Commit 64239828 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Force user to provide old password in order to change it

parent 0630be38
...@@ -33,7 +33,14 @@ class ProfilesController < ApplicationController ...@@ -33,7 +33,14 @@ class ProfilesController < ApplicationController
end end
def update_password def update_password
params[:user].reject!{ |k, v| k != "password" && k != "password_confirmation"} params[:user].select! do |key, value|
%w(current_password password password_confirmation).include?(key.to_s)
end
unless @user.valid_password?(params[:user][:current_password])
redirect_to account_profile_path, alert: 'You must provide a valid current password'
return
end
if @user.update_attributes(params[:user]) if @user.update_attributes(params[:user])
flash[:notice] = "Password was successfully updated. Please login with it" flash[:notice] = "Password was successfully updated. Please login with it"
......
...@@ -57,24 +57,33 @@ ...@@ -57,24 +57,33 @@
.tab-pane#tab-password .tab-pane#tab-password
%fieldset.update-password %fieldset.update-password
%legend Password %legend Password
= form_for @user, url: update_password_profile_path, method: :put do |f| - if current_user.ldap_user?
%div %h3.nothing_here_message Not available for LDAP user
%p.slead After a successful password update you will be redirected to login page where you should login with your new password - else
-if @user.errors.any? = form_for @user, url: update_password_profile_path, method: :put do |f|
.alert.alert-error %div
%ul %p.slead
- @user.errors.full_messages.each do |msg| You must provide current password in order to change it.
%li= msg %br
.control-group After a successful password update you will be redirected to login page where you should login with your new password
= f.label :password -if @user.errors.any?
.controls= f.password_field :password, required: true .alert.alert-error
.control-group %ul
= f.label :password_confirmation - @user.errors.full_messages.each do |msg|
.controls %li= msg
= f.password_field :password_confirmation, required: true .control-group
.control-group = f.label :current_password, class: 'cgreen'
.controls .controls= f.password_field :current_password, required: true
= f.submit 'Save password', class: "btn btn-save" .control-group
= f.label :password, 'New password'
.controls= f.password_field :password, required: true
.control-group
= f.label :password_confirmation
.controls
= f.password_field :password_confirmation, required: true
.control-group
.controls
= f.submit 'Save password', class: "btn btn-save"
- if show_profile_social_tab? - if show_profile_social_tab?
.tab-pane#tab-social .tab-pane#tab-social
......
...@@ -11,6 +11,12 @@ Feature: Profile ...@@ -11,6 +11,12 @@ Feature: Profile
Then I change my contact info Then I change my contact info
And I should see new contact info And I should see new contact info
Scenario: I change my password without old one
Given I visit profile account page
When I try change my password w/o old one
Then I should see a missing password error message
And I should be redirected to account page
Scenario: I change my password Scenario: I change my password
Given I visit profile account page Given I visit profile account page
Then I change my password Then I change my password
......
...@@ -22,8 +22,17 @@ class Profile < Spinach::FeatureSteps ...@@ -22,8 +22,17 @@ class Profile < Spinach::FeatureSteps
@user.twitter.should == 'testtwitter' @user.twitter.should == 'testtwitter'
end end
step 'I try change my password w/o old one' do
within '.update-password' do
fill_in "user_password", with: "222333"
fill_in "user_password_confirmation", with: "222333"
click_button "Save"
end
end
step 'I change my password' do step 'I change my password' do
within '.update-password' do within '.update-password' do
fill_in "user_current_password", with: "123456"
fill_in "user_password", with: "222333" fill_in "user_password", with: "222333"
fill_in "user_password_confirmation", with: "222333" fill_in "user_password_confirmation", with: "222333"
click_button "Save" click_button "Save"
...@@ -32,12 +41,17 @@ class Profile < Spinach::FeatureSteps ...@@ -32,12 +41,17 @@ class Profile < Spinach::FeatureSteps
step 'I unsuccessfully change my password' do step 'I unsuccessfully change my password' do
within '.update-password' do within '.update-password' do
fill_in "user_current_password", with: "123456"
fill_in "user_password", with: "password" fill_in "user_password", with: "password"
fill_in "user_password_confirmation", with: "confirmation" fill_in "user_password_confirmation", with: "confirmation"
click_button "Save" click_button "Save"
end end
end end
step "I should see a missing password error message" do
page.should have_content "You must provide a valid current password"
end
step "I should see a password error message" do step "I should see a password error message" do
page.should have_content "Password doesn't match confirmation" page.should have_content "Password doesn't match confirmation"
end end
...@@ -110,6 +124,10 @@ class Profile < Spinach::FeatureSteps ...@@ -110,6 +124,10 @@ class Profile < Spinach::FeatureSteps
current_path.should == new_user_session_path current_path.should == new_user_session_path
end end
step 'I should be redirected to account page' do
current_path.should == account_profile_path
end
step 'I click on my profile picture' do step 'I click on my profile picture' do
click_link 'profile-pic' click_link 'profile-pic'
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment