go/authboss
1
0
Fork 0
mirror of https://github.com/volatiletech/authboss.git synced 2025-07-15 01:24:33 +02:00
Code Issues Releases Activity

allow to customize if the user is going to be signed in after recover

Browse Source
This commit is contained in:
Kaio Magalhães
2017-03-31 23:09:03 -03:00
parent 182aab547e
commit 760c14b32c
4 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -267,7 +267,7 @@ provided in the e-mail and their account becomes confirmed, they will automatica
**How it works:** The user goes to the password recovery page. They then enter their primary ID two times and press recover. **How it works:** The user goes to the password recovery page. They then enter their primary ID two times and press recover.
An e-mail is sent to the user that includes a token that expires after some time. The user clicks the link An e-mail is sent to the user that includes a token that expires after some time. The user clicks the link
in the e-mail and is prompted to enter a new password. Once the password they enter passes all policies in the e-mail and is prompted to enter a new password. Once the password they enter passes all policies
their new password is stored, they are logged in and redirected to the RecoverOKPath. their new password is stored, they are redirected to the RecoverOkPath and logged in if AllowLoginAfterResetPassword is set to true.
## <a name="remember"></a> Remember Me (persistent login) ## <a name="remember"></a> Remember Me (persistent login)
**Requirements:** **Requirements:**

3
config.go
View File

@ -26,6 +26,9 @@ type Config struct {
// authboss.StoreEmail, authboss.StoreUsername (StoreEmail is default) // authboss.StoreEmail, authboss.StoreUsername (StoreEmail is default)
PrimaryID string PrimaryID string
// Allow the user to be automatically signed in after reset his password
AllowLoginAfterResetPassword bool
// Layout that all authboss views will be inserted into. // Layout that all authboss views will be inserted into.
Layout *template.Template Layout *template.Template
// LayoutHTMLEmail is for emails going out in HTML form, authbosses e-mail templates // LayoutHTMLEmail is for emails going out in HTML form, authbosses e-mail templates

2
recover/recover.go
View File

@ -276,7 +276,9 @@ func (r *Recover) completeHandlerFunc(ctx *authboss.Context, w http.ResponseWrit
return err return err
} }
if r.Authboss.AllowLoginAfterResetPassword {
ctx.SessionStorer.Put(authboss.SessionKey, primaryID) ctx.SessionStorer.Put(authboss.SessionKey, primaryID)
}
response.Redirect(ctx, w, req, r.AuthLoginOKPath, "", "", true) response.Redirect(ctx, w, req, r.AuthLoginOKPath, "", "", true)
default: default:
w.WriteHeader(http.StatusMethodNotAllowed) w.WriteHeader(http.StatusMethodNotAllowed)

6
recover/recover_test.go
View File

@ -430,6 +430,8 @@ func TestRecover_completeHandlerFunc_POST(t *testing.T) {
return nil return nil
}) })
rec.Authboss.AllowLoginAfterResetPassword = false
ctx, w, r, sessionStorer := testRequest(rec.Authboss, "POST", "token", testURLBase64Token, authboss.StorePassword, "abcd", "confirm_"+authboss.StorePassword, "abcd") ctx, w, r, sessionStorer := testRequest(rec.Authboss, "POST", "token", testURLBase64Token, authboss.StorePassword, "abcd", "confirm_"+authboss.StorePassword, "abcd")
if err := rec.completeHandlerFunc(ctx, w, r); err != nil { if err := rec.completeHandlerFunc(ctx, w, r); err != nil {
@ -455,8 +457,8 @@ func TestRecover_completeHandlerFunc_POST(t *testing.T) {
t.Error("Expected EventPasswordReset callback to have been fired") t.Error("Expected EventPasswordReset callback to have been fired")
} }
if val, ok := sessionStorer.Get(authboss.SessionKey); !ok || val != "john" { if _, ok := sessionStorer.Get(authboss.SessionKey); ok {
t.Error("Expected SessionKey to be:", "john") t.Error("Should not have logged the user in since AllowInsecureLoginAfterConfirm is false.")
} }
if w.Code != http.StatusFound { if w.Code != http.StatusFound {