Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to unlock user with link from unlock e-mail #3559

Closed
alisnic opened this issue Apr 16, 2015 · 2 comments
Closed

Unable to unlock user with link from unlock e-mail #3559

alisnic opened this issue Apr 16, 2015 · 2 comments

Comments

@alisnic
Copy link

alisnic commented Apr 16, 2015

When user receives an e-mail with unlock link, clicking on it renders the unlock page with error "Unlock Token is invalid". Below is the smallest spec that I was able to make to reproduce the issue:

require "spec_helper"

describe Users::UnlocksController do
  before { request.env["devise.mapping"] = Devise.mappings[:user] }

  it "GET #show unlocks user if token is valid" do
    user = FactoryGirl.create :user
    user.lock_access!
    email_token = Devise::Mailer.deliveries.last.body.match(/unlock_token=([^"]+)/)[1]

    get :show, unlock_token: email_token

    user.reload.access_locked?.should == false
  end
end
1) Users::UnlocksController GET #show unlocks user if token is valid
     Failure/Error: user.reload.access_locked?.should == false
       expected: false
            got: true (using ==)
     # ./spec/controllers/users/unlocks_controller_spec.rb:13:in `block (2 levels) in <top (required)>'

Devise config:

Devise.setup do |config|
  config.ldap_create_user = true

  require 'devise/orm/active_record'
  config.mailer_sender         = Settings.devise.mailer_sender
  config.secret_key            = Settings.devise.secret_key
  config.case_insensitive_keys = [:email]
  config.strip_whitespace_keys = [:email]
  config.skip_session_storage  = [:http_auth]
  config.stretches             = Rails.env.test? ? 1 : 10
  config.reconfirmable         = true
  config.password_length       = 8..128
  config.reset_password_within = 6.hours
  config.scoped_views          = true
  config.sign_out_via          = :delete
  config.sign_out_all_scopes   = false
  config.paranoid              = true

  # Lockable
  config.lock_strategy         = :failed_attempts
  config.unlock_strategy       = :both
  config.maximum_attempts      = 3
  config.unlock_in             = 3.hours
end

I willing to bet that I am doing something wrong, but I am unable to understand what exactly. The devise source has no obvious omissions and the tests seem legit. Any ideas? Thanks in advance for your time and attention.

Using devise 3.4.1
@josevalim
Copy link
Contributor

Please use the mailing list or StackOverflow for questions/help, where a wider community will be able to help you. We reserve the issues tracker for issues only.

@josevalim josevalim reopened this Apr 19, 2015
@alisnic
Copy link
Author

alisnic commented Apr 21, 2015

The problem was an overriden e-mail template from an old version of devise, here's the diff that fixes the problem:

-%p= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token)
+%p= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token)

@tomoyuki28jp tomoyuki28jp mentioned this issue May 17, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@josevalim @alisnic