Devise: Method #after_database_authentication not called after reset_password

Created on 13 Apr 2018 · 4Comments · Source: heartcombo/devise

Precheck

Callback #after_database_authentication is not called after reset_password but user is authenticated and in DB sign_in_count is 1.

Environment

Ruby 2.4.2
Rails 5.1.4
Devise 4.3.0

Current behavior

Invite user with reset password link;
Follow that link;
User is logged in and password updated.
after_database_authentication callback is not triggered.

Expected behavior

Invite user with reset password link;
Follow that link;
User is logged in and password updated.
after_database_authentication callback should be triggered.

Bug PR attached

Source

bgr11n

👍1

Most helpful comment

@bgr11n thanks for reporting this!

It's a bug, indeed. We call this callback from the database authenticable's strategy here: https://github.com/plataformatec/devise/blob/master/lib/devise/strategies/database_authenticatable.rb#L15. This strategy is called on a sign-in when we call #authenticate! on the Warden's instance here: https://github.com/plataformatec/devise/blob/master/app/controllers/devise/sessions_controller.rb#L19.
But when the user's password is updated, we call the sign_in helper, which calls Warden's #set_user directly - without invoking the strategy and consequently, not invoking the callback.

I'm happy to accept a pull request for this, it should be straightforward to do it. If you wanna tackle this, feel free to do it. Otherwise I might keep it open for newcomers.

tegon on 28 May 2018

👍4

All 4 comments

Alex1sz on 13 Apr 2018

@bgr11n thanks for reporting this!

I'm happy to accept a pull request for this, it should be straightforward to do it. If you wanna tackle this, feel free to do it. Otherwise I might keep it open for newcomers.

tegon on 28 May 2018

👍4

@tegon Is anyone working this, or can I, please?