Commit adbdc376e08522c209f98abcb224103bff17753f
1 parent
0ab99b38
Exists in
master
and in
29 other branches
change-password-permission: disabled change password to user without login
AI3148
Showing
2 changed files
with
6 additions
and
1 deletions
Show diff stats
app/controllers/public/account_controller.rb
| ... | ... | @@ -2,7 +2,7 @@ class AccountController < ApplicationController |
| 2 | 2 | |
| 3 | 3 | no_design_blocks |
| 4 | 4 | |
| 5 | - before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise] | |
| 5 | + before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise, :change_password] | |
| 6 | 6 | before_filter :redirect_if_logged_in, :only => [:login, :signup] |
| 7 | 7 | before_filter :protect_from_bots, :only => :signup |
| 8 | 8 | ... | ... |
test/functional/account_controller_test.rb
| ... | ... | @@ -213,6 +213,11 @@ class AccountControllerTest < ActionController::TestCase |
| 213 | 213 | assert_equal users(:ze), @controller.send(:current_user) |
| 214 | 214 | end |
| 215 | 215 | |
| 216 | + should 'require login to change password' do | |
| 217 | + post :change_password | |
| 218 | + assert_redirected_to :controller => 'account', :action => 'login' | |
| 219 | + end | |
| 220 | + | |
| 216 | 221 | should 'provide a "I forget my password" link at the login page' do |
| 217 | 222 | get :login |
| 218 | 223 | assert_tag :tag => 'a', :attributes => { | ... | ... |