Commit 60765993 authored by Benjamin Neff's avatar Benjamin Neff

Enable paranoid mode for devise

fixes #8001

closes #8003
parent 9d5b9818
# 0.7.11.0
## Refactor
* Enable paranoid mode for devise [#8003](https://github.com/diaspora/diaspora/pull/8003)
## Bug fixes
......
......@@ -9,10 +9,6 @@
= AppConfig.settings.pod_name
= form_for(resource, as: resource_name, url: password_path(resource_name), html: {class: "form-horizontal block-form"}, autocomplete: 'off') do |f|
- unless resource.errors.empty?
%legend
%i
= t('devise.passwords.new.no_account') # this is an error message and should not be displayed as a legend
%fieldset
%label#emailLabel.sr-only{for: "user_email"}
= t("devise.passwords.new.email")
......
......@@ -97,7 +97,7 @@ Devise.setup do |config|
# It will change confirmation, password recovery and other workflows
# to behave the same regardless if the e-mail provided was right or wrong.
# Does not affect registerable.
# config.paranoid = true
config.paranoid = true
# By default Devise will store the user in session. You can skip storage for
# particular strategies by setting this option.
......
......@@ -66,7 +66,6 @@ en:
confirm_password: Confirm password
new:
forgot_password: Forgot your password?
no_account: No account with this email exists
reset_password: Reset password
email: Email address
send_password_instructions: Send me reset password instructions
......
......@@ -25,7 +25,7 @@ Feature: Change password
Given I am on forgot password page
When I fill out forgot password form with "forgetful@users.net"
And I submit forgot password form
Then I should see "You will receive an email with instructions"
Then I should see "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
When I follow the "Change my password" link from the last sent email
When I fill out the password reset form with "supersecret" and "supersecret"
And I submit the password reset form
......@@ -49,4 +49,4 @@ Feature: Change password
Given I am on forgot password page
When I fill out forgot password form with "notanemail"
And I submit forgot password form
Then I should see "No account with this email exists"
Then I should see "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
......@@ -27,7 +27,7 @@ Feature: Change password
And I am on forgot password page
When I fill out forgot password form with "forgetful@users.net"
And I submit forgot password form
Then I should see "You will receive an email with instructions"
Then I should see "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
When I follow the "Change my password" link from the last sent email
And I fill out the password reset form with "supersecret" and "supersecret"
And I submit the password reset form
......@@ -52,4 +52,4 @@ Feature: Change password
Given I am on forgot password page
When I fill out forgot password form with "notanemail"
And I submit forgot password form
Then I should see "No account with this email exists"
Then I should see "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
......@@ -13,7 +13,7 @@ describe Devise::PasswordsController, type: :controller do
context "when there is no such user" do
it "succeeds" do
post :create, params: {user: {email: "foo@example.com"}}
expect(response).to be_success
expect(response).to redirect_to(new_user_session_path)
end
it "doesn't send email" do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment