Do not automatically login after password reset, as it would circumvent two-factor auth (if enabled)
Do not require e-mail address changes to be re-confirmed, it's only trouble for no real benefit
This commit is contained in:
Eugen Rochko
parent
ba192f12e3
commit
76e970c856
@ -126,7 +126,7 @@ Devise.setup do |config|
|
|||||||
# initial account confirmation) to be applied. Requires additional unconfirmed_email
|
# initial account confirmation) to be applied. Requires additional unconfirmed_email
|
||||||
# db field (see migrations). Until confirmed, new email is stored in
|
# db field (see migrations). Until confirmed, new email is stored in
|
||||||
# unconfirmed_email column, and copied to email column on successful confirmation.
|
# unconfirmed_email column, and copied to email column on successful confirmation.
|
||||||
config.reconfirmable = true
|
config.reconfirmable = false
|
||||||
|
|
||||||
# Defines which key will be used when confirming an account
|
# Defines which key will be used when confirming an account
|
||||||
# config.confirmation_keys = [:email]
|
# config.confirmation_keys = [:email]
|
||||||
@ -197,7 +197,7 @@ Devise.setup do |config|
|
|||||||
|
|
||||||
# When set to false, does not sign a user in automatically after their password is
|
# When set to false, does not sign a user in automatically after their password is
|
||||||
# reset. Defaults to true, so a user is signed in automatically after a reset.
|
# reset. Defaults to true, so a user is signed in automatically after a reset.
|
||||||
# config.sign_in_after_reset_password = true
|
config.sign_in_after_reset_password = false
|
||||||
|
|
||||||
# ==> Configuration for :encryptable
|
# ==> Configuration for :encryptable
|
||||||
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
|
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user