chinwag/chinwagsocial
chinwag/chinwagsocial
2
0
Fork 0
Code Issues Pull requests Releases 4 Wiki Activity
chinwagsocial/app/controllers/auth/passwords_controller.rb

34 lines
779 B
Ruby
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
2016-11-16 02:56:29 +11:00
# frozen_string_literal: true
Customizing devise views and controllers
2016-03-06 08:43:05 +11:00
class Auth::PasswordsController < Devise::PasswordsController
Redirect to PasswordController#new when reset_password_token is invalid (#4506)
2017-08-04 01:45:45 +10:00
before_action :check_validity_of_reset_password_token, only: :edit
Compensate for scrollbar disappearing when media modal visible (#8100) * Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo
2018-07-31 09:14:33 +10:00
before_action :set_body_classes
Redirect to PasswordController#new when reset_password_token is invalid (#4506)
2017-08-04 01:45:45 +10:00
Customizing devise views and controllers
2016-03-06 08:43:05 +11:00
layout 'auth'
Redirect to PasswordController#new when reset_password_token is invalid (#4506)
2017-08-04 01:45:45 +10:00
Fix password change/reset not immediately invalidating other sessions (#12928) While making browser requests in the other sessions after a password change or reset does not allow you to be logged in and correctly invalidates the session making the request, sessions have API tokens associated with them, which can still be used until that session is invalidated. This is a security issue for accounts that were already compromised some other way because it makes it harder to throw out the hijacker.
2020-01-24 10:20:38 +11:00
def update
super do |resource|
Fix other sessions not being logged out on password change (#14252) While OAuth tokens were immediately revoked, accessing the home controller immediately generated new OAuth tokens and "revived" the session due to a combination of using remember_me tokens and overwriting the `authenticate_user!` method
2020-07-07 23:26:31 +10:00
if resource.errors.empty?
resource.session_activations.destroy_all
end
Fix password change/reset not immediately invalidating other sessions (#12928) While making browser requests in the other sessions after a password change or reset does not allow you to be logged in and correctly invalidates the session making the request, sessions have API tokens associated with them, which can still be used until that session is invalidated. This is a security issue for accounts that were already compromised some other way because it makes it harder to throw out the hijacker.
2020-01-24 10:20:38 +11:00
end
end
Redirect to PasswordController#new when reset_password_token is invalid (#4506)
2017-08-04 01:45:45 +10:00
private
def check_validity_of_reset_password_token
unless reset_password_token_is_valid?
flash[:error] = I18n.t('auth.invalid_reset_password_token')
redirect_to new_password_path(resource_name)
end
end
Compensate for scrollbar disappearing when media modal visible (#8100) * Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo
2018-07-31 09:14:33 +10:00
def set_body_classes
@body_classes = 'lighter'
end
Redirect to PasswordController#new when reset_password_token is invalid (#4506)
2017-08-04 01:45:45 +10:00
def reset_password_token_is_valid?
resource_class.with_reset_password_token(params[:reset_password_token]).present?
end
Customizing devise views and controllers
2016-03-06 08:43:05 +11:00
end
Reference in a new issue Copy permalink