jaliss · jaapterwoerds · Jan 14, 2014
diff --git a/docs/src/manual/source/guide/configuration.md b/docs/src/manual/source/guide/configuration.md
@@ -132,6 +132,8 @@ The following properties can be configured:
 
 - `hasher`: Specifies the current password hasher. 
 
+- `loginAfterResetPassword`: if set to `true`, the user will be automatically signed in when they have reset their password. If set to `false` the user will have to sign in after reset their password. Username/password only.
+
 For example:
 
 	:::bash

diff --git a/module-code/app/securesocial/controllers/Registration.scala b/module-code/app/securesocial/controllers/Registration.scala
@@ -299,21 +299,26 @@ object Registration extends Controller {
         BadRequest(use[TemplatesPlugin].getResetPasswordPage(request, errors, token))
       },
       p => {
-        val (toFlash, eventSession) = UserService.findByEmailAndProvider(t.email, UsernamePasswordProvider.UsernamePassword) match {
+        val (toFlash, redirect, eventSession)= UserService.findByEmailAndProvider(t.email, UsernamePasswordProvider.UsernamePassword) match {
           case Some(user) => {
             val hashed = Registry.hashers.currentHasher.hash(p._1)
             val updated = UserService.save( SocialUser(user).copy(passwordInfo = Some(hashed)) )
             UserService.deleteToken(token)
             Mailer.sendPasswordChangedNotice(updated)
             val eventSession = Events.fire(new PasswordResetEvent(user))
-            ( (Success -> Messages(PasswordUpdated)), eventSession)
+            val redirect = if( UsernamePasswordProvider.loginAfterResetPassword ) {
+              Some(ProviderController.completeAuthentication(user, eventSession.getOrElse(Some(request.session).get)))
+            }else {
+              None
+            }
+            ( (Success -> Messages(PasswordUpdated)), redirect, eventSession)
           }
           case _ => {
             Logger.error("[securesocial] could not find user with email %s during password reset".format(t.email))
-            ( (Error -> Messages(ErrorUpdatingPassword)), None)
+            ( (Error -> Messages(ErrorUpdatingPassword)), None, None)
           }
         }
-        val result = Redirect(onHandleResetPasswordGoTo).flashing(toFlash)
+        val result = redirect.orElse(Some(Redirect(onHandleResetPasswordGoTo))).get.flashing(toFlash)
         eventSession.map( result.withSession(_) ).getOrElse(result)
       })
     })

diff --git a/module-code/app/securesocial/core/providers/UsernamePasswordProvider.scala b/module-code/app/securesocial/core/providers/UsernamePasswordProvider.scala
@@ -78,6 +78,7 @@ object UsernamePasswordProvider {
   private val Hasher = "securesocial.userpass.hasher"
   private val EnableTokenJob = "securesocial.userpass.enableTokenJob"
   private val SignupSkipLogin = "securesocial.userpass.signupSkipLogin"
+  private val LoginAfterResetPassword = "securesocial.userpass.loginAfterResetPassword"
 
   val loginForm = Form(
     tuple(
@@ -92,6 +93,7 @@ object UsernamePasswordProvider {
   lazy val hasher = current.configuration.getString(Hasher).getOrElse(PasswordHasher.BCryptHasher)
   lazy val enableTokenJob = current.configuration.getBoolean(EnableTokenJob).getOrElse(true)
   lazy val signupSkipLogin = current.configuration.getBoolean(SignupSkipLogin).getOrElse(false)
+  lazy val loginAfterResetPassword = current.configuration.getBoolean(LoginAfterResetPassword).getOrElse(false)
 }
 
 /**
-Original file line number
+Diff line change
@@ Expand Up / @@ -132,6 +132,8 @@ The following properties can be configured: @@
     - `hasher`: Specifies the current password hasher.
+    - `loginAfterResetPassword`: if set to `true`, the user will be automatically signed in when they have reset their password. If set to `false` the user will have to sign in after reset their password. Username/password only.
     For example:
     	:::bash
@@ Expand Down @@