Commit 313ac555 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'feature/password_expire' of /home/git/repositories/gitlab/gitlabhq

parents cfd15eb4 6838304a
...@@ -55,8 +55,14 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -55,8 +55,14 @@ class Admin::UsersController < Admin::ApplicationController
def create def create
admin = params[:user].delete("admin") admin = params[:user].delete("admin")
@admin_user = User.new(params[:user], as: :admin) opts = {
force_random_password: true,
password_expires_at: Time.now
}
@admin_user = User.new(params[:user].merge(opts), as: :admin)
@admin_user.admin = (admin && admin.to_i > 0) @admin_user.admin = (admin && admin.to_i > 0)
@admin_user.created_by_id = current_user.id
respond_to do |format| respond_to do |format|
if @admin_user.save if @admin_user.save
......
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
before_filter :authenticate_user! before_filter :authenticate_user!
before_filter :reject_blocked! before_filter :reject_blocked!
before_filter :check_password_expiration
before_filter :set_current_user_for_thread before_filter :set_current_user_for_thread
before_filter :add_abilities before_filter :add_abilities
before_filter :dev_tools if Rails.env == 'development' before_filter :dev_tools if Rails.env == 'development'
...@@ -156,4 +157,10 @@ class ApplicationController < ActionController::Base ...@@ -156,4 +157,10 @@ class ApplicationController < ActionController::Base
gon.gravatar_url = request.ssl? || Gitlab.config.gitlab.https ? Gitlab.config.gravatar.ssl_url : Gitlab.config.gravatar.plain_url gon.gravatar_url = request.ssl? || Gitlab.config.gitlab.https ? Gitlab.config.gravatar.ssl_url : Gitlab.config.gravatar.plain_url
gon.relative_url_root = Gitlab.config.gitlab.relative_url_root gon.relative_url_root = Gitlab.config.gitlab.relative_url_root
end end
def check_password_expiration
if current_user && current_user.password_expires_at && current_user.password_expires_at < Time.now
redirect_to new_profile_password_path and return
end
end
end end
class PasswordsController < ApplicationController
layout 'navless'
skip_before_filter :check_password_expiration
before_filter :set_user
before_filter :set_title
def new
end
def create
new_password = params[:user][:password]
new_password_confirmation = params[:user][:password_confirmation]
result = @user.update_attributes(
password: new_password,
password_confirmation: new_password_confirmation
)
if result
@user.update_attributes(password_expires_at: nil)
redirect_to root_path, notice: 'Password successfully changed'
else
render :new
end
end
private
def set_user
@user = current_user
end
def set_title
@title = "New password"
end
end
...@@ -42,8 +42,11 @@ class User < ActiveRecord::Base ...@@ -42,8 +42,11 @@ class User < ActiveRecord::Base
attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, :name, :username, attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, :name, :username,
:skype, :linkedin, :twitter, :color_scheme_id, :theme_id, :force_random_password, :skype, :linkedin, :twitter, :color_scheme_id, :theme_id, :force_random_password,
:extern_uid, :provider, as: [:default, :admin] :extern_uid, :provider, :password_expires_at,
attr_accessible :projects_limit, :can_create_team, :can_create_group, as: :admin as: [:default, :admin]
attr_accessible :projects_limit, :can_create_team, :can_create_group,
as: :admin
attr_accessor :force_random_password attr_accessor :force_random_password
...@@ -364,4 +367,8 @@ class User < ActiveRecord::Base ...@@ -364,4 +367,8 @@ class User < ActiveRecord::Base
def accessible_deploy_keys def accessible_deploy_keys
DeployKey.in_projects(self.master_projects).uniq DeployKey.in_projects(self.master_projects).uniq
end end
def created_by
User.find_by_id(created_by_id) if created_by_id
end
end end
...@@ -24,19 +24,25 @@ ...@@ -24,19 +24,25 @@
= f.text_field :email, required: true, autocomplete: "off" = f.text_field :email, required: true, autocomplete: "off"
%span.help-inline * required %span.help-inline * required
%fieldset - if @admin_user.new_record?
%legend Password %fieldset
.clearfix %legend Password
= f.label :password .clearfix
.input= f.password_field :password, disabled: f.object.force_random_password = f.label :password
.clearfix .input
= f.label :password_confirmation %strong
.input= f.password_field :password_confirmation, disabled: f.object.force_random_password A temporary password will be generated and sent to user.
-if f.object.new_record? %br
User will be forced to change it after first sign in
- else
%fieldset
%legend Password
.clearfix
= f.label :password
.input= f.password_field :password, disabled: f.object.force_random_password
.clearfix .clearfix
= f.label :force_random_password do = f.label :password_confirmation
%span Generate random password .input= f.password_field :password_confirmation, disabled: f.object.force_random_password
.input= f.check_box :force_random_password, {}, true, nil
%fieldset %fieldset
%legend Access %legend Access
......
%h3.page_title
User:
= @admin_user.name
- if @admin_user.blocked?
%span.cred (Blocked)
- if @admin_user.admin
%span.cred (Admin)
.pull-right
= link_to edit_admin_user_path(@admin_user), class: "btn grouped btn-small" do
%i.icon-edit
Edit
- unless @admin_user == current_user
- if @admin_user.blocked?
= link_to 'Unblock', unblock_admin_user_path(@admin_user), method: :put, class: "btn grouped btn-small success"
- else
= link_to 'Block', block_admin_user_path(@admin_user), confirm: 'USER WILL BE BLOCKED! Are you sure?', method: :put, class: "btn grouped btn-small btn-remove"
= link_to 'Destroy', [:admin, @admin_user], confirm: "USER #{@admin_user.name} WILL BE REMOVED! Are you sure?", method: :delete, class: "btn grouped btn-small btn-remove"
%hr
.row .row
.span6 .span6
%h3.page_title .ui-box
= image_tag gravatar_icon(@admin_user.email, 90), class: "avatar s90" %h5.title
= @admin_user.name Account:
- if @admin_user.blocked? .pull-right
%span.cred (Blocked) = image_tag gravatar_icon(@admin_user.email, 32), class: "avatar s32"
- if @admin_user.admin %ul.well-list
%span.cred (Admin) %li
.pull-right %span.light Name:
= link_to edit_admin_user_path(@admin_user), class: "btn pull-right" do %strong= @admin_user.name
%i.icon-edit %li
Edit %span.light Username:
%br %strong
%small @#{@admin_user.username} = @admin_user.username
%br %li
%small member since #{@admin_user.created_at.stamp("Nov 12, 2031")} %span.light Email:
.clearfix %strong
%hr = mail_to @admin_user.email
%p
%span.btn.btn-small %li
%i.icon-envelope %span.light Member since:
= mail_to @admin_user.email %strong
- unless @admin_user == current_user = @admin_user.created_at.stamp("Nov 12, 2031")
- if @admin_user.blocked?
= link_to 'Unblock', unblock_admin_user_path(@admin_user), method: :put, class: "btn btn-small success" %li
- else %span.light Last sign-in at:
= link_to 'Block', block_admin_user_path(@admin_user), confirm: 'USER WILL BE BLOCKED! Are you sure?', method: :put, class: "btn btn-small btn-remove" %strong
= link_to 'Destroy', [:admin, @admin_user], confirm: "USER #{@admin_user.name} WILL BE REMOVED! Are you sure?", method: :delete, class: "btn btn-small btn-remove" = @admin_user.last_sign_in_at.stamp("Nov 12, 2031")
- if @admin_user.ldap_user?
%li
%span.light LDAP uid:
%strong
= @admin_user.extern_uid
- if @admin_user.created_by
%li
%span.light Created by:
%strong
= link_to @admin_user.created_by.name, [:admin, @admin_user.created_by]
%hr %hr
%h5 %h5
Add User to Projects Add User to Projects
...@@ -67,11 +100,11 @@ ...@@ -67,11 +100,11 @@
.span6 .span6
= render 'users/profile', user: @admin_user
.ui-box .ui-box
%h5.title Projects (#{@projects.count}) %h5.title Projects (#{@projects.count})
%ul.well-list %ul.well-list
- @projects.sort_by(&:name_with_namespace).each do |project| - @projects.sort_by(&:name_with_namespace).each do |project|
- tm = project.team.get_tm(@admin_user.id)
%li %li
= link_to admin_project_path(project), class: dom_class(project) do = link_to admin_project_path(project), class: dom_class(project) do
- if project.namespace - if project.namespace
...@@ -79,16 +112,17 @@ ...@@ -79,16 +112,17 @@
\/ \/
%strong.well-title %strong.well-title
= truncate(project.name, length: 45) = truncate(project.name, length: 45)
%span.pull-right.light
- if project.owner == @admin_user - if project.owner == @admin_user
%i.icon-wrench %span.label.label-info owner
- tm = project.team.get_tm(@admin_user.id)
- if tm - if tm
= tm.project_access_human .pull-right
= link_to edit_admin_project_member_path(project, tm.user), class: "btn btn-small" do = link_to edit_admin_project_member_path(project, tm.user), class: "btn grouped btn-small" do
%i.icon-edit %i.icon-edit
= link_to admin_project_member_path(project, tm.user), confirm: remove_from_project_team_message(project, @admin_user), method: :delete, class: "btn btn-small btn-remove" do = link_to admin_project_member_path(project, tm.user), confirm: remove_from_project_team_message(project, @admin_user), method: :delete, class: "btn grouped btn-small btn-remove" do
%i.icon-remove %i.icon-remove
%p.light
%i.icon-wrench .pull-right.light
&ndash; user is a project owner = tm.project_access_human
&nbsp;
...@@ -8,13 +8,14 @@ ...@@ -8,13 +8,14 @@
%p %p
login.......................................... login..........................................
%code= @user['email'] %code= @user['email']
%p
- unless Gitlab.config.gitlab.signup_enabled - if @user.created_by_id
%p
password.................................. password..................................
%code= @password %code= @password
%p %p
Please change your password immediately after login. You will be forced to change this password immediately after login.
%p %p
= link_to "Click here to login", root_url = link_to "Click here to login", root_url
...@@ -3,10 +3,11 @@ Hi <%= @user.name %>! ...@@ -3,10 +3,11 @@ Hi <%= @user.name %>!
The Administrator created an account for you. Now you are a member of company GitLab application. The Administrator created an account for you. Now you are a member of company GitLab application.
login.................. <%= @user.email %> login.................. <%= @user.email %>
<% unless Gitlab.config.gitlab.signup_enabled %> <% if @user.created_by_id %>
password............... <%= @password %> password............... <%= @password %>
You will be forced to change this password immediately after login.
<% end %> <% end %>
Please change your password immediately after login.
Click here to login: <%= url_for(root_url) %> Click here to login: <%= url_for(root_url) %>
= form_for @user, url: profile_password_path, method: :post do |f|
.light-well.padded
%p.slead
Please set new password before proceed.
%br
After successful password update you will be redirected to login screen
-if @user.errors.any?
.alert.alert-error
%ul
- @user.errors.full_messages.each do |msg|
%li= msg
.clearfix
= f.label :password
.input= f.password_field :password, required: true
.clearfix
= f.label :password_confirmation
.input
= f.password_field :password_confirmation, required: true
.clearfix
.input
= f.submit 'Set new password', class: "btn btn-create"
...@@ -123,6 +123,7 @@ Gitlab::Application.routes.draw do ...@@ -123,6 +123,7 @@ Gitlab::Application.routes.draw do
end end
resource :notifications resource :notifications
resource :password
end end
resources :keys resources :keys
......
...@@ -3,7 +3,8 @@ admin = User.create( ...@@ -3,7 +3,8 @@ admin = User.create(
name: "Administrator", name: "Administrator",
username: 'root', username: 'root',
password: "5iveL!fe", password: "5iveL!fe",
password_confirmation: "5iveL!fe" password_confirmation: "5iveL!fe",
password_expires_at: Time.now
) )
admin.projects_limit = 10000 admin.projects_limit = 10000
......
class AddPasswordExpiresAtToUsers < ActiveRecord::Migration
def change
add_column :users, :password_expires_at, :datetime
end
end
class AddCreatedByIdToUser < ActiveRecord::Migration
def change
add_column :users, :created_by_id, :integer
end
end
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
# #
# It's strongly recommended to check this file into your version control system. # It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20130522141856) do ActiveRecord::Schema.define(:version => 20130613173246) do
create_table "deploy_keys_projects", :force => true do |t| create_table "deploy_keys_projects", :force => true do |t|
t.integer "deploy_key_id", :null => false t.integer "deploy_key_id", :null => false
...@@ -292,6 +292,8 @@ ActiveRecord::Schema.define(:version => 20130522141856) do ...@@ -292,6 +292,8 @@ ActiveRecord::Schema.define(:version => 20130522141856) do
t.string "state" t.string "state"
t.integer "color_scheme_id", :default => 1, :null => false t.integer "color_scheme_id", :default => 1, :null => false
t.integer "notification_level", :default => 1, :null => false t.integer "notification_level", :default => 1, :null => false
t.datetime "password_expires_at"
t.integer "created_by_id"
end end
add_index "users", ["admin"], :name => "index_users_on_admin" add_index "users", ["admin"], :name => "index_users_on_admin"
......
...@@ -20,13 +20,10 @@ describe "Admin::Users" do ...@@ -20,13 +20,10 @@ describe "Admin::Users" do
describe "GET /admin/users/new" do describe "GET /admin/users/new" do
before do before do
@password = "123ABC"
visit new_admin_user_path visit new_admin_user_path
fill_in "user_name", with: "Big Bang" fill_in "user_name", with: "Big Bang"
fill_in "user_username", with: "bang" fill_in "user_username", with: "bang"
fill_in "user_email", with: "bigbang@mail.com" fill_in "user_email", with: "bigbang@mail.com"
fill_in "user_password", with: @password
fill_in "user_password_confirmation", with: @password
end end
it "should create new user" do it "should create new user" do
...@@ -57,26 +54,13 @@ describe "Admin::Users" do ...@@ -57,26 +54,13 @@ describe "Admin::Users" do
end end
it "should send valid email to user with email & password" do it "should send valid email to user with email & password" do
Gitlab.config.gitlab.stub(:signup_enabled).and_return(false)
User.observers.enable :user_observer do User.observers.enable :user_observer do
click_button "Create user" click_button "Create user"
user = User.last user = User.last
email = ActionMailer::Base.deliveries.last email = ActionMailer::Base.deliveries.last
email.subject.should have_content("Account was created") email.subject.should have_content("Account was created")
email.text_part.body.should have_content(user.email) email.text_part.body.should have_content(user.email)
email.text_part.body.should have_content(@password) email.text_part.body.should have_content('password')
end
end
it "should send valid email to user with email without password when signup is enabled" do
Gitlab.config.gitlab.stub(:signup_enabled).and_return(true)
User.observers.enable :user_observer do
click_button "Create user"
user = User.last
email = ActionMailer::Base.deliveries.last
email.subject.should have_content("Account was created")
email.text_part.body.should have_content(user.email)
email.text_part.body.should_not have_content(@password)
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment