Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add 'reset_password_attempt_expired?' instance method #791

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add 'reset_password_attempt_expired?' instance method #791

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ User.load_from_reset_password_token(token)
@user.generate_reset_password_token! # if you want to send the email by youself
@user.deliver_reset_password_instructions! # generates the token and sends the email
@user.change_password!(new_password)
@user.reset_password_attempt_expired? # check if time between emails has not passed since last email
```

### user activation
Expand Down
14 changes: 11 additions & 3 deletions lib/sorcery/model/submodules/reset_password.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,12 +96,13 @@ def generate_reset_password_token!
# generates a reset code with expiration and sends an email to the user.
def deliver_reset_password_instructions!
mail = false
config = sorcery_config

# hammering protection
return false if config.reset_password_time_between_emails.present? && self.send(config.reset_password_email_sent_at_attribute_name) && self.send(config.reset_password_email_sent_at_attribute_name) > config.reset_password_time_between_emails.seconds.ago.utc
return false if reset_password_attempt_expired?

self.class.sorcery_adapter.transaction do
generate_reset_password_token!
mail = send_reset_password_email! unless config.reset_password_mailer_disabled
mail = send_reset_password_email! unless sorcery_config.reset_password_mailer_disabled
end
mail
end
Expand All @@ -113,6 +114,13 @@ def change_password!(new_password)
sorcery_adapter.save
end

def reset_password_attempt_expired?
sorcery_config.reset_password_time_between_emails.present? &&
self.send(sorcery_config.reset_password_email_sent_at_attribute_name) &&
self.send(sorcery_config.reset_password_email_sent_at_attribute_name) >
sorcery_config.reset_password_time_between_emails.seconds.ago.utc
end

protected

def send_reset_password_email!
Expand Down
7 changes: 7 additions & 0 deletions spec/shared_examples/user_reset_password_shared_examples.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,13 @@
expect(user.deliver_reset_password_instructions!).to be false
end

it "'reset_password_attempt_expired?' returns false if time between emails has not passed since last email" do
sorcery_model_property_set(:reset_password_time_between_emails, 10000)
user.deliver_reset_password_instructions!

expect(user.reset_password_attempt_expired?).to be false
end

it "encrypts properly on reset" do
user.deliver_reset_password_instructions!
user.change_password!("blagu")
Expand Down