diff options
author | Rubén Dávila <ruben@gitlab.com> | 2017-12-31 00:08:15 -0500 |
---|---|---|
committer | Rubén Dávila <ruben@gitlab.com> | 2017-12-31 19:59:07 -0500 |
commit | 6304fe44ec9b034917201db2e1bacb83d82cdeae (patch) | |
tree | 6b6423fbdbbb9779dd6afee7ca91b161fa56c2ed | |
parent | ff077cf7dc5cfd7c6c6206d801ea3f326f7af1aa (diff) | |
download | gitlab-ce-rd-fix-reset-password-while-logged-in.tar.gz |
Allow logged in user to change his passwordrd-fix-reset-password-while-logged-in
Users were unable to change their password through the "Reset password"
link that was sent to their email if they were logged in. This is due to
a default controller filter from Devise that requires the user to not be
logged in in order to use this link.
-rw-r--r-- | app/controllers/passwords_controller.rb | 2 | ||||
-rw-r--r-- | spec/features/password_reset_spec.rb | 19 |
2 files changed, 21 insertions, 0 deletions
diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 68a52f40342..57761bfbe26 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -1,6 +1,8 @@ class PasswordsController < Devise::PasswordsController include Gitlab::CurrentSettings + skip_before_action :require_no_authentication, only: [:edit, :update] + before_action :resource_from_email, only: [:create] before_action :check_password_authentication_available, only: [:create] before_action :throttle_reset, only: [:create] diff --git a/spec/features/password_reset_spec.rb b/spec/features/password_reset_spec.rb index b45972b7f6b..73a526c3d8a 100644 --- a/spec/features/password_reset_spec.rb +++ b/spec/features/password_reset_spec.rb @@ -33,6 +33,25 @@ feature 'Password reset' do end end + describe 'Changing password while logged in' do + it 'updates the password' do + user = create(:user) + token = user.send_reset_password_instructions + + sign_in(user) + + visit(edit_user_password_path(reset_password_token: token)) + + fill_in 'New password', with: 'hello1234' + fill_in 'Confirm new password', with: 'hello1234' + + click_button 'Change your password' + + expect(page).to have_content(I18n.t('devise.passwords.updated_not_active')) + expect(current_path).to eq new_user_session_path + end + end + def forgot_password(user) visit root_path click_on 'Forgot your password?' |