diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2024-01-12 00:06:23 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2024-01-12 00:06:23 +0300 |
commit | 80ee6d2ebe94475331dfffb58328917c9f7ab3ce (patch) | |
tree | 793cc9439b2a4360de5d69f5ade86bd9bf0e8df1 /app/models | |
parent | 21cd462600ba30f04e0646ad5afbdbe837df7148 (diff) | |
parent | cee9d94266bfa79a5c4f14849b7e3a44d8529a9b (diff) |
Merge remote-tracking branch 'dev/16-2-stable' into 16-2-stable16-2-stable
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/concerns/recoverable_by_any_email.rb | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/app/models/concerns/recoverable_by_any_email.rb b/app/models/concerns/recoverable_by_any_email.rb index c946e7e78c6..7bd908597c9 100644 --- a/app/models/concerns/recoverable_by_any_email.rb +++ b/app/models/concerns/recoverable_by_any_email.rb @@ -1,37 +1,34 @@ # frozen_string_literal: true -# Concern that overrides the Devise methods -# to send reset password instructions to any verified user email +# Concern that overrides the Devise methods to allow reset password instructions +# to be sent to any users' confirmed secondary emails. +# See https://github.com/heartcombo/devise/blob/main/lib/devise/models/recoverable.rb module RecoverableByAnyEmail extend ActiveSupport::Concern class_methods do def send_reset_password_instructions(attributes = {}) - email = attributes.delete(:email) - super unless email + return super unless attributes[:email] - recoverable = by_email_with_errors(email) - recoverable.send_reset_password_instructions(to: email) if recoverable&.persisted? - recoverable - end + email = Email.confirmed.find_by(email: attributes[:email].to_s) + return super unless email - private + recoverable = email.user - def by_email_with_errors(email) - record = find_by_any_email(email, confirmed: true) || new - record.errors.add(:email, :invalid) unless record.persisted? - record + recoverable.send_reset_password_instructions(to: email.email) + recoverable end end def send_reset_password_instructions(opts = {}) token = set_reset_password_token + send_reset_password_instructions_notification(token, opts) token end - private + protected def send_reset_password_instructions_notification(token, opts = {}) send_devise_notification(:reset_password_instructions, token, opts) |