Module: Devise::SecurePassword::Controllers::ActiveHelpers

Extended by:

ActiveSupport::Concern

Defined in:

lib/devise/secure_password/controllers/active_helpers.rb

Instance Method Summary

• #error_string_for_password_expired ⇒ Object
• #pending_password_expired_redirect! ⇒ Object

  Redirect to password change page if password needs to be changed.

• #redirected_in_session? ⇒ Boolean
• #skip_current_controller? ⇒ Boolean

  Prevent infinite loops and allow specified controllers to bypass.

Instance Method Details

#error_string_for_password_expired ⇒ Object

# File 'lib/devise/secure_password/controllers/active_helpers.rb', line 35

def error_string_for_password_expired
  return 'password expired' unless warden.user.class.respond_to?(:password_maximum_age)
  I18n.t(
    'secure_password.password_requires_regular_updates.errors.messages.password_expired',
    timeframe: distance_of_time_in_words(warden.user.class.password_maximum_age)
  )
end

#pending_password_expired_redirect! ⇒ Object

Redirect to password change page if password needs to be changed.

# File 'lib/devise/secure_password/controllers/active_helpers.rb', line 12

def pending_password_expired_redirect!
  return unless skip_current_controller? && redirected_in_session? && warden.session && warden.session['secure_password_expired']
  redirect_to edit_user_password_with_policy_url, alert: "#{error_string_for_password_expired}."
end

#redirected_in_session? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise/secure_password/controllers/active_helpers.rb', line 17

def redirected_in_session?
  warden.authenticated? && warden.session['secure_password_last_controller'] == 'Devise::SessionsController'
end

#skip_current_controller? ⇒ Boolean

Prevent infinite loops and allow specified controllers to bypass. @NOTE: The ability to extend this list may be made public, in the future if that functionality is needed.

Returns:

• (Boolean)

# File 'lib/devise/secure_password/controllers/active_helpers.rb', line 24

def skip_current_controller?
  exclusion_list = [
    'Devise::SessionsController',
    'Devise::PasswordsWithPolicyController#edit',
    'Devise::PasswordsWithPolicyController#update',
    'DeviseInvitable::RegistrationsController#edit',
    'DeviseInvitable::RegistrationsController#update'
  ]
  !(exclusion_list.include?("#{self.class.name}#" + action_name) || (exclusion_list & self.class.ancestors.map(&:to_s)).any?)
end