb
+++ b/app/controllers/confirmations_controller.rb
@@ -22,8 +22,9 @@ class ConfirmationsController < ApplicationController
    self.resource = resource_class.confirm!(:confirmation_token => params[:confirmation_token])

    if resource.errors.empty?
+      sign_in_automatically(resource, resource_name)
      set_flash_message :success, :confirmed
-      redirect_to new_session_path(resource_name)
+      redirect_to root_path
    else
      render :new
    end
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@ -28,8 +28,9 @@ class PasswordsController < ApplicationController
    self.resource = resource_class.reset_password!(params[resource_name])

    if resource.errors.empty?
+      sign_in_automatically(resource, resource_name)
      set_flash_message :success, :updated
-      redirect_to new_session_path(resource_name)
+      redirect_to root_path
    else
      render :edit
    end
--- a/lib/devise/controllers/filters.rb
+++ b/lib/devise/controllers/filters.rb
@@ -29,6 +29,12 @@ module Devise
        warden.authenticated?(scope)
      end

+      # Set the warden user with the scope, sign in the resource automatically
+      # (without credentials)
+      def sign_in_automatically(resource, scope)
+        warden.set_user(resource, :scope => scope)
+      end
+
      # Sign out based on scope
      def sign_out(scope, *args)
        warden.raw_session.inspect # Without this inspect here. The session does not clear.
--- a/test/controllers/filters_test.rb
+++ b/test/controllers/filters_test.rb
@@ -78,4 +78,10 @@ class ControllerAuthenticableTest < ActionController::TestCase
    @controller.expects(:redirect_to).with(root_path)
    @controller.require_no_authentication
  end
+
+  test 'sign in automatically proxy to set user on warden' do
+    user = OpenStruct.new
+    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @controller.sign_in_automatically(user, :user)
+  end
 end
--- a/test/integration/confirmable_test.rb
+++ b/test/integration/confirmable_test.rb
@@ -2,6 +2,10 @@ require 'test/test_helper'

 class ConfirmationTest < ActionController::IntegrationTest

+  def visit_user_confirmation_with_token(confirmation_token)
+    visit user_confirmation_path(:confirmation_token => confirmation_token)
+  end
+
  test 'user should be able to request a new confirmation' do
    user = create_user(:confirm => false)
    ActionMailer::Base.deliveries.clear
@@ -18,7 +22,7 @@ class ConfirmationTest < ActionController::IntegrationTest
  end

  test 'user with invalid confirmation token should not be able to confirm an account' do
-    visit user_confirmation_path(:confirmation_token => 'invalid_confirmation')
+    visit_user_confirmation_with_token('invalid_confirmation')

    assert_response :success
    assert_template 'confirmations/new'
@@ -30,9 +34,9 @@ class ConfirmationTest < ActionController::IntegrationTest
    user = create_user(:confirm => false)
    assert_not user.confirmed?

-    visit user_confirmation_path(:confirmation_token => user.confirmation_token)
+    visit_user_confirmation_with_token(user.confirmation_token)

-    assert_template 'sessions/new'
+    assert_template 'home/index'
    assert_contain 'Your account was successfully confirmed!'

    assert user.reload.confirmed?
@@ -40,10 +44,17 @@ class ConfirmationTest < ActionController::IntegrationTest

  test 'user already confirmed user should not be able to confirm the account again' do
    user = create_user
-    visit user_confirmation_path(:confirmation_token => user.confirmation_token)
+    visit_user_confirmation_with_token(user.confirmation_token)

    assert_template 'confirmations/new'
    assert_have_selector '#errorExplanation'
    assert_contain 'already confirmed'
  end
+
+  test 'sign in user automatically after confirming it\'s email' do
+    user = create_user(:confirm => false)
+    visit_user_confirmation_with_token(user.confirmation_token)
+
+    assert warden.authenticated?(:user)
+  end
 end
--- a/test/integration/recoverable_test.rb
+++ b/test/integration/recoverable_test.rb
@@ -101,7 +101,7 @@ class PasswordTest < ActionController::IntegrationTest
    request_forgot_password
    reset_password :reset_password_token => user.reload.reset_password_token

-    assert_template 'sessions/new'
+    assert_template 'home/index'
    assert_contain 'Your password was changed successfully.'
    assert user.reload.valid_password?('987654321')
  end
@@ -120,4 +120,12 @@ class PasswordTest < ActionController::IntegrationTest
    assert_contain 'Your password was changed successfully.'
    assert user.reload.valid_password?('987654321')
  end
+
+  test 'sign in user automatically after changing it\'s password' do
+    user = create_user
+    request_forgot_password
+    reset_password :reset_password_token => user.reload.reset_password_token
+
+    assert warden.authenticated?(:user)
+  end
 end