Method #after_database_authentication not called after reset_password

[bgr11n]

Precheck

Callback #after_database_authentication is not called after reset_password but user is authenticated and in DB sign_in_count is 1.

Environment

• Ruby 2.4.2
• Rails 5.1.4
• Devise 4.3.0

Current behavior

1. Invite user with reset password link;
2. Follow that link;
3. User is logged in and password updated.
4. after_database_authentication callback is not triggered.

Expected behavior

1. Invite user with reset password link;
2. Follow that link;
3. User is logged in and password updated.
4. after_database_authentication callback should be triggered.

[Alex1sz]

+1

[tegon]

@bgr11n thanks for reporting this!

It's a bug, indeed. We call this callback from the database authenticable's strategy here: https://github.com/plataformatec/devise/blob/master/lib/devise/strategies/database_authenticatable.rb#L15. This strategy is called on a sign-in when we call #authenticate! on the Warden's instance here: https://github.com/plataformatec/devise/blob/master/app/controllers/devise/sessions_controller.rb#L19.
But when the user's password is updated, we call the sign_in helper, which calls Warden's #set_user directly - without invoking the strategy and consequently, not invoking the callback.

I'm happy to accept a pull request for this, it should be straightforward to do it. If you wanna tackle this, feel free to do it. Otherwise I might keep it open for newcomers.

[kanmaniselvan]

@tegon Is anyone working this, or can I, please?

[tegon]

@kanmaniselvan I don't think so, you can take it. If you need anything while you're developing this, feel free to ask. Thanks!