diff --git a/TODO b/TODO index 15b2bcbe..882a85b6 100644 --- a/TODO +++ b/TODO @@ -30,3 +30,4 @@ * Remove perishable token and create attributes for confirmation_token and reset_password_token * Add confirmation_sent_at for confirmable * Add confirmable filters +* Sign user in automatically after confirming or changing it's password diff --git a/app/controllers/confirmations_controller.rb b/app/controllers/confirmations_controller.rb index 7ba74c3a..51ebc389 100644 --- a/app/controllers/confirmations_controller.rb +++ b/app/controllers/confirmations_controller.rb @@ -22,8 +22,9 @@ class ConfirmationsController < ApplicationController self.resource = resource_class.confirm!(:confirmation_token => params[:confirmation_token]) if resource.errors.empty? + sign_in_automatically(resource, resource_name) set_flash_message :success, :confirmed - redirect_to new_session_path(resource_name) + redirect_to root_path else render :new end diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 92e50f28..d4e9129e 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -28,8 +28,9 @@ class PasswordsController < ApplicationController self.resource = resource_class.reset_password!(params[resource_name]) if resource.errors.empty? + sign_in_automatically(resource, resource_name) set_flash_message :success, :updated - redirect_to new_session_path(resource_name) + redirect_to root_path else render :edit end diff --git a/lib/devise/controllers/filters.rb b/lib/devise/controllers/filters.rb index 4ade91bf..4ae535a4 100644 --- a/lib/devise/controllers/filters.rb +++ b/lib/devise/controllers/filters.rb @@ -29,6 +29,12 @@ module Devise warden.authenticated?(scope) end + # Set the warden user with the scope, sign in the resource automatically + # (without credentials) + def sign_in_automatically(resource, scope) + warden.set_user(resource, :scope => scope) + end + # Sign out based on scope def sign_out(scope, *args) warden.raw_session.inspect # Without this inspect here. The session does not clear. diff --git a/test/controllers/filters_test.rb b/test/controllers/filters_test.rb index 6e8c06d8..c3d44b4e 100644 --- a/test/controllers/filters_test.rb +++ b/test/controllers/filters_test.rb @@ -78,4 +78,10 @@ class ControllerAuthenticableTest < ActionController::TestCase @controller.expects(:redirect_to).with(root_path) @controller.require_no_authentication end + + test 'sign in automatically proxy to set user on warden' do + user = OpenStruct.new + @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true) + @controller.sign_in_automatically(user, :user) + end end diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index cde9bed9..487e28f6 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -2,6 +2,10 @@ require 'test/test_helper' class ConfirmationTest < ActionController::IntegrationTest + def visit_user_confirmation_with_token(confirmation_token) + visit user_confirmation_path(:confirmation_token => confirmation_token) + end + test 'user should be able to request a new confirmation' do user = create_user(:confirm => false) ActionMailer::Base.deliveries.clear @@ -18,7 +22,7 @@ class ConfirmationTest < ActionController::IntegrationTest end test 'user with invalid confirmation token should not be able to confirm an account' do - visit user_confirmation_path(:confirmation_token => 'invalid_confirmation') + visit_user_confirmation_with_token('invalid_confirmation') assert_response :success assert_template 'confirmations/new' @@ -30,9 +34,9 @@ class ConfirmationTest < ActionController::IntegrationTest user = create_user(:confirm => false) assert_not user.confirmed? - visit user_confirmation_path(:confirmation_token => user.confirmation_token) + visit_user_confirmation_with_token(user.confirmation_token) - assert_template 'sessions/new' + assert_template 'home/index' assert_contain 'Your account was successfully confirmed!' assert user.reload.confirmed? @@ -40,10 +44,17 @@ class ConfirmationTest < ActionController::IntegrationTest test 'user already confirmed user should not be able to confirm the account again' do user = create_user - visit user_confirmation_path(:confirmation_token => user.confirmation_token) + visit_user_confirmation_with_token(user.confirmation_token) assert_template 'confirmations/new' assert_have_selector '#errorExplanation' assert_contain 'already confirmed' end + + test 'sign in user automatically after confirming it\'s email' do + user = create_user(:confirm => false) + visit_user_confirmation_with_token(user.confirmation_token) + + assert warden.authenticated?(:user) + end end diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 38ead9cf..44bbcbf3 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -101,7 +101,7 @@ class PasswordTest < ActionController::IntegrationTest request_forgot_password reset_password :reset_password_token => user.reload.reset_password_token - assert_template 'sessions/new' + assert_template 'home/index' assert_contain 'Your password was changed successfully.' assert user.reload.valid_password?('987654321') end @@ -120,4 +120,12 @@ class PasswordTest < ActionController::IntegrationTest assert_contain 'Your password was changed successfully.' assert user.reload.valid_password?('987654321') end + + test 'sign in user automatically after changing it\'s password' do + user = create_user + request_forgot_password + reset_password :reset_password_token => user.reload.reset_password_token + + assert warden.authenticated?(:user) + end end