From abd673e1b2a218ea17963d5c6bf4043e2f8c7eaa Mon Sep 17 00:00:00 2001
From: AntonioTerceiro <AntonioTerceiro@3f533792-8f58-4932-b0fe-aaf55b0a4547>
Date: Tue, 9 Oct 2007 19:08:45 +0000
Subject: [PATCH] ActionItem78: validating password confirmation

---
 app/models/change_password.rb     |  6 ++++--
 test/unit/change_password_test.rb | 20 +++++++++++++++++++-
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/app/models/change_password.rb b/app/models/change_password.rb
index 4860b6c..bdc7e8b 100644
--- a/app/models/change_password.rb
+++ b/app/models/change_password.rb
@@ -38,6 +38,8 @@ class ChangePassword < Task
 
   # only require the new password when actually changing it.
   validates_presence_of :password, :on => :update
+  validates_presence_of :password_confirmation, :on => :update
+  validates_confirmation_of :password
 
   def initialize(*args)
     super(*args)
@@ -61,10 +63,10 @@ class ChangePassword < Task
 
   def create_message
     hostname = self.requestor.environment.default_hostname
-    hash = self.id
+    code = self.code
 
     lambda do
-      _("In order to change your password, please visit the following address:\n\n%s") % url_for(:host => hostname, :controller => 'account', :action => 'change_password', :hash => hash)
+      _("In order to change your password, please visit the following address:\n\n%s") % url_for(:host => hostname, :controller => 'account', :action => 'new_password', :code => code)
     end
   end
 
diff --git a/test/unit/change_password_test.rb b/test/unit/change_password_test.rb
index 740d7d7..588a974 100644
--- a/test/unit/change_password_test.rb
+++ b/test/unit/change_password_test.rb
@@ -54,6 +54,24 @@ class ChangePasswordTest < Test::Unit::TestCase
     assert !data.errors.invalid?(:email)
   end
 
+  should 'require correct passsword confirmation' do
+    User.create!(:login => 'testuser', :password => 'test', :password_confirmation => 'test', :email => 'test@example.com')
+
+    change = ChangePassword.new
+    change.login = 'testuser'
+    change.email = 'test@example.com'
+    change.save!
+
+    change.password = 'right'
+    change.password_confirmation = 'wrong'
+    assert !change.valid?
+    assert change.errors.invalid?(:password)
+
+
+    change.password_confirmation = 'right'
+    assert change.valid?
+  end
+
   should 'actually change password' do
     User.destroy_all
     User.create!(:login => 'testuser', :password => 'test', :password_confirmation => 'test', :email => 'test@example.com')
@@ -64,8 +82,8 @@ class ChangePasswordTest < Test::Unit::TestCase
     change.save!
 
     user = User.new
-    user.expects(:force_change_password!).with('newpass', 'newpass')
     User.expects(:find_by_login).with('testuser').returns(user)
+    user.expects(:force_change_password!).with('newpass', 'newpass')
 
     change.password = 'newpass'
     change.password_confirmation = 'newpass'
--
libgit2 0.21.2