From adbdc376e08522c209f98abcb224103bff17753f Mon Sep 17 00:00:00 2001 From: Junior Silva Date: Thu, 29 May 2014 17:45:04 -0300 Subject: [PATCH] change-password-permission: disabled change password to user without login AI3148 --- app/controllers/public/account_controller.rb | 2 +- test/functional/account_controller_test.rb | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/app/controllers/public/account_controller.rb b/app/controllers/public/account_controller.rb index 1e7a093..6035228 100644 --- a/app/controllers/public/account_controller.rb +++ b/app/controllers/public/account_controller.rb @@ -2,7 +2,7 @@ class AccountController < ApplicationController no_design_blocks - before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise] + before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise, :change_password] before_filter :redirect_if_logged_in, :only => [:login, :signup] before_filter :protect_from_bots, :only => :signup diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index da0e991..c5b6189 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -213,6 +213,11 @@ class AccountControllerTest < ActionController::TestCase assert_equal users(:ze), @controller.send(:current_user) end + should 'require login to change password' do + post :change_password + assert_redirected_to :controller => 'account', :action => 'login' + end + should 'provide a "I forget my password" link at the login page' do get :login assert_tag :tag => 'a', :attributes => { -- libgit2 0.21.2