login: when resetting a password, if user has 2fa, make them login again - merged with i18n

2017-05-23 12:42:48 +02:00 · 2017-05-23 12:42:48 +02:00 · 24909604b5
parent 722189b6ac
commit 24909604b5
3 changed files with 15 additions and 5 deletions
--- a/app/controllers/login_controller.rb
+++ b/app/controllers/login_controller.rb
@ -159,15 +159,19 @@ class LoginController < ApplicationController
        end

        if @reset_user.save && @reset_user.is_active?
-          session[:u] = @reset_user.session_token
-          return redirect_to "/"
+          if @reset_user.has_2fa?
+            flash[:success] = t('.passwordreset')
+            return redirect_to "/login"
+          else
+            session[:u] = @reset_user.session_token
+            return redirect_to "/"
+          end
        else
-          flash[:error] = "Could not reset password."
+          flash[:error] = t('.couldnotresetpassword')
        end
      end
    else
-      flash[:error] = "Invalid reset token.  It may have already been " <<
-        "used or you may have copied it incorrectly."
+      flash[:error] = t(.invalidresettoken')
      return redirect_to forgot_password_path
    end
  end
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -210,6 +210,9 @@ en:
      password: "New Password:"
      again: "(Again):"
      setpassbutton: "Set New Password"
+      passwordreset: "Your password has been reset."
+      couldnotresetpassword: "Could not reset password."
+      invalidresettoken: "Invalid reset token. It may have already been used or you may have copied it incorrectly."
    twofa:
      login2fa: "Login - Two Factor Authentication"
      logintotpcode: "Enter the current TOTP code from your TOTP application:"
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@ -210,6 +210,9 @@ fr:
      password: "Mot de passe :"
      again: "(encore):"
      setpassbutton: "Changer le mot de passe"
+      passwordreset: "Votre mot de passe a été changé"
+      couldnotresetpassword: "Le mot de passe n'a pas pu être changé."
+      invalidresettoken: "Jeton de changement invalide. Il a pu déjà être utilisé ou mal copié."
    twofa:
      login2fa: "Identification par authentification à deux facteurs"
      logintotpcode: "Entrez le code TOTP affiché par votre application :"