Commit 4bcc05c94cbfae6c4eec509eec8644fc9a887d07
1 parent
f63719dd
[Colab] Do not allow RemoteUser authenticated users to modify their passwords
They are not even supposed to have one!
Showing
2 changed files
with
9 additions
and
2 deletions
Show diff stats
app/views/devise/registrations/edit.html.erb
| ... | ... | @@ -34,6 +34,7 @@ |
| 34 | 34 | </div> |
| 35 | 35 | </div> |
| 36 | 36 | |
| 37 | + <% if current_user && current_user.provider.nil? %> | |
| 37 | 38 | <div class="form-row"> |
| 38 | 39 | <div class="field-container"> |
| 39 | 40 | <%= f.label :password, class: 'control-label' %> <i>(<%= t('.leave_blank_if_you_don_t_want_to_change_it', :default => "leave blank if you don't want to change it") %>)</i><br /> |
| ... | ... | @@ -69,6 +70,7 @@ |
| 69 | 70 | </p> |
| 70 | 71 | </div> |
| 71 | 72 | </div> |
| 73 | + <% end %> | |
| 72 | 74 | |
| 73 | 75 | <div class="row margin-left-none" style="margin-top: 20px"> |
| 74 | 76 | <%= f.submit t('.update', :default => "Update"), class: 'btn btn-primary col-md-2' %> | ... | ... |
features/users/omniauth.feature
| ... | ... | @@ -5,5 +5,10 @@ Feature: Omniauth authentication |
| 5 | 5 | |
| 6 | 6 | Scenario: through Colab |
| 7 | 7 | Given I am logged in as a Colab user |
| 8 | - Given I am at the homepage | |
| 9 | - And I should be logged in | |
| 8 | + When I am at the homepage | |
| 9 | + Then I should be logged in | |
| 10 | + When I click the Edit Account link | |
| 11 | + Then I should not see "Password" | |
| 12 | + And I should not see "Password Confirmation" | |
| 13 | + And I should not see "Current Password" | |
| 14 | + | ... | ... |