github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: You can reset your password even if logins are required.

Browse Source
This commit is contained in:
Robin Ward
2013-07-15 12:12:54 -04:00
parent 08723f00c6
commit 0e504aac9b
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/controllers/users_controller.rb
View File

@ -12,7 +12,13 @@ class UsersController < ApplicationController
# page is going to be empty, this means that server will see an invalid CSRF and blow the session # page is going to be empty, this means that server will see an invalid CSRF and blow the session
# once that happens you can't log in with social # once that happens you can't log in with social
skip_before_filter :verify_authenticity_token, only: [:create] skip_before_filter :verify_authenticity_token, only: [:create]
skip_before_filter :redirect_to_login_if_required, only: [:check_username,:create,:get_honeypot_value,:activate_account,:send_activation_email,:authorize_email] skip_before_filter :redirect_to_login_if_required, only: [:check_username,
:create,
:get_honeypot_value,
:activate_account,
:send_activation_email,
:authorize_email,
:password_reset]
def show def show
@user = fetch_user_from_params @user = fetch_user_from_params

11
spec/controllers/users_controller_spec.rb
View File

@ -216,6 +216,17 @@ describe UsersController do
describe '.password_reset' do describe '.password_reset' do
let(:user) { Fabricate(:user) } let(:user) { Fabricate(:user) }
context "you can view it even if login is required" do
before do
SiteSetting.stubs(:login_required).returns(true)
get :password_reset, token: 'asdfasdf'
end
it "returns success" do
response.should be_success
end
end
context 'invalid token' do context 'invalid token' do
before do before do
EmailToken.expects(:confirm).with('asdfasdf').returns(nil) EmailToken.expects(:confirm).with('asdfasdf').returns(nil)