Merge branch '24606-force-password-reset-on-next-login' into 'master'

Force new password after password reset via API Closes #24606 See merge request !8933
author: Sean McGivern <sean@mcgivern.me.uk> 2017-02-03 09:53:02 +0000
committer: Sean McGivern <sean@mcgivern.me.uk> 2017-02-03 09:53:02 +0000
commit: 25bb39225e073c451d76e7a7ddb9dedef8d43143 (patch)
tree: 38753ad2d5327f6dbc44090ff5c3053b65fbc1f3
parent: fd46fb1cd9cc1fdf826d31261aa594baa38d4898 (diff)
parent: d796e4fc371a8613e77c70f5571813818c6a35ad (diff)
download: gitlab-ce-25bb39225e073c451d76e7a7ddb9dedef8d43143.tar.gz
4 files changed, 14 insertions, 0 deletions
diff --git a/changelogs/unreleased/24606-force-password-reset-on-next-login.yml b/changelogs/unreleased/24606-force-password-reset-on-next-login.yml
new file mode 100644
index 00000000000..fd671d04a9f
--- /dev/null
+++ b/changelogs/unreleased/24606-force-password-reset-on-next-login.yml
@@ -0,0 +1,4 @@
+---
+title: Force new password after password reset via API
+merge_request:
+author: George Andrinopoulos
diff --git a/doc/api/users.md b/doc/api/users.md
index 28b6c7bd491..fea9bdf9639 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -271,6 +271,7 @@ Parameters:
 - `can_create_group` (optional) - User can create groups - true or false
 - `external` (optional)         - Flags the user as external - true or false(default)
 
+On password update, user will be forced to change it upon next login.
 Note, at the moment this method does only return a `404` error,
 even in cases where a `409` (Conflict) would be more appropriate,
 e.g. when renaming the email address to some existing one.
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 11a7368b4c0..0ed468626b7 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -160,6 +160,8 @@ module API
           end
         end
 
+        user_params.merge!(password_expires_at: Time.now) if user_params[:password].present?
+
         if user.update_attributes(user_params.except(:extern_uid, :provider))
           present user, with: Entities::UserPublic
         else
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 5bf5bf0739e..8692f9da976 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -305,6 +305,13 @@ describe API::Users, api: true  do
       expect(user.reload.bio).to eq('new test bio')
     end
 
+    it "updates user with new password and forces reset on next login" do
+      put api("/users/#{user.id}", admin), password: '12345678'
+
+      expect(response).to have_http_status(200)
+      expect(user.reload.password_expires_at).to be <= Time.now
+    end
+
     it "updates user with organization" do
       put api("/users/#{user.id}", admin), { organization: 'GitLab' }
author	Sean McGivern <sean@mcgivern.me.uk>	2017-02-03 09:53:02 +0000
committer	Sean McGivern <sean@mcgivern.me.uk>	2017-02-03 09:53:02 +0000
commit	25bb39225e073c451d76e7a7ddb9dedef8d43143 (patch)
tree	38753ad2d5327f6dbc44090ff5c3053b65fbc1f3
parent	fd46fb1cd9cc1fdf826d31261aa594baa38d4898 (diff)
parent	d796e4fc371a8613e77c70f5571813818c6a35ad (diff)
download	gitlab-ce-25bb39225e073c451d76e7a7ddb9dedef8d43143.tar.gz