Commit 550c1828a3c4bc61ae95c9fe123450ab0897e219
Exists in
master
and in
4 other branches
Merge branch 'feature/require_old_pass' of /home/git/repositories/gitlab/gitlabhq
Showing
4 changed files
with
59 additions
and
19 deletions
Show diff stats
app/controllers/profiles_controller.rb
| @@ -33,7 +33,14 @@ class ProfilesController < ApplicationController | @@ -33,7 +33,14 @@ class ProfilesController < ApplicationController | ||
| 33 | end | 33 | end |
| 34 | 34 | ||
| 35 | def update_password | 35 | def update_password |
| 36 | - params[:user].reject!{ |k, v| k != "password" && k != "password_confirmation"} | 36 | + params[:user].select! do |key, value| |
| 37 | + %w(current_password password password_confirmation).include?(key.to_s) | ||
| 38 | + end | ||
| 39 | + | ||
| 40 | + unless @user.valid_password?(params[:user][:current_password]) | ||
| 41 | + redirect_to account_profile_path, alert: 'You must provide a valid current password' | ||
| 42 | + return | ||
| 43 | + end | ||
| 37 | 44 | ||
| 38 | if @user.update_attributes(params[:user]) | 45 | if @user.update_attributes(params[:user]) |
| 39 | flash[:notice] = "Password was successfully updated. Please login with it" | 46 | flash[:notice] = "Password was successfully updated. Please login with it" |
app/views/profiles/account.html.haml
| @@ -57,24 +57,33 @@ | @@ -57,24 +57,33 @@ | ||
| 57 | .tab-pane#tab-password | 57 | .tab-pane#tab-password |
| 58 | %fieldset.update-password | 58 | %fieldset.update-password |
| 59 | %legend Password | 59 | %legend Password |
| 60 | - = form_for @user, url: update_password_profile_path, method: :put do |f| | ||
| 61 | - %div | ||
| 62 | - %p.slead After a successful password update you will be redirected to login page where you should login with your new password | ||
| 63 | - -if @user.errors.any? | ||
| 64 | - .alert.alert-error | ||
| 65 | - %ul | ||
| 66 | - - @user.errors.full_messages.each do |msg| | ||
| 67 | - %li= msg | ||
| 68 | - .control-group | ||
| 69 | - = f.label :password | ||
| 70 | - .controls= f.password_field :password, required: true | ||
| 71 | - .control-group | ||
| 72 | - = f.label :password_confirmation | ||
| 73 | - .controls | ||
| 74 | - = f.password_field :password_confirmation, required: true | ||
| 75 | - .control-group | ||
| 76 | - .controls | ||
| 77 | - = f.submit 'Save password', class: "btn btn-save" | 60 | + - if current_user.ldap_user? |
| 61 | + %h3.nothing_here_message Not available for LDAP user | ||
| 62 | + - else | ||
| 63 | + = form_for @user, url: update_password_profile_path, method: :put do |f| | ||
| 64 | + %div | ||
| 65 | + %p.slead | ||
| 66 | + You must provide current password in order to change it. | ||
| 67 | + %br | ||
| 68 | + After a successful password update you will be redirected to login page where you should login with your new password | ||
| 69 | + -if @user.errors.any? | ||
| 70 | + .alert.alert-error | ||
| 71 | + %ul | ||
| 72 | + - @user.errors.full_messages.each do |msg| | ||
| 73 | + %li= msg | ||
| 74 | + .control-group | ||
| 75 | + = f.label :current_password, class: 'cgreen' | ||
| 76 | + .controls= f.password_field :current_password, required: true | ||
| 77 | + .control-group | ||
| 78 | + = f.label :password, 'New password' | ||
| 79 | + .controls= f.password_field :password, required: true | ||
| 80 | + .control-group | ||
| 81 | + = f.label :password_confirmation | ||
| 82 | + .controls | ||
| 83 | + = f.password_field :password_confirmation, required: true | ||
| 84 | + .control-group | ||
| 85 | + .controls | ||
| 86 | + = f.submit 'Save password', class: "btn btn-save" | ||
| 78 | 87 | ||
| 79 | - if show_profile_social_tab? | 88 | - if show_profile_social_tab? |
| 80 | .tab-pane#tab-social | 89 | .tab-pane#tab-social |
features/profile/profile.feature
| @@ -11,6 +11,12 @@ Feature: Profile | @@ -11,6 +11,12 @@ Feature: Profile | ||
| 11 | Then I change my contact info | 11 | Then I change my contact info |
| 12 | And I should see new contact info | 12 | And I should see new contact info |
| 13 | 13 | ||
| 14 | + Scenario: I change my password without old one | ||
| 15 | + Given I visit profile account page | ||
| 16 | + When I try change my password w/o old one | ||
| 17 | + Then I should see a missing password error message | ||
| 18 | + And I should be redirected to account page | ||
| 19 | + | ||
| 14 | Scenario: I change my password | 20 | Scenario: I change my password |
| 15 | Given I visit profile account page | 21 | Given I visit profile account page |
| 16 | Then I change my password | 22 | Then I change my password |
features/steps/profile/profile.rb
| @@ -22,8 +22,17 @@ class Profile < Spinach::FeatureSteps | @@ -22,8 +22,17 @@ class Profile < Spinach::FeatureSteps | ||
| 22 | @user.twitter.should == 'testtwitter' | 22 | @user.twitter.should == 'testtwitter' |
| 23 | end | 23 | end |
| 24 | 24 | ||
| 25 | + step 'I try change my password w/o old one' do | ||
| 26 | + within '.update-password' do | ||
| 27 | + fill_in "user_password", with: "222333" | ||
| 28 | + fill_in "user_password_confirmation", with: "222333" | ||
| 29 | + click_button "Save" | ||
| 30 | + end | ||
| 31 | + end | ||
| 32 | + | ||
| 25 | step 'I change my password' do | 33 | step 'I change my password' do |
| 26 | within '.update-password' do | 34 | within '.update-password' do |
| 35 | + fill_in "user_current_password", with: "123456" | ||
| 27 | fill_in "user_password", with: "222333" | 36 | fill_in "user_password", with: "222333" |
| 28 | fill_in "user_password_confirmation", with: "222333" | 37 | fill_in "user_password_confirmation", with: "222333" |
| 29 | click_button "Save" | 38 | click_button "Save" |
| @@ -32,12 +41,17 @@ class Profile < Spinach::FeatureSteps | @@ -32,12 +41,17 @@ class Profile < Spinach::FeatureSteps | ||
| 32 | 41 | ||
| 33 | step 'I unsuccessfully change my password' do | 42 | step 'I unsuccessfully change my password' do |
| 34 | within '.update-password' do | 43 | within '.update-password' do |
| 44 | + fill_in "user_current_password", with: "123456" | ||
| 35 | fill_in "user_password", with: "password" | 45 | fill_in "user_password", with: "password" |
| 36 | fill_in "user_password_confirmation", with: "confirmation" | 46 | fill_in "user_password_confirmation", with: "confirmation" |
| 37 | click_button "Save" | 47 | click_button "Save" |
| 38 | end | 48 | end |
| 39 | end | 49 | end |
| 40 | 50 | ||
| 51 | + step "I should see a missing password error message" do | ||
| 52 | + page.should have_content "You must provide a valid current password" | ||
| 53 | + end | ||
| 54 | + | ||
| 41 | step "I should see a password error message" do | 55 | step "I should see a password error message" do |
| 42 | page.should have_content "Password doesn't match confirmation" | 56 | page.should have_content "Password doesn't match confirmation" |
| 43 | end | 57 | end |
| @@ -110,6 +124,10 @@ class Profile < Spinach::FeatureSteps | @@ -110,6 +124,10 @@ class Profile < Spinach::FeatureSteps | ||
| 110 | current_path.should == new_user_session_path | 124 | current_path.should == new_user_session_path |
| 111 | end | 125 | end |
| 112 | 126 | ||
| 127 | + step 'I should be redirected to account page' do | ||
| 128 | + current_path.should == account_profile_path | ||
| 129 | + end | ||
| 130 | + | ||
| 113 | step 'I click on my profile picture' do | 131 | step 'I click on my profile picture' do |
| 114 | click_link 'profile-pic' | 132 | click_link 'profile-pic' |
| 115 | end | 133 | end |