Do not automatically login after password reset, as it would circumvent two-factor auth (if enabled)

Do not require e-mail address changes to be re-confirmed, it's only trouble for no real benefit
lolsob-rspec
Eugen Rochko 2017-01-27 20:34:22 +01:00
parent 9b8670c939
commit 0bf8c1b5d8
1 changed files with 2 additions and 2 deletions

View File

@ -126,7 +126,7 @@ Devise.setup do |config|
# initial account confirmation) to be applied. Requires additional unconfirmed_email # initial account confirmation) to be applied. Requires additional unconfirmed_email
# db field (see migrations). Until confirmed, new email is stored in # db field (see migrations). Until confirmed, new email is stored in
# unconfirmed_email column, and copied to email column on successful confirmation. # unconfirmed_email column, and copied to email column on successful confirmation.
config.reconfirmable = true config.reconfirmable = false
# Defines which key will be used when confirming an account # Defines which key will be used when confirming an account
# config.confirmation_keys = [:email] # config.confirmation_keys = [:email]
@ -197,7 +197,7 @@ Devise.setup do |config|
# When set to false, does not sign a user in automatically after their password is # When set to false, does not sign a user in automatically after their password is
# reset. Defaults to true, so a user is signed in automatically after a reset. # reset. Defaults to true, so a user is signed in automatically after a reset.
# config.sign_in_after_reset_password = true config.sign_in_after_reset_password = false
# ==> Configuration for :encryptable # ==> Configuration for :encryptable
# Allow you to use another encryption algorithm besides bcrypt (default). You can use # Allow you to use another encryption algorithm besides bcrypt (default). You can use