1
0
mirror of https://github.com/volatiletech/authboss.git synced 2024-11-28 08:58:38 +02:00

Merge remote-tracking branch 'kaio/feature/customize_signin_after_recover'

This commit is contained in:
Aaron 2017-04-03 07:26:55 -07:00
commit be948e61d1
4 changed files with 11 additions and 4 deletions

View File

@ -270,7 +270,8 @@ logged in. The default for this property is set to false.
**How it works:** The user goes to the password recovery page. They then enter their primary ID two times and press recover.
An e-mail is sent to the user that includes a token that expires after some time. The user clicks the link
in the e-mail and is prompted to enter a new password. Once the password they enter passes all policies
their new password is stored, they are logged in and redirected to the RecoverOKPath.
their new password is stored, they are redirected to the RecoverOkPath. If the AllowLoginAfterResetPassword property is set
to true, the user will also be automatically logged in. The default for this property is set to false.
## <a name="remember"></a> Remember Me (persistent login)
**Requirements:**

View File

@ -28,6 +28,8 @@ type Config struct {
// Allow the user to be automatically signed in after confirm his account
AllowInsecureLoginAfterConfirm bool
// Allow the user to be automatically signed in after reset his password
AllowLoginAfterResetPassword bool
// Layout that all authboss views will be inserted into.
Layout *template.Template

View File

@ -276,7 +276,9 @@ func (r *Recover) completeHandlerFunc(ctx *authboss.Context, w http.ResponseWrit
return err
}
ctx.SessionStorer.Put(authboss.SessionKey, primaryID)
if r.Authboss.AllowLoginAfterResetPassword {
ctx.SessionStorer.Put(authboss.SessionKey, primaryID)
}
response.Redirect(ctx, w, req, r.AuthLoginOKPath, "", "", true)
default:
w.WriteHeader(http.StatusMethodNotAllowed)

View File

@ -430,6 +430,8 @@ func TestRecover_completeHandlerFunc_POST(t *testing.T) {
return nil
})
rec.Authboss.AllowLoginAfterResetPassword = false
ctx, w, r, sessionStorer := testRequest(rec.Authboss, "POST", "token", testURLBase64Token, authboss.StorePassword, "abcd", "confirm_"+authboss.StorePassword, "abcd")
if err := rec.completeHandlerFunc(ctx, w, r); err != nil {
@ -455,8 +457,8 @@ func TestRecover_completeHandlerFunc_POST(t *testing.T) {
t.Error("Expected EventPasswordReset callback to have been fired")
}
if val, ok := sessionStorer.Get(authboss.SessionKey); !ok || val != "john" {
t.Error("Expected SessionKey to be:", "john")
if _, ok := sessionStorer.Get(authboss.SessionKey); ok {
t.Error("Should not have logged the user in since AllowInsecureLoginAfterConfirm is false.")
}
if w.Code != http.StatusFound {