Support lambdas for sign_in_after_reset_password config

excid3 · excid3 · commit 82a3d2327c32 · 2023-11-08T12:36:26.000-06:00
diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb
@@ -36,7 +36,7 @@ def update
 
     if resource.errors.empty?
       resource.unlock_access! if unlockable?(resource)
-      if resource_class.sign_in_after_reset_password
+      if sign_in_after_reset_password?(resource)
         flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
         set_flash_message!(:notice, flash_message)
         resource.after_database_authentication
@@ -52,8 +52,13 @@ def update
   end
 
   protected
+    def sign_in_after_reset_password?(resource)
+      value = resource_class.sign_in_after_reset_password
+      value.respond_to?(:call) ? value.call(resource) : value
+    end
+
     def after_resetting_password_path_for(resource)
-      resource_class.sign_in_after_reset_password ? after_sign_in_path_for(resource) : new_session_path(resource_name)
+      sign_in_after_reset_password?(resource) ? after_sign_in_path_for(resource) : new_session_path(resource_name)
     end
 
     # The path used after sending reset password instructions
diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb
@@ -247,6 +247,29 @@ def reset_password(options = {}, &block)
     end
   end
 
+  test 'sign in user automatically with proc' do
+    swap Devise, sign_in_after_reset_password: ->(resource) { true }  do
+      create_user
+      request_forgot_password
+      reset_password
+
+      assert warden.authenticated?(:user)
+    end
+  end
+
+  test 'does not sign in user automatically with proc' do
+    swap Devise, sign_in_after_reset_password: ->(resource) { false }do
+      create_user
+      request_forgot_password
+      reset_password
+
+      assert_contain 'Your password has been changed successfully.'
+      assert_not_contain 'You are now signed in.'
+      assert_equal new_user_session_path, @request.path
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
   test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do
     [:none, :time].each do |strategy|
       swap Devise, unlock_strategy: strategy do
