Contents

# frozen_string_literal: true

module DeviseSecurity::Patches
  module ControllerSecurityQuestion
    extend ActiveSupport::Concern

    included do
      prepend_before_action :check_security_question, only: [:create]
    end

    private

    def check_security_question
      # only find via email, not login
      resource = resource_class.find_or_initialize_with_error_by(:email, params[resource_name][:email], :not_found)
      return if valid_security_question_answer?(resource, params[:security_question_answer])

      flash[:alert] = t('devise.invalid_security_question') if is_navigational_format?
      respond_with({}, location: url_for(action: :new))
    end
  end
end

Version data entries

9 entries across 9 versions & 1 rubygems

Version	Path
devise-security-0.18.0	lib/devise-security/patches/controller_security_question.rb
devise-security-0.17.0	lib/devise-security/patches/controller_security_question.rb
devise-security-0.16.0	lib/devise-security/patches/controller_security_question.rb
devise-security-0.15.0	lib/devise-security/patches/controller_security_question.rb
devise-security-0.14.3	lib/devise-security/patches/controller_security_question.rb
devise-security-0.14.2	lib/devise-security/patches/controller_security_question.rb
devise-security-0.14.1	lib/devise-security/patches/controller_security_question.rb
devise-security-0.14.0	lib/devise-security/patches/controller_security_question.rb
devise-security-0.14.0.rc1	lib/devise-security/patches/controller_security_question.rb