1
0
mirror of https://github.com/volatiletech/authboss.git synced 2024-11-24 08:42:17 +02:00

allow to customize if the user is going to be signed in after recover

This commit is contained in:
Kaio Magalhães 2017-03-31 23:09:03 -03:00
parent 182aab547e
commit 760c14b32c
4 changed files with 11 additions and 4 deletions

View File

@ -267,7 +267,7 @@ provided in the e-mail and their account becomes confirmed, they will automatica
**How it works:** The user goes to the password recovery page. They then enter their primary ID two times and press recover.
An e-mail is sent to the user that includes a token that expires after some time. The user clicks the link
in the e-mail and is prompted to enter a new password. Once the password they enter passes all policies
their new password is stored, they are logged in and redirected to the RecoverOKPath.
their new password is stored, they are redirected to the RecoverOkPath and logged in if AllowLoginAfterResetPassword is set to true.
## <a name="remember"></a> Remember Me (persistent login)
**Requirements:**

View File

@ -26,6 +26,9 @@ type Config struct {
// authboss.StoreEmail, authboss.StoreUsername (StoreEmail is default)
PrimaryID string
// Allow the user to be automatically signed in after reset his password
AllowLoginAfterResetPassword bool
// Layout that all authboss views will be inserted into.
Layout *template.Template
// LayoutHTMLEmail is for emails going out in HTML form, authbosses e-mail templates

View File

@ -276,7 +276,9 @@ func (r *Recover) completeHandlerFunc(ctx *authboss.Context, w http.ResponseWrit
return err
}
if r.Authboss.AllowLoginAfterResetPassword {
ctx.SessionStorer.Put(authboss.SessionKey, primaryID)
}
response.Redirect(ctx, w, req, r.AuthLoginOKPath, "", "", true)
default:
w.WriteHeader(http.StatusMethodNotAllowed)

View File

@ -430,6 +430,8 @@ func TestRecover_completeHandlerFunc_POST(t *testing.T) {
return nil
})
rec.Authboss.AllowLoginAfterResetPassword = false
ctx, w, r, sessionStorer := testRequest(rec.Authboss, "POST", "token", testURLBase64Token, authboss.StorePassword, "abcd", "confirm_"+authboss.StorePassword, "abcd")
if err := rec.completeHandlerFunc(ctx, w, r); err != nil {
@ -455,8 +457,8 @@ func TestRecover_completeHandlerFunc_POST(t *testing.T) {
t.Error("Expected EventPasswordReset callback to have been fired")
}
if val, ok := sessionStorer.Get(authboss.SessionKey); !ok || val != "john" {
t.Error("Expected SessionKey to be:", "john")
if _, ok := sessionStorer.Get(authboss.SessionKey); ok {
t.Error("Should not have logged the user in since AllowInsecureLoginAfterConfirm is false.")
}
if w.Code != http.StatusFound {