FIX: When activating via omniauth, create tokens after password reset

Resetting a password invalidates all email tokens, so we need to create the tokens after the password reset.
2024-12-15 00:20:02 +08:00 · 2019-08-28 14:43:25 +01:00 · 2019-08-28 14:43:25 +01:00 · 51b7f4d900
commit 51b7f4d900
parent 3b9e8a0849
1 changed files with 7 additions and 7 deletions
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@ -121,15 +121,15 @@ class Users::OmniauthCallbacksController < ApplicationController
      user.unstage
      user.save

-      # ensure there is an active email token
-      unless EmailToken.where(email: user.email, confirmed: true).exists? ||
-        user.email_tokens.active.where(email: user.email).exists?
-
-        user.email_tokens.create!(email: user.email)
-      end
-
      if !user.active || !user.email_confirmed?
        user.update!(password: SecureRandom.hex)
+
+        # Ensure there is an active email token
+        unless EmailToken.where(email: user.email, confirmed: true).exists? ||
+          user.email_tokens.active.where(email: user.email).exists?
+          user.email_tokens.create!(email: user.email)
+        end
+
        user.activate
      end
      user.update!(registration_ip_address: request.remote_ip) if user.registration_ip_address.blank?