Add 'reset_password_attempt_expired?' instance method to check if tim…

…e between emails has not passed since last email
NoamB · Aug 10, 2016 · 86b4952 · 86b4952
1 parent 5344880
commit 86b4952
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -96,6 +96,7 @@ User.load_from_reset_password_token(token)
 @user.generate_reset_password_token! # if you want to send the email by youself
 @user.deliver_reset_password_instructions! # generates the token and sends the email
 @user.change_password!(new_password)
+@user.reset_password_attempt_expired? # check if time between emails has not passed since last email
 ```
 
 ### user activation

diff --git a/lib/sorcery/model/submodules/reset_password.rb b/lib/sorcery/model/submodules/reset_password.rb
@@ -98,7 +98,8 @@ def deliver_reset_password_instructions!
             mail = false
             config = sorcery_config
             # hammering protection
-            return false if config.reset_password_time_between_emails.present? && self.send(config.reset_password_email_sent_at_attribute_name) && self.send(config.reset_password_email_sent_at_attribute_name) > config.reset_password_time_between_emails.seconds.ago.utc
+            return false if reset_password_attempt_expired?
+
             self.class.sorcery_adapter.transaction do
               generate_reset_password_token!
               mail = send_reset_password_email! unless config.reset_password_mailer_disabled
@@ -113,6 +114,12 @@ def change_password!(new_password)
             sorcery_adapter.save
           end
 
+          def reset_password_attempt_expired?
+            config.reset_password_time_between_emails.present? &&
+            self.send(config.reset_password_email_sent_at_attribute_name) &&
+            self.send(config.reset_password_email_sent_at_attribute_name) > config.reset_password_time_between_emails.seconds.ago.utc
+          end
+
           protected
 
           def send_reset_password_email!

diff --git a/spec/shared_examples/user_reset_password_shared_examples.rb b/spec/shared_examples/user_reset_password_shared_examples.rb
@@ -256,6 +256,13 @@
       expect(user.deliver_reset_password_instructions!).to be false
     end
 
+    it "'reset_password_attempt_expired?' returns false if time between emails has not passed since last email" do
+      sorcery_model_property_set(:reset_password_time_between_emails, 10000)
+      user.deliver_reset_password_instructions!
+
+      expect(user.reset_password_attempt_expired?).to be false
+    end
+
     it "encrypts properly on reset" do
       user.deliver_reset_password_instructions!
       user.change_password!("blagu")