diff options
Diffstat (limited to 'app/controllers/concerns/verifies_with_email.rb')
-rw-r--r-- | app/controllers/concerns/verifies_with_email.rb | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/app/controllers/concerns/verifies_with_email.rb b/app/controllers/concerns/verifies_with_email.rb index ac1475597ff..3cada24a81a 100644 --- a/app/controllers/concerns/verifies_with_email.rb +++ b/app/controllers/concerns/verifies_with_email.rb @@ -28,7 +28,7 @@ module VerifiesWithEmail if user.unlock_token # Prompt for the token if it already has been set prompt_for_email_verification(user) - elsif user.access_locked? || !AuthenticationEvent.initial_login_or_known_ip_address?(user, request.ip) + elsif user.access_locked? || !trusted_ip_address?(user) # require email verification if: # - their account has been locked because of too many failed login attempts, or # - they have logged in before, but never from the current ip address @@ -68,7 +68,7 @@ module VerifiesWithEmail # After successful verification and calling sign_in, devise redirects the # user to this path. Override it to show the successful verified page. def after_sign_in_path_for(resource) - if action_name == 'create' && session[:verification_user_id] + if action_name == 'create' && session[:verification_user_id] == resource.id return users_successful_verification_path end @@ -133,6 +133,12 @@ module VerifiesWithEmail sign_in(user) end + def trusted_ip_address?(user) + return true if Feature.disabled?(:check_ip_address_for_email_verification) + + AuthenticationEvent.initial_login_or_known_ip_address?(user, request.ip) + end + def prompt_for_email_verification(user) session[:verification_user_id] = user.id self.resource = user |