Merge remote-tracking branch 'kaio/feature/customize_signin_after_recover'

2024-11-24 08:42:17 +02:00 · 2017-04-03 07:26:55 -07:00 · 2017-04-03 07:26:55 -07:00 · be948e61d1
commit be948e61d1
parent 2d66b332c9 def30d71dd
4 changed files with 11 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -270,7 +270,8 @@ logged in. The default for this property is set to false.
 **How it works:** The user goes to the password recovery page. They then enter their primary ID two times and press recover.
 An e-mail is sent to the user that includes a token that expires after some time. The user clicks the link
 in the e-mail and is prompted to enter a new password. Once the password they enter passes all policies
-their new password is stored, they are logged in and redirected to the RecoverOKPath.
+their new password is stored, they are redirected to the RecoverOkPath. If the AllowLoginAfterResetPassword property is set
+to true, the user will also be automatically logged in. The default for this property is set to false.

 ## <a name="remember"></a> Remember Me (persistent login)
 **Requirements:**
--- a/config.go
+++ b/config.go
@ -28,6 +28,8 @@ type Config struct {

 	// Allow the user to be automatically signed in after confirm his account
 	AllowInsecureLoginAfterConfirm bool
+	// Allow the user to be automatically signed in after reset his password
+	AllowLoginAfterResetPassword bool

 	// Layout that all authboss views will be inserted into.
 	Layout *template.Template
--- a/recover/recover.go
+++ b/recover/recover.go
@ -276,7 +276,9 @@ func (r *Recover) completeHandlerFunc(ctx *authboss.Context, w http.ResponseWrit
 			return err
 		}

-		ctx.SessionStorer.Put(authboss.SessionKey, primaryID)
+		if r.Authboss.AllowLoginAfterResetPassword {
+			ctx.SessionStorer.Put(authboss.SessionKey, primaryID)
+		}
 		response.Redirect(ctx, w, req, r.AuthLoginOKPath, "", "", true)
 	default:
 		w.WriteHeader(http.StatusMethodNotAllowed)
--- a/recover/recover_test.go
+++ b/recover/recover_test.go
@ -430,6 +430,8 @@ func TestRecover_completeHandlerFunc_POST(t *testing.T) {
 		return nil
 	})

+	rec.Authboss.AllowLoginAfterResetPassword = false
+
 	ctx, w, r, sessionStorer := testRequest(rec.Authboss, "POST", "token", testURLBase64Token, authboss.StorePassword, "abcd", "confirm_"+authboss.StorePassword, "abcd")

 	if err := rec.completeHandlerFunc(ctx, w, r); err != nil {
@ -455,8 +457,8 @@ func TestRecover_completeHandlerFunc_POST(t *testing.T) {
 		t.Error("Expected EventPasswordReset callback to have been fired")
 	}

-	if val, ok := sessionStorer.Get(authboss.SessionKey); !ok || val != "john" {
-		t.Error("Expected SessionKey to be:", "john")
+	if _, ok := sessionStorer.Get(authboss.SessionKey); ok {
+		t.Error("Should not have logged the user in since AllowInsecureLoginAfterConfirm is false.")
 	}

 	if w.Code != http.StatusFound {