diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb index f2dad9b21..f41b63dce 100644 --- a/app/controllers/auth/passwords_controller.rb +++ b/app/controllers/auth/passwords_controller.rb @@ -27,8 +27,32 @@ class Auth::PasswordsController < Devise::PasswordsController render "devise/passwords/reset_password" end + def update + self.resource = resource_class.reset_password_by_token(resource_params) + yield resource if block_given? + + if resource.errors.empty? + resource.unlock_access! if unlockable?(resource) + if Devise.sign_in_after_reset_password + set_flash_message!(:notice, password_update_flash_message) + resource.after_database_authentication + sign_in(resource_name, resource) + else + set_flash_message!(:notice, :updated_not_active) + end + respond_with resource, location: after_resetting_password_path_for(resource) + else + set_minimum_password_length + respond_with resource + end + end + protected + def password_update_flash_message + resource_class == AdminUser ? :updated_2FA : :updated + end + def resource_class_name resource_class.name.underscore end diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml index d84886a71..2d90c1cd0 100644 --- a/config/locales/devise.en.yml +++ b/config/locales/devise.en.yml @@ -35,6 +35,7 @@ en: send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." updated: "Your password has been changed successfully. You are now signed in." + updated_2FA: "Your password has been changed successfully. Your security code has been sent." updated_not_active: "Your password has been changed successfully." registrations: destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon."