search

solidusio / solidus_auth_devise

🔑 Devise authentication for your Solidus store.
http://solidus.io
BSD 3-Clause "New" or "Revised" License
52 stars 124 forks source link

The update action of the password controller from devise makes my app go into a loop. #78

Closed shcyiza closed 4 years ago

shcyiza commented 7 years ago

In my app https://github.com/shcyiza/tozakitoko When I was testing out the password recovery i felt upon this problem. The process is smooth, until i got to the password edit page. When i submit a new password the app gets to the update action. The action actually update my password, log me in en then it tries to go back to the edit page and it starts looping like u can see in this sample of my server below.

Redirected to http://localhost:3000/user/spree_user/password/edit?reset_password_token=CRQYbC5B8TyLPifHX9za
Completed 302 Found in 101ms (ActiveRecord: 6.6ms)

Started GET "/user/spree_user/password/edit?reset_password_token=[FILTERED]" for 127.0.0.1 at 2017-01-14 21:44:47 +0100
Processing by Spree::UserPasswordsController#edit as HTML
  Parameters: {"reset_password_token"=>"[FILTERED]"}
  Spree::User Load (0.5ms)  SELECT  "spree_users".* FROM "spree_users" WHERE "spree_users"."deleted_at" IS NULL AND "spree_users"."id" = $1  ORDER BY "spree_users"."id" ASC LIMIT 1  [["id", 9]]
default_url_options is passed options: {}

Redirected to http://localhost:3000/user/spree_user/password/edit?
from there it just load this page again and again and again...

I fixed it with by overriding the update action from your extension like this:

Spree::UserPasswordsController.class_eval do

   def update
      if params[:spree_user][:password].blank?
        super
      else
        self.resource = resource_class.reset_password_by_token(resource_params)
        yield resource if block_given?
        if resource.errors.empty?
          resource.unlock_access! if unlockable?(resource)
          if Devise.sign_in_after_reset_password
            flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
            set_flash_message!(:notice, flash_message)
            sign_in(resource_name, resource)
          else
              redirect_to :back
              set_flash_message!(:notice, :updated_not_active)
          end
          respond_with resource, location: root_path(resource)
        else
          set_minimum_password_length
          respond_with resource
        end
      end
    end

  end

Sinds i don't have this issue with other app using devise, i think this controller might not be adapted to some update of devise. You guys should check that out and if the problem comes from my app please let me know.

KR

kennyadsl commented 4 years ago

Sorry for the long wait. I cannot reproduce this issue now so I guess it's fixed.