fix: encode reset password email in param because it's rendered in view later
This commit is contained in:
Colin Darie
parent
01d6ef3f60
commit
9db7b5b864
3 changed files with 20 additions and 3 deletions
|
|
@ -117,6 +117,10 @@ class ApplicationController < ActionController::Base
|
||||||
"window.location.href='#{path}'"
|
"window.location.href='#{path}'"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def message_verifier
|
||||||
|
@message_verifier ||= ActiveSupport::MessageVerifier.new(Rails.application.secret_key_base)
|
||||||
|
end
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
|
||||||
def feature_enabled?(feature_name)
|
def feature_enabled?(feature_name)
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ class Users::PasswordsController < Devise::PasswordsController
|
||||||
# end
|
# end
|
||||||
|
|
||||||
def reset_link_sent
|
def reset_link_sent
|
||||||
@email = params[:email]
|
@email = message_verifier.verify(params[:email], purpose: :reset_password) rescue nil
|
||||||
end
|
end
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
|
@ -37,7 +37,8 @@ class Users::PasswordsController < Devise::PasswordsController
|
||||||
|
|
||||||
def after_sending_reset_password_instructions_path_for(resource_name)
|
def after_sending_reset_password_instructions_path_for(resource_name)
|
||||||
flash.discard(:notice)
|
flash.discard(:notice)
|
||||||
users_password_reset_link_sent_path(email: resource.email)
|
signed_email = message_verifier.generate(resource.email, purpose: :reset_password, expires_in: 1.hour)
|
||||||
|
users_password_reset_link_sent_path(email: signed_email)
|
||||||
end
|
end
|
||||||
|
|
||||||
def try_to_authenticate_instructeur
|
def try_to_authenticate_instructeur
|
||||||
|
|
|
||||||
|
|
@ -43,11 +43,23 @@ describe Users::PasswordsController, type: :controller do
|
||||||
let(:email) { 'test@example.com' }
|
let(:email) { 'test@example.com' }
|
||||||
|
|
||||||
it 'displays the page' do
|
it 'displays the page' do
|
||||||
get 'reset_link_sent', params: { email: email }
|
signed_email = controller.message_verifier.generate(email, purpose: :reset_password)
|
||||||
|
|
||||||
|
get 'reset_link_sent', params: { email: signed_email }
|
||||||
|
|
||||||
expect(response).to have_http_status(:ok)
|
expect(response).to have_http_status(:ok)
|
||||||
expect(response).to render_template('reset_link_sent')
|
expect(response).to render_template('reset_link_sent')
|
||||||
expect(assigns(:email)).to eq email
|
expect(assigns(:email)).to eq email
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when signed email is invalid' do
|
||||||
|
it "does not fail" do
|
||||||
|
get 'reset_link_sent', params: { email: "invalid.message" }
|
||||||
|
|
||||||
|
expect(response).to have_http_status(:ok)
|
||||||
|
expect(response).to render_template('reset_link_sent')
|
||||||
|
expect(assigns(:email)).to be_nil
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue