Try just explicitly doing the unlock on password reset

4 months ago · 1d39159bff
2 changed files with 2 additions and 2 deletions
--- a/app/controllers/auth/passwords_controller.rb
+++ b/app/controllers/auth/passwords_controller.rb
@ -35,7 +35,7 @@ class Auth::PasswordsController < Devise::PasswordsController
    yield resource if block_given?

    if resource.errors.empty?
-      resource.unlock_access! if unlockable?(resource)
+      resource.unlock_access! if resource.respond_to?(:unlock_access!)
      if Devise.sign_in_after_reset_password
        set_flash_message!(:notice, password_update_flash_message)
        resource.after_database_authentication
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -205,7 +205,7 @@ Devise.setup do |config|
  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
  # :both  = Enables both strategies
  # :none  = No unlock strategy. You should handle unlocking by yourself.
-  config.unlock_strategy = :both
+  config.unlock_strategy = :time

  # Number of authentication tries before locking an account if lock_strategy
  # is failed attempts.