mirror of
https://github.com/volatiletech/authboss.git
synced 2024-11-24 08:42:17 +02:00
allow to customize if the user is going to be signed in after recover
This commit is contained in:
parent
182aab547e
commit
760c14b32c
@ -267,7 +267,7 @@ provided in the e-mail and their account becomes confirmed, they will automatica
|
||||
**How it works:** The user goes to the password recovery page. They then enter their primary ID two times and press recover.
|
||||
An e-mail is sent to the user that includes a token that expires after some time. The user clicks the link
|
||||
in the e-mail and is prompted to enter a new password. Once the password they enter passes all policies
|
||||
their new password is stored, they are logged in and redirected to the RecoverOKPath.
|
||||
their new password is stored, they are redirected to the RecoverOkPath and logged in if AllowLoginAfterResetPassword is set to true.
|
||||
|
||||
## <a name="remember"></a> Remember Me (persistent login)
|
||||
**Requirements:**
|
||||
|
@ -26,6 +26,9 @@ type Config struct {
|
||||
// authboss.StoreEmail, authboss.StoreUsername (StoreEmail is default)
|
||||
PrimaryID string
|
||||
|
||||
// Allow the user to be automatically signed in after reset his password
|
||||
AllowLoginAfterResetPassword bool
|
||||
|
||||
// Layout that all authboss views will be inserted into.
|
||||
Layout *template.Template
|
||||
// LayoutHTMLEmail is for emails going out in HTML form, authbosses e-mail templates
|
||||
|
@ -276,7 +276,9 @@ func (r *Recover) completeHandlerFunc(ctx *authboss.Context, w http.ResponseWrit
|
||||
return err
|
||||
}
|
||||
|
||||
if r.Authboss.AllowLoginAfterResetPassword {
|
||||
ctx.SessionStorer.Put(authboss.SessionKey, primaryID)
|
||||
}
|
||||
response.Redirect(ctx, w, req, r.AuthLoginOKPath, "", "", true)
|
||||
default:
|
||||
w.WriteHeader(http.StatusMethodNotAllowed)
|
||||
|
@ -430,6 +430,8 @@ func TestRecover_completeHandlerFunc_POST(t *testing.T) {
|
||||
return nil
|
||||
})
|
||||
|
||||
rec.Authboss.AllowLoginAfterResetPassword = false
|
||||
|
||||
ctx, w, r, sessionStorer := testRequest(rec.Authboss, "POST", "token", testURLBase64Token, authboss.StorePassword, "abcd", "confirm_"+authboss.StorePassword, "abcd")
|
||||
|
||||
if err := rec.completeHandlerFunc(ctx, w, r); err != nil {
|
||||
@ -455,8 +457,8 @@ func TestRecover_completeHandlerFunc_POST(t *testing.T) {
|
||||
t.Error("Expected EventPasswordReset callback to have been fired")
|
||||
}
|
||||
|
||||
if val, ok := sessionStorer.Get(authboss.SessionKey); !ok || val != "john" {
|
||||
t.Error("Expected SessionKey to be:", "john")
|
||||
if _, ok := sessionStorer.Get(authboss.SessionKey); ok {
|
||||
t.Error("Should not have logged the user in since AllowInsecureLoginAfterConfirm is false.")
|
||||
}
|
||||
|
||||
if w.Code != http.StatusFound {
|
||||
|
Loading…
Reference in New Issue
Block a user