has_editable_password 0.2.1 → 0.2.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +8 -8
  2. data/lib/has_editable_password.rb +6 -1
  3. data/lib/version.rb +1 -1
  4. data/spec/has_editable_password_spec.rb +14 -0
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,15 +1,15 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
3
  metadata.gz: !binary |-
4
- ZjYyMDNiNzRhNWQ2MjI0NGI3YWU1MGEwZWI3ZjZiZTg2MjkxNjFhNQ==
4
+ NDI0NmM3NWFjMTM5YzZiZjMyZTkxYzE5MmYxMWQyZDZkNTk0MzQ5OA==
5
5
  data.tar.gz: !binary |-
6
- NTIzMmE0ODliNzM4YjBhMTc3MjY5ZjI0NjViY2FiNDNkZjg5YTI5Mw==
6
+ YmM2MjZiMjM5NTk1ODIxZDRlYjc2ZmM2NDc1ZmY5MzY3YjcxNjhiNg==
7
7
  SHA512:
8
8
  metadata.gz: !binary |-
9
- Y2Y4ODU1OTUzY2RhOTU1NjJkNzE0NDYzMTU5NmIwNmI2OTUyMjQ3ZjE3M2Q1
10
- M2MzMjIzZWUxOGIyOTU0NmQwNzVhNmNiNmIyMjFlMTJmYzdjOGI2YmUzN2I1
11
- ODg2MDM1YmE3OGE5MDc5MTEyYzM5OTBiZTcyOWQ3YmQ0ZmMwMmE=
9
+ NmEyNjhiMGI5YzU4OGM0OWQyN2ZmMzI1MmMwZDJhYWM4Y2JjYTU5ZDI3NmRk
10
+ ZWRlMzYxYWQ0N2M2YWU1ZWM5MDEzODAzZTQ0NjhlN2E2MDRhNWM3OTM4OTUx
11
+ Y2E4YWQ0ZmZmZTE1NmYzYzczMTg3MGNlMjFkYjE4MGNjYjVhZmM=
12
12
  data.tar.gz: !binary |-
13
- YzNhMzQ5YmQ2MTE5YWZiNGE2MzQzODMwZjEyMzc3YTNkNzg5NDNkZTJhM2Iz
14
- NjBmMDFmNjI2ZjQ0YjczMmMzZWVjZmIyMDkwZjkzMDU4YmY3MjFhZWMzODZk
15
- MzYxZmJmMDI4YzE5NjY4NWQ1ZDdhNjY3MzcxNWYzMTRkMzMwODg=
13
+ YWQwYzNkYWU2NTE2NjY0N2ZkOTUxMzlmMTY1MDMyZTI3MTllNmIyNmQ5MGNj
14
+ NTdhZjBlYTNjZGFkY2Y4YmMxNDM2NzZjMWE5OWUzODk3NWJmYzM1ZjNlMWQ0
15
+ OWViNzliNTg3M2Y4OTMzYTNkNmI5NDE5YjVmM2RlZmUzZGY0MjM=
data/lib/has_editable_password.rb CHANGED
@@ -105,8 +105,13 @@ module HasEditablePassword
105
105
  ##
106
106
  # Validation called on :update when the password_digest is touched.
107
107
  # Sets an error on password unless the current_password or a valid recovery_token is set
108
+ # Also clears the password_recovery_token if it is verified, to preven token reuse.
108
109
  def password_change
109
- errors[:password] << 'Unauthorized to change the password' unless allow_password_change?
110
+ if allow_password_change?
111
+ self.password_recovery_token = ''
112
+ else
113
+ errors[:password] << 'Unauthorized to change the password'
114
+ end
110
115
  end
111
116
 
112
117
  def changing_password
data/lib/version.rb CHANGED
@@ -1 +1 @@
1
- VERSION = '0.2.1'
1
+ VERSION = '0.2.2'
data/spec/has_editable_password_spec.rb CHANGED
@@ -246,6 +246,13 @@ describe HasEditablePassword do
246
246
  user.recovery_token = token
247
247
  expect(user.valid?(:update)).to be_true
248
248
  end
249
+
250
+ it 'clears the stored token after use' do
251
+ user.recovery_token = token
252
+ user.password = 'new_secret'
253
+ user.valid?(:update)
254
+ expect(user.password_recovery_token).to be_empty
255
+ end
249
256
  end
250
257
 
251
258
  context 'an invalid valid token is set' do
@@ -258,6 +265,13 @@ describe HasEditablePassword do
258
265
  user.recovery_token = token
259
266
  expect(user.valid?(:update)).to be_false
260
267
  end
268
+
269
+ it 'does not clear the stored token' do
270
+ user.recovery_token = token
271
+ user.password = 'new_secret'
272
+ user.valid?(:update)
273
+ expect(user.password_recovery_token).to_not be_empty
274
+ end
261
275
  end
262
276
 
263
277
  context 'the current_password is valid' do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: has_editable_password
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Francesco Boffa