From c639a3f733b2c8d4d70a8dfe4c5bf889e11e5cfe Mon Sep 17 00:00:00 2001 From: DocuSeal Date: Sat, 21 Oct 2023 17:44:04 +0300 Subject: [PATCH] do not sign in after reset password if 2fa https://github.com/devise-two-factor/devise-two-factor#disabling-automatic-login-after-password-resets thanks Greg Molnar --- app/controllers/passwords_controller.rb | 13 +++++++++++++ app/models/user.rb | 8 ++++++++ config/routes.rb | 2 +- 3 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 app/controllers/passwords_controller.rb diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb new file mode 100644 index 00000000..da67abc6 --- /dev/null +++ b/app/controllers/passwords_controller.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class PasswordsController < Devise::PasswordsController + class Current < ActiveSupport::CurrentAttributes + attribute :user + end + + def update + super do |resource| + Current.user = resource + end + end +end diff --git a/app/models/user.rb b/app/models/user.rb index 2968c58b..23a6239c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -76,6 +76,14 @@ class User < ApplicationRecord true end + def self.sign_in_after_reset_password + if PasswordsController::Current.user.present? + !PasswordsController::Current.user.otp_required_for_login + else + true + end + end + def initials [first_name&.first, last_name&.first].compact_blank.join.upcase end diff --git a/config/routes.rb b/config/routes.rb index cc0ece90..7ca4e82b 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -9,7 +9,7 @@ Rails.application.routes.draw do devise_for :users, path: '/', only: %i[sessions passwords omniauth_callbacks], controllers: begin - options = { sessions: 'sessions' } + options = { sessions: 'sessions', passwords: 'passwords' } options[:omniauth_callbacks] = 'omniauth_callbacks' if Docuseal.multitenant? options end