change-password-permission: disabled change password to user without login

AI3148

change-password-permission: disabled change password to user without login
AI3148
Junior Silva
1 parent 0ab99b38
Showing 2 changed files with 6 additions and 1 deletions Show diff stats
app/controllers/public/account_controller.rb
test/functional/account_controller_test.rb
@@ -2,7 +2,7 @@ class AccountController &lt; ApplicationController
   no_design_blocks
-  before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise]
+  before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise, :change_password]
   before_filter :redirect_if_logged_in, :only => [:login, :signup]
   before_filter :protect_from_bots, :only => :signup
@@ -213,6 +213,11 @@ class AccountControllerTest &lt; ActionController::TestCase
     assert_equal users(:ze), @controller.send(:current_user)
   end
+  should 'require login to change password' do
+    post :change_password
+    assert_redirected_to :controller => 'account', :action => 'login'
+  end
+
   should 'provide a "I forget my password" link at the login page' do
     get :login
     assert_tag :tag => 'a', :attributes => {
	@@ -2,7 +2,7 @@ class AccountController < ApplicationController		@@ -2,7 +2,7 @@ class AccountController < ApplicationController
2		2
3	no_design_blocks	3	no_design_blocks
4		4
5	- before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise]	5	+ before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise, :change_password]
6	before_filter :redirect_if_logged_in, :only => [:login, :signup]	6	before_filter :redirect_if_logged_in, :only => [:login, :signup]
7	before_filter :protect_from_bots, :only => :signup	7	before_filter :protect_from_bots, :only => :signup
8		8