clear invitation token when password is reset

Sergio Cambra · Sergio Cambra · commit 94d859c7de08 · 2011-02-21T22:24:36.000+01:00
diff --git a/lib/devise_invitable/model.rb b/lib/devise_invitable/model.rb
@@ -77,6 +77,12 @@ def valid_password?(password)
 
       protected
 
+        # Clear invitation token when reset password token is cleared too
+        def clear_reset_password_token
+          self.invitation_token = nil if invited?
+          super
+        end
+
         # Checks if the invitation for the user is within the limit time.
         # We do this by calculating if the difference between today and the
         # invitation sent date does not exceed the invite for time configured.
diff --git a/test/models/invitable_test.rb b/test/models/invitable_test.rb
@@ -118,6 +118,15 @@ def setup
     assert_present user.invitation_token
   end
 
+  test 'should clear invitation token while resetting the password' do
+    user = User.invite!(:email => "valid@email.com")
+    user.send(:generate_reset_password_token!)
+    assert_present user.reset_password_token
+    assert_present user.invitation_token
+    User.reset_password_by_token(:reset_password_token => user.reset_password_token, :password => '123456789', :password_confirmation => '123456789')
+    assert_nil user.reload.invitation_token
+  end
+
   test 'should reset invitation token and send invitation by email' do
     user = new_user
     assert_difference('ActionMailer::Base.deliveries.size') do
diff --git a/test/models_test.rb b/test/models_test.rb
@@ -17,7 +17,7 @@ def assert_include_modules(klass, *modules)
   end
 
   test 'should include Devise modules' do
-    assert_include_modules User, :database_authenticatable, :registerable, :validatable, :confirmable, :invitable
+    assert_include_modules User, :database_authenticatable, :registerable, :validatable, :confirmable, :invitable, :recoverable
   end
 
   test 'should have a default value for invite_for' do
diff --git a/test/rails_app/app/active_record/user.rb b/test/rails_app/app/active_record/user.rb
@@ -1,5 +1,5 @@
 class User < ActiveRecord::Base
-  devise :database_authenticatable, :registerable, :validatable, :confirmable, :invitable
+  devise :database_authenticatable, :registerable, :validatable, :confirmable, :invitable, :recoverable
   
   attr_accessible :email, :username, :password, :password_confirmation
   
diff --git a/test/rails_app/app/mongoid/user.rb b/test/rails_app/app/mongoid/user.rb
@@ -5,7 +5,7 @@ class User
   field :created_at, :type => DateTime
   field :username,   :type => String
   
-  devise :database_authenticatable, :registerable, :validatable, :confirmable, :invitable
+  devise :database_authenticatable, :registerable, :validatable, :confirmable, :invitable, :recoverable
   
   validates :username, :length => { :maximum => 20 }
 end
diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb
@@ -82,7 +82,7 @@
 
   # If true, uses the password salt as remember token. This should be turned
   # to false if you are not using database authenticatable.
-  config.use_salt_as_remember_token = true
+  config.use_salt_as_remember_token = false
 
   # ==> Configuration for :validatable
   # Range for password length. Default is 6..20.
diff --git a/test/rails_app/db/migrate/20100401102949_create_tables.rb b/test/rails_app/db/migrate/20100401102949_create_tables.rb
@@ -5,7 +5,7 @@ def self.up
       t.string :username
       t.confirmable
       t.invitable
-      t.encryptable
+      t.recoverable
       
       t.timestamps
     end
