mirror of
https://github.com/volatiletech/authboss.git
synced 2024-11-28 08:58:38 +02:00
Merge remote-tracking branch 'kaio/feature/customize_signin_after_recover'
This commit is contained in:
commit
be948e61d1
@ -270,7 +270,8 @@ logged in. The default for this property is set to false.
|
||||
**How it works:** The user goes to the password recovery page. They then enter their primary ID two times and press recover.
|
||||
An e-mail is sent to the user that includes a token that expires after some time. The user clicks the link
|
||||
in the e-mail and is prompted to enter a new password. Once the password they enter passes all policies
|
||||
their new password is stored, they are logged in and redirected to the RecoverOKPath.
|
||||
their new password is stored, they are redirected to the RecoverOkPath. If the AllowLoginAfterResetPassword property is set
|
||||
to true, the user will also be automatically logged in. The default for this property is set to false.
|
||||
|
||||
## <a name="remember"></a> Remember Me (persistent login)
|
||||
**Requirements:**
|
||||
|
@ -28,6 +28,8 @@ type Config struct {
|
||||
|
||||
// Allow the user to be automatically signed in after confirm his account
|
||||
AllowInsecureLoginAfterConfirm bool
|
||||
// Allow the user to be automatically signed in after reset his password
|
||||
AllowLoginAfterResetPassword bool
|
||||
|
||||
// Layout that all authboss views will be inserted into.
|
||||
Layout *template.Template
|
||||
|
@ -276,7 +276,9 @@ func (r *Recover) completeHandlerFunc(ctx *authboss.Context, w http.ResponseWrit
|
||||
return err
|
||||
}
|
||||
|
||||
ctx.SessionStorer.Put(authboss.SessionKey, primaryID)
|
||||
if r.Authboss.AllowLoginAfterResetPassword {
|
||||
ctx.SessionStorer.Put(authboss.SessionKey, primaryID)
|
||||
}
|
||||
response.Redirect(ctx, w, req, r.AuthLoginOKPath, "", "", true)
|
||||
default:
|
||||
w.WriteHeader(http.StatusMethodNotAllowed)
|
||||
|
@ -430,6 +430,8 @@ func TestRecover_completeHandlerFunc_POST(t *testing.T) {
|
||||
return nil
|
||||
})
|
||||
|
||||
rec.Authboss.AllowLoginAfterResetPassword = false
|
||||
|
||||
ctx, w, r, sessionStorer := testRequest(rec.Authboss, "POST", "token", testURLBase64Token, authboss.StorePassword, "abcd", "confirm_"+authboss.StorePassword, "abcd")
|
||||
|
||||
if err := rec.completeHandlerFunc(ctx, w, r); err != nil {
|
||||
@ -455,8 +457,8 @@ func TestRecover_completeHandlerFunc_POST(t *testing.T) {
|
||||
t.Error("Expected EventPasswordReset callback to have been fired")
|
||||
}
|
||||
|
||||
if val, ok := sessionStorer.Get(authboss.SessionKey); !ok || val != "john" {
|
||||
t.Error("Expected SessionKey to be:", "john")
|
||||
if _, ok := sessionStorer.Get(authboss.SessionKey); ok {
|
||||
t.Error("Should not have logged the user in since AllowInsecureLoginAfterConfirm is false.")
|
||||
}
|
||||
|
||||
if w.Code != http.StatusFound {
|
||||
|
Loading…
Reference in New Issue
Block a user