diff options
| author | Tiago Botelho <tiagonbotelho@hotmail.com> | 2017-08-29 15:15:48 +0100 |
|---|---|---|
| committer | Tiago Botelho <tiagonbotelho@hotmail.com> | 2017-08-31 12:25:24 +0100 |
| commit | 0ffa4772c21ee1c1ea8ea889a74a4c4b6b2f25db (patch) | |
| tree | 0700c564c66b8ea8da305a04a80fa1e05990de18 | |
| parent | d546f7d36e6703bda430e2f50fe4e87a07ab48f8 (diff) | |
| download | gitlab-ce-28938-password-change-workflow-for-admins.tar.gz | |
Changes the password change workflow for admins.28938-password-change-workflow-for-admins
| -rw-r--r-- | app/controllers/admin/users_controller.rb | 15 | ||||
| -rw-r--r-- | changelogs/unreleased/28938-password-change-workflow-for-admins.yml | 5 | ||||
| -rw-r--r-- | spec/controllers/admin/users_controller_spec.rb | 32 |
3 files changed, 36 insertions, 16 deletions
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index fa1bc72560e..a99563b7100 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -117,11 +117,14 @@ class Admin::UsersController < Admin::ApplicationController user_params_with_pass = user_params.dup if params[:user][:password].present? - user_params_with_pass.merge!( + password_params = { password: params[:user][:password], - password_confirmation: params[:user][:password_confirmation], - password_expires_at: Time.now - ) + password_confirmation: params[:user][:password_confirmation] + } + + password_params[:password_expires_at] = Time.now unless changing_own_password? + + user_params_with_pass.merge!(password_params) end respond_to do |format| @@ -167,6 +170,10 @@ class Admin::UsersController < Admin::ApplicationController protected + def changing_own_password? + user == current_user + end + def user @user ||= User.find_by!(username: params[:id]) end diff --git a/changelogs/unreleased/28938-password-change-workflow-for-admins.yml b/changelogs/unreleased/28938-password-change-workflow-for-admins.yml new file mode 100644 index 00000000000..0781e1a2fce --- /dev/null +++ b/changelogs/unreleased/28938-password-change-workflow-for-admins.yml @@ -0,0 +1,5 @@ +--- +title: Changes the password change workflow for admins. +merge_request: 13901 +author: +type: fixed diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb index 3d21b695af4..aadd3317875 100644 --- a/spec/controllers/admin/users_controller_spec.rb +++ b/spec/controllers/admin/users_controller_spec.rb @@ -150,6 +150,18 @@ describe Admin::UsersController do post :update, params end + context 'when the admin changes his own password' do + it 'updates the password' do + expect { update_password(admin, 'AValidPassword1') } + .to change { admin.reload.encrypted_password } + end + + it 'does not set the new password to expire immediately' do + expect { update_password(admin, 'AValidPassword1') } + .not_to change { admin.reload.password_expires_at } + end + end + context 'when the new password is valid' do it 'redirects to the user' do update_password(user, 'AValidPassword1') @@ -158,15 +170,13 @@ describe Admin::UsersController do end it 'updates the password' do - update_password(user, 'AValidPassword1') - - expect { user.reload }.to change { user.encrypted_password } + expect { update_password(user, 'AValidPassword1') } + .to change { user.reload.encrypted_password } end it 'sets the new password to expire immediately' do - update_password(user, 'AValidPassword1') - - expect { user.reload }.to change { user.password_expires_at }.to(a_value <= Time.now) + expect { update_password(user, 'AValidPassword1') } + .to change { user.reload.password_expires_at }.to be_within(2.seconds).of(Time.now) end end @@ -184,9 +194,8 @@ describe Admin::UsersController do end it 'does not update the password' do - update_password(user, 'invalid') - - expect { user.reload }.not_to change { user.encrypted_password } + expect { update_password(user, 'invalid') } + .not_to change { user.reload.encrypted_password } end end @@ -204,9 +213,8 @@ describe Admin::UsersController do end it 'does not update the password' do - update_password(user, 'AValidPassword1', 'AValidPassword2') - - expect { user.reload }.not_to change { user.encrypted_password } + expect { update_password(user, 'AValidPassword1', 'AValidPassword2') } + .not_to change { user.reload.encrypted_password } end end end |