From d08acee203ac640b806c5ab8ad0556cb22501398 Mon Sep 17 00:00:00 2001
From: AntonioTerceiro <AntonioTerceiro@3f533792-8f58-4932-b0fe-aaf55b0a4547>
Date: Fri, 5 Oct 2007 14:21:15 +0000
Subject: [PATCH] ActionItem78: creating a method to change password without passing the old one (for "I forgot my password"). Refactoring the previous one to call this new method after checking the old password.

---
 app/models/user.rb     | 11 ++++++++---
 test/unit/user_test.rb | 17 +++++++++++++++++
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 4f9dd9e..57dc8ba 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -78,11 +78,16 @@ class User < ActiveRecord::Base
   # * Saves the record unless it is a new one.
   def change_password!(current, new, confirmation)
     raise IncorrectPassword unless self.authenticated?(current)
+    self.force_change_password!(new, confirmation)
+  end
+  
+  # Changes the password of a user without asking for the old password. This
+  # method is intended to be used by the "I forgot my password", and must be
+  # used with care.
+  def force_change_password!(new, confirmation)
     self.password = new
     self.password_confirmation = confirmation
-    unless new_record?
-      save!
-    end
+    save! unless new_record?
   end
 
   protected
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index 89b15e0..954d98b 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -124,6 +124,23 @@ class UserTest < Test::Unit::TestCase
     assert user.authenticated?('test')
   end
 
+  should 'require matching confirmation when changing password by force' do
+    user = User.create!(:login => 'changetest', :password => 'test', :password_confirmation => 'test', :email => 'changetest@example.com')
+    assert_raise ActiveRecord::RecordInvalid do
+      user.force_change_password!('newpass', 'newpasswrong')
+    end
+    assert !user.authenticated?('newpass')
+    assert user.authenticated?('test')
+  end
+
+  should 'be able to force password change' do
+    user = User.create!(:login => 'changetest', :password => 'test', :password_confirmation => 'test', :email => 'changetest@example.com')
+    assert_nothing_raised  do
+      user.force_change_password!('newpass', 'newpass')
+    end
+    assert user.authenticated?('newpass')
+  end
+
   def test_should_create_person_when_creating_user
     count = Person.count
     assert !Person.find_by_identifier('lalala')
--
libgit2 0.21.2