From 24909604b58fbc5cb7ba5175af21b3151ca19adc Mon Sep 17 00:00:00 2001 From: Carl Chenet Date: Tue, 23 May 2017 12:42:48 +0200 Subject: [PATCH] login: when resetting a password, if user has 2fa, make them login again - merged with i18n --- app/controllers/login_controller.rb | 14 +++++++++----- config/locales/en.yml | 3 +++ config/locales/fr.yml | 3 +++ 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/app/controllers/login_controller.rb b/app/controllers/login_controller.rb index 468d471..3f23d1a 100644 --- a/app/controllers/login_controller.rb +++ b/app/controllers/login_controller.rb @@ -159,15 +159,19 @@ class LoginController < ApplicationController end if @reset_user.save && @reset_user.is_active? - session[:u] = @reset_user.session_token - return redirect_to "/" + if @reset_user.has_2fa? + flash[:success] = t('.passwordreset') + return redirect_to "/login" + else + session[:u] = @reset_user.session_token + return redirect_to "/" + end else - flash[:error] = "Could not reset password." + flash[:error] = t('.couldnotresetpassword') end end else - flash[:error] = "Invalid reset token. It may have already been " << - "used or you may have copied it incorrectly." + flash[:error] = t(.invalidresettoken') return redirect_to forgot_password_path end end diff --git a/config/locales/en.yml b/config/locales/en.yml index 6b76870..a80f44b 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -210,6 +210,9 @@ en: password: "New Password:" again: "(Again):" setpassbutton: "Set New Password" + passwordreset: "Your password has been reset." + couldnotresetpassword: "Could not reset password." + invalidresettoken: "Invalid reset token. It may have already been used or you may have copied it incorrectly." twofa: login2fa: "Login - Two Factor Authentication" logintotpcode: "Enter the current TOTP code from your TOTP application:" diff --git a/config/locales/fr.yml b/config/locales/fr.yml index 7d9b431..a491e4a 100644 --- a/config/locales/fr.yml +++ b/config/locales/fr.yml @@ -210,6 +210,9 @@ fr: password: "Mot de passe :" again: "(encore):" setpassbutton: "Changer le mot de passe" + passwordreset: "Votre mot de passe a été changé" + couldnotresetpassword: "Le mot de passe n'a pas pu être changé." + invalidresettoken: "Jeton de changement invalide. Il a pu déjà être utilisé ou mal copié." twofa: login2fa: "Identification par authentification à deux facteurs" logintotpcode: "Entrez le code TOTP affiché par votre application :"