Add reset_password_request_for_unverified_account configuration method

jeremyevans · jeremyevans · commit 3b39fa40e68d · 2025-07-14T08:47:45.000-07:00
This allows for configurable behavior, instead of always showing an
error on the login parameter.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,7 @@
+=== master
+
+* Add reset_password_request_for_unverified_account configuration method (jeremyevans) (#481)
+
 === 2.39.0 (2025-05-22)
 
 * Allow usage with Roda's plain_hash_response_headers plugin and Rack 3+ (jeremyevans)
diff --git a/doc/reset_password.rdoc b/doc/reset_password.rdoc
@@ -59,6 +59,7 @@ reset_password_email_link :: The link to the reset password form in the reset pa
 reset_password_email_sent_response :: Return a response after successfully sending a password reset email. By default, redirects to +reset_password_email_sent_redirect+.
 reset_password_key_insert_hash :: The hash to insert into the +reset_password_table+.
 reset_password_key_value :: The reset password key for the current account.
+reset_password_request_for_unverified_account :: What to do if there is a request to reset a password for an unverified account. By default, shows an error for the login parameter.
 reset_password_request_view :: The HTML to use for the reset password request form.
 reset_password_response :: Return a response after successfully resetting a password. By default, redirects to +reset_password_redirect+.
 reset_password_view :: The HTML to use for the reset password form.
diff --git a/lib/rodauth/features/reset_password.rb b/lib/rodauth/features/reset_password.rb
@@ -50,6 +50,7 @@ module Rodauth
       :reset_password_email_link,
       :reset_password_key_insert_hash,
       :reset_password_key_value,
+      :reset_password_request_for_unverified_account,
       :set_reset_password_email_last_sent
     )
     auth_private_methods(
@@ -73,9 +74,7 @@ module Rodauth
             throw_error_reason(:no_matching_login, no_matching_login_error_status, login_param, no_matching_login_message)
           end
 
-          unless open_account?
-            throw_error_reason(:unverified_account, unopen_account_error_status, login_param, unverified_account_message)
-          end
+          reset_password_request_for_unverified_account unless open_account?
 
           if reset_password_email_recently_sent?
             set_redirect_error_flash reset_password_email_recently_sent_error_flash
@@ -174,6 +173,10 @@ def create_reset_password_key
       end
     end
 
+    def reset_password_request_for_unverified_account
+      throw_error_reason(:unverified_account, unopen_account_error_status, login_param, unverified_account_message)
+    end
+
     def remove_reset_password_key
       password_reset_ds.delete
     end
