heartcombo · excid3 · Nov 8, 2023 · Nov 27, 2023 · Oct 10, 2025 · Mar 21, 2026
diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb
@@ -71,7 +71,8 @@ def assert_reset_token_passed
 
     # Check if the user should be signed in automatically after resetting the password.
     def sign_in_after_reset_password?
-      resource_class.sign_in_after_reset_password
+      setting = resource_class.sign_in_after_reset_password
+      setting.respond_to?(:call) ? setting.call(resource) : setting
     end
 
     # Check if proper Lockable module methods are present & unlock strategy

diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb
@@ -247,6 +247,29 @@ def reset_password(options = {}, &block)
     end
   end
 
+  test 'sign in user automatically with proc' do
+    swap Devise, sign_in_after_reset_password: ->(resource) { true }  do
+      create_user
+      request_forgot_password
+      reset_password
+
+      assert warden.authenticated?(:user)
+    end
+  end
+
+  test 'does not sign in user automatically with proc' do
+    swap Devise, sign_in_after_reset_password: ->(resource) { false } do
+      create_user
+      request_forgot_password
+      reset_password
+
+      assert_contain 'Your password has been changed successfully.'
+      assert_not_contain 'You are now signed in.'
+      assert_equal new_user_session_path, @request.path
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
   test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do
     [:none, :time].each do |strategy|
       swap Devise, unlock_strategy: strategy do