Skip to content

Commit 74ec935

Browse files
authored
Modify the edit method in PasswordsController to include reset_password_token in the redirect URL. (#1650)
1 parent 80f04b4 commit 74ec935

2 files changed

Lines changed: 61 additions & 30 deletions

File tree

app/controllers/devise_token_auth/passwords_controller.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ def edit
5656
set_token_in_cookie(@resource, token)
5757
end
5858

59-
redirect_header_options = { reset_password: true }
59+
redirect_header_options = { reset_password: true, reset_password_token: resource_params[:reset_password_token] }
6060
redirect_headers = build_redirect_headers(token.token,
6161
token.client,
6262
redirect_header_options)

test/controllers/devise_token_auth/passwords_controller_test.rb

Lines changed: 60 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -229,42 +229,73 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
229229
end
230230

231231
describe 'password reset link success' do
232-
before do
233-
get :edit,
234-
params: { reset_password_token: @mail_reset_token,
235-
redirect_url: @mail_redirect_url }
232+
describe 'with require_client_password_reset_token is enabled' do
233+
before do
234+
DeviseTokenAuth.require_client_password_reset_token = true
235+
get :edit,
236+
params: { reset_password_token: @mail_reset_token,
237+
redirect_url: @mail_redirect_url }
236238

237-
@resource.reload
239+
@resource.reload
238240

239-
raw_qs = response.location.split('?')[1]
240-
@qs = Rack::Utils.parse_nested_query(raw_qs)
241+
raw_qs = response.location.split('?')[1]
242+
@qs = Rack::Utils.parse_nested_query(raw_qs)
241243

242-
@access_token = @qs['access-token']
243-
@client_id = @qs['client_id']
244-
@client = @qs['client']
245-
@expiry = @qs['expiry']
246-
@reset_password = @qs['reset_password']
247-
@token = @qs['token']
248-
@uid = @qs['uid']
249-
end
244+
@reset_password_token = @qs['reset_password_token']
245+
end
250246

251-
test 'response should have success redirect status' do
252-
assert_equal 302, response.status
253-
end
247+
test 'response should have success redirect status' do
248+
assert_equal 302, response.status
249+
end
254250

255-
test 'response should contain auth params' do
256-
assert @access_token
257-
assert @client
258-
assert @client_id
259-
assert @expiry
260-
assert @reset_password
261-
assert @token
262-
assert @uid
251+
test 'response should contain reset_password_token param' do
252+
assert_equal @mail_reset_token, @qs['reset_password_token']
253+
end
263254
end
264255

265-
test 'response auth params should be valid' do
266-
assert @resource.valid_token?(@token, @client_id)
267-
assert @resource.valid_token?(@access_token, @client)
256+
describe 'require_client_password_reset_token is disabled' do
257+
before do
258+
DeviseTokenAuth.require_client_password_reset_token = false
259+
get :edit,
260+
params: { reset_password_token: @mail_reset_token,
261+
redirect_url: @mail_redirect_url }
262+
263+
@resource.reload
264+
265+
raw_qs = response.location.split('?')[1]
266+
@qs = Rack::Utils.parse_nested_query(raw_qs)
267+
268+
@access_token = @qs['access-token']
269+
@client_id = @qs['client_id']
270+
@client = @qs['client']
271+
@expiry = @qs['expiry']
272+
@reset_password = @qs['reset_password']
273+
@token = @qs['token']
274+
@uid = @qs['uid']
275+
end
276+
277+
test 'response should have success redirect status' do
278+
assert_equal 302, response.status
279+
end
280+
281+
test 'response should contain auth params' do
282+
assert @access_token
283+
assert @client
284+
assert @client_id
285+
assert @expiry
286+
assert @reset_password
287+
assert @token
288+
assert @uid
289+
end
290+
291+
test 'response auth params should be valid' do
292+
assert @resource.valid_token?(@token, @client_id)
293+
assert @resource.valid_token?(@access_token, @client)
294+
end
295+
296+
test 'response should contain reset_password_token param' do
297+
assert_equal @mail_reset_token, @qs['reset_password_token']
298+
end
268299
end
269300
end
270301
end

0 commit comments

Comments
 (0)