Commit a768e1b7 authored by Sean McGivern's avatar Sean McGivern

Merge branch '28938-password-change-workflow-for-admins' into 'master'

Changes the password change workflow for admins.

Closes #28938

See merge request !13901
parents bf4ec606 0ffa4772
...@@ -117,11 +117,14 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -117,11 +117,14 @@ class Admin::UsersController < Admin::ApplicationController
user_params_with_pass = user_params.dup user_params_with_pass = user_params.dup
if params[:user][:password].present? if params[:user][:password].present?
user_params_with_pass.merge!( password_params = {
password: params[:user][:password], password: params[:user][:password],
password_confirmation: params[:user][:password_confirmation], password_confirmation: params[:user][:password_confirmation]
password_expires_at: Time.now }
)
password_params[:password_expires_at] = Time.now unless changing_own_password?
user_params_with_pass.merge!(password_params)
end end
respond_to do |format| respond_to do |format|
...@@ -167,6 +170,10 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -167,6 +170,10 @@ class Admin::UsersController < Admin::ApplicationController
protected protected
def changing_own_password?
user == current_user
end
def user def user
@user ||= User.find_by!(username: params[:id]) @user ||= User.find_by!(username: params[:id])
end end
......
---
title: Changes the password change workflow for admins.
merge_request: 13901
author:
type: fixed
...@@ -150,6 +150,18 @@ describe Admin::UsersController do ...@@ -150,6 +150,18 @@ describe Admin::UsersController do
post :update, params post :update, params
end end
context 'when the admin changes his own password' do
it 'updates the password' do
expect { update_password(admin, 'AValidPassword1') }
.to change { admin.reload.encrypted_password }
end
it 'does not set the new password to expire immediately' do
expect { update_password(admin, 'AValidPassword1') }
.not_to change { admin.reload.password_expires_at }
end
end
context 'when the new password is valid' do context 'when the new password is valid' do
it 'redirects to the user' do it 'redirects to the user' do
update_password(user, 'AValidPassword1') update_password(user, 'AValidPassword1')
...@@ -158,15 +170,13 @@ describe Admin::UsersController do ...@@ -158,15 +170,13 @@ describe Admin::UsersController do
end end
it 'updates the password' do it 'updates the password' do
update_password(user, 'AValidPassword1') expect { update_password(user, 'AValidPassword1') }
.to change { user.reload.encrypted_password }
expect { user.reload }.to change { user.encrypted_password }
end end
it 'sets the new password to expire immediately' do it 'sets the new password to expire immediately' do
update_password(user, 'AValidPassword1') expect { update_password(user, 'AValidPassword1') }
.to change { user.reload.password_expires_at }.to be_within(2.seconds).of(Time.now)
expect { user.reload }.to change { user.password_expires_at }.to(a_value <= Time.now)
end end
end end
...@@ -184,9 +194,8 @@ describe Admin::UsersController do ...@@ -184,9 +194,8 @@ describe Admin::UsersController do
end end
it 'does not update the password' do it 'does not update the password' do
update_password(user, 'invalid') expect { update_password(user, 'invalid') }
.not_to change { user.reload.encrypted_password }
expect { user.reload }.not_to change { user.encrypted_password }
end end
end end
...@@ -204,9 +213,8 @@ describe Admin::UsersController do ...@@ -204,9 +213,8 @@ describe Admin::UsersController do
end end
it 'does not update the password' do it 'does not update the password' do
update_password(user, 'AValidPassword1', 'AValidPassword2') expect { update_password(user, 'AValidPassword1', 'AValidPassword2') }
.not_to change { user.reload.encrypted_password }
expect { user.reload }.not_to change { user.encrypted_password }
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment