Download as
Browse Code »

Commit d08acee203ac640b806c5ab8ad0556cb22501398

Authored by AntonioTerceiro
1 parent c663018a
Exists in master and in 28 other branches 1.2+SPB2, 2_split_by_role, add_fields_in_api, api_fixies, api_pagination, api_private_token, api_tasks, article_hit_count, blog_page_bug, checkbox_to_user_can_edit_page, communities_ratings, communities_ratings_moderation, community_ratings_rebase, fix_cloned_article_parent, fix_gallery_image_url, fix_javascript_categories, fix_optional_fields, fix_suggest_article, fix_user_email_validation, highlight_block_fix, notification_plugin, notification_plugin_rebase, script_to_update, split_by_role, stable, temp_ratings, tests, tests_fixies

ActionItem78: creating a method to change password without passing the old one (… 

…for "I forgot my password"). Refactoring the previous one to call this new method after checking the old password.



git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@627 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing 2 changed files with 25 additions and 3 deletions   Show diff stats
app/models/user.rb
  Diff comments   View file @d08acee
@@ -78,11 +78,16 @@ class User < ActiveRecord::Base @@ -78,11 +78,16 @@ class User < ActiveRecord::Base
78 # * Saves the record unless it is a new one. 78 # * Saves the record unless it is a new one.
79 def change_password!(current, new, confirmation) 79 def change_password!(current, new, confirmation)
80 raise IncorrectPassword unless self.authenticated?(current) 80 raise IncorrectPassword unless self.authenticated?(current)
  81 + self.force_change_password!(new, confirmation)
  82 + end
  83 +
  84 + # Changes the password of a user without asking for the old password. This
  85 + # method is intended to be used by the "I forgot my password", and must be
  86 + # used with care.
  87 + def force_change_password!(new, confirmation)
81 self.password = new 88 self.password = new
82 self.password_confirmation = confirmation 89 self.password_confirmation = confirmation
83 - unless new_record?  
84 - save!  
85 - end 90 + save! unless new_record?
86 end 91 end
87 92
88 protected 93 protected
test/unit/user_test.rb
  Diff comments   View file @d08acee
@@ -124,6 +124,23 @@ class UserTest < Test::Unit::TestCase @@ -124,6 +124,23 @@ class UserTest < Test::Unit::TestCase
124 assert user.authenticated?('test') 124 assert user.authenticated?('test')
125 end 125 end
126 126
  127 + should 'require matching confirmation when changing password by force' do
  128 + user = User.create!(:login => 'changetest', :password => 'test', :password_confirmation => 'test', :email => 'changetest@example.com')
  129 + assert_raise ActiveRecord::RecordInvalid do
  130 + user.force_change_password!('newpass', 'newpasswrong')
  131 + end
  132 + assert !user.authenticated?('newpass')
  133 + assert user.authenticated?('test')
  134 + end
  135 +
  136 + should 'be able to force password change' do
  137 + user = User.create!(:login => 'changetest', :password => 'test', :password_confirmation => 'test', :email => 'changetest@example.com')
  138 + assert_nothing_raised do
  139 + user.force_change_password!('newpass', 'newpass')
  140 + end
  141 + assert user.authenticated?('newpass')
  142 + end
  143 +
127 def test_should_create_person_when_creating_user 144 def test_should_create_person_when_creating_user
128 count = Person.count 145 count = Person.count
129 assert !Person.find_by_identifier('lalala') 146 assert !Person.find_by_identifier('lalala')