[Colab] Do not allow RemoteUser authenticated users to modify their passwords

They are not even supposed to have one!

[Colab] Do not allow RemoteUser authenticated users to modify their passwords
They are not even supposed to have one!
Rafael Manzo
1 parent f63719dd
Showing 2 changed files with 9 additions and 2 deletions Show diff stats
app/views/devise/registrations/edit.html.erb
features/users/omniauth.feature
@@ -34,6 +34,7 @@
         </div>
       </div>
+      <% if current_user && current_user.provider.nil? %>
       <div class="form-row">
         <div class="field-container">
           <%= f.label :password, class: 'control-label' %> <i>(<%= t('.leave_blank_if_you_don_t_want_to_change_it', :default => "leave blank if you don't want to change it") %>)</i><br />
@@ -69,6 +70,7 @@
           </p>
         </div>
       </div>
+      <% end %>
       <div class="row margin-left-none" style="margin-top: 20px">
         <%= f.submit t('.update', :default => "Update"), class: 'btn btn-primary col-md-2' %>
@@ -5,5 +5,10 @@ Feature: Omniauth authentication
   Scenario: through Colab
     Given I am logged in as a Colab user
-    Given I am at the homepage
-    And I should be logged in
+    When I am at the homepage
+    Then I should be logged in
+    When I click the Edit Account link
+    Then I should not see "Password"
+    And I should not see "Password Confirmation"
+    And I should not see "Current Password"
+
	@@ -5,5 +5,10 @@ Feature: Omniauth authentication		@@ -5,5 +5,10 @@ Feature: Omniauth authentication
5		5
6	Scenario: through Colab	6	Scenario: through Colab
7	Given I am logged in as a Colab user	7	Given I am logged in as a Colab user
8	- Given I am at the homepage
9	- And I should be logged in	8	+ When I am at the homepage
		9	+ Then I should be logged in
		10	+ When I click the Edit Account link
		11	+ Then I should not see "Password"
		12	+ And I should not see "Password Confirmation"
		13	+ And I should not see "Current Password"
		14	+