fix: encode reset password email in param because it's rendered in view later
This commit is contained in:
parent
01d6ef3f60
commit
9db7b5b864
3 changed files with 20 additions and 3 deletions
|
@ -117,6 +117,10 @@ class ApplicationController < ActionController::Base
|
|||
"window.location.href='#{path}'"
|
||||
end
|
||||
|
||||
def message_verifier
|
||||
@message_verifier ||= ActiveSupport::MessageVerifier.new(Rails.application.secret_key_base)
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def feature_enabled?(feature_name)
|
||||
|
|
|
@ -26,7 +26,7 @@ class Users::PasswordsController < Devise::PasswordsController
|
|||
# end
|
||||
|
||||
def reset_link_sent
|
||||
@email = params[:email]
|
||||
@email = message_verifier.verify(params[:email], purpose: :reset_password) rescue nil
|
||||
end
|
||||
|
||||
protected
|
||||
|
@ -37,7 +37,8 @@ class Users::PasswordsController < Devise::PasswordsController
|
|||
|
||||
def after_sending_reset_password_instructions_path_for(resource_name)
|
||||
flash.discard(:notice)
|
||||
users_password_reset_link_sent_path(email: resource.email)
|
||||
signed_email = message_verifier.generate(resource.email, purpose: :reset_password, expires_in: 1.hour)
|
||||
users_password_reset_link_sent_path(email: signed_email)
|
||||
end
|
||||
|
||||
def try_to_authenticate_instructeur
|
||||
|
|
|
@ -43,11 +43,23 @@ describe Users::PasswordsController, type: :controller do
|
|||
let(:email) { 'test@example.com' }
|
||||
|
||||
it 'displays the page' do
|
||||
get 'reset_link_sent', params: { email: email }
|
||||
signed_email = controller.message_verifier.generate(email, purpose: :reset_password)
|
||||
|
||||
get 'reset_link_sent', params: { email: signed_email }
|
||||
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(response).to render_template('reset_link_sent')
|
||||
expect(assigns(:email)).to eq email
|
||||
end
|
||||
|
||||
context 'when signed email is invalid' do
|
||||
it "does not fail" do
|
||||
get 'reset_link_sent', params: { email: "invalid.message" }
|
||||
|
||||
expect(response).to have_http_status(:ok)
|
||||
expect(response).to render_template('reset_link_sent')
|
||||
expect(assigns(:email)).to be_nil
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue