wip

thoughtbot · Jun 12, 2015 · 0aa95df · 0aa95df
1 parent 43dfcca
commit 0aa95df
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 14 deletions.
diff --git a/app/controllers/clearance/passwords_controller.rb b/app/controllers/clearance/passwords_controller.rb
@@ -108,15 +108,6 @@ def find_user_from_password_reset
     end
   end
 
-  def forbid_expired_password_reset
-    matched_password_reset = find_password_reset
-
-    if matched_password_reset && matched_password_reset.expired?
-      flash_failure_when_forbidden
-      render template: "passwords/new"
-    end
-  end
-
   def url_after_create
     sign_in_url
   end

diff --git a/app/models/password_reset.rb b/app/models/password_reset.rb
@@ -16,12 +16,16 @@ def self.time_limit
   end
 
   def complete(new_password)
-    transaction do
-      unless user.update_password(new_password)
-        raise ActiveRecord::Rollback
-      end
+    if active?
+      transaction do
+        unless user.update_password(new_password)
+          raise ActiveRecord::Rollback
+        end
 
-      deactivate_user_resets
+        deactivate_user_resets
+      end
+    else
+      false
     end
   end
 
@@ -39,6 +43,10 @@ def successful?
 
   private
 
+  def active?
+    !expired?
+  end
+
   def deactivate_user_resets
     Clearance::PasswordResetsDeactivator.new(user).run
   end

diff --git a/spec/models/password_reset_spec.rb b/spec/models/password_reset_spec.rb
@@ -32,6 +32,14 @@
     end
   end
 
+  context "on update" do
+    it "is invalid if the reset has expired already" do
+      password_reset = create(:password_reset)
+      password_reset.deactivate
+      expect(password_reset).to be_invalid
+    end
+  end
+
   describe ".active_for" do
     it "returns all the unexpired password resets for a user" do
       user = create(:user)