gitlab-org--gitlab-foss/app/controllers/profiles/passwords_controller.rb

class Profiles::PasswordsController < Profiles::ApplicationController
  skip_before_action :check_password_expiration, only: [:new, :create]

  before_action :set_user
  before_action :authorize_change_password!

  layout :determine_layout

  def new
  end

  def create
    unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password])
      redirect_to new_profile_password_path, alert: 'You must provide a valid current password'
      return
    end

    new_password = user_params[:password]
    new_password_confirmation = user_params[:password_confirmation]

    result = @user.update_attributes(
      password: new_password,
      password_confirmation: new_password_confirmation,
      password_automatically_set: false
    )

    if result
      @user.update_attributes(password_expires_at: nil)
      redirect_to root_path, notice: 'Password successfully changed'
    else
      render :new
    end
  end

  def edit
  end

  def update
    password_attributes = user_params.select do |key, value|
      %w(password password_confirmation).include?(key.to_s)
    end
    password_attributes[:password_automatically_set] = false

    unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password])
      redirect_to edit_profile_password_path, alert: 'You must provide a valid current password'
      return
    end

    if @user.update_attributes(password_attributes)
      flash[:notice] = "Password was successfully updated. Please login with it"
      redirect_to new_user_session_path
    else
      @user.reload
      render 'edit'
    end
  end

  def reset
    current_user.send_reset_password_instructions
    redirect_to edit_profile_password_path, notice: 'We sent you an email with reset password instructions'
  end

  private

  def set_user
    @user = current_user
  end

  def determine_layout
    if [:new, :create].include?(action_name.to_sym)
      'application'
    else
      'profile'
    end
  end

  def authorize_change_password!
    return render_404 if @user.ldap_user?
  end

  def user_params
    params.require(:user).permit(:current_password, :password, :password_confirmation)
  end
end
Fix Profiles::PasswordsController. 2015-04-30 14:37:25 -04:00			`class Profiles::PasswordsController < Profiles::ApplicationController`
Fixed the Rails/ActionFilter cop Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-04-16 08:03:37 -04:00			`skip_before_action :check_password_expiration, only: [:new, :create]`
Fix password set form and infinite loop 2013-06-13 13:16:48 -04:00
Fixed the Rails/ActionFilter cop Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-04-16 08:03:37 -04:00			`before_action :set_user`
			`before_action :authorize_change_password!`
Password expire: implement password resource inside profile. add before_fiter check 2013-06-13 12:53:04 -04:00
Add helpers for header title and sidebar, and move setting those from controllers to layouts. 2015-05-01 04:39:11 -04:00			`layout :determine_layout`

Password expire: implement password resource inside profile. add before_fiter check 2013-06-13 12:53:04 -04:00			`def new`
			`end`

			`def create`
Allow users that signed up via OAuth to set their password in order to use Git over HTTP(S). 2015-02-13 07:33:28 -05:00			`unless @user.password_automatically_set \|\| @user.valid_password?(user_params[:current_password])`
Require current password even if password was expired Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-07-29 08:28:20 -04:00			`redirect_to new_profile_password_path, alert: 'You must provide a valid current password'`
			`return`
			`end`

User model to strong params. Comment other attr_accessible to let tests run Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 08:11:45 -04:00			`new_password = user_params[:password]`
			`new_password_confirmation = user_params[:password_confirmation]`
Password expire: implement password resource inside profile. add before_fiter check 2013-06-13 12:53:04 -04:00
			`result = @user.update_attributes(`
			`password: new_password,`
Allow users that signed up via OAuth to set their password in order to use Git over HTTP(S). 2015-02-13 07:33:28 -05:00			`password_confirmation: new_password_confirmation,`
			`password_automatically_set: false`
Password expire: implement password resource inside profile. add before_fiter check 2013-06-13 12:53:04 -04:00			`)`

			`if result`
Prevent infinit password change by settin password_expires_at to nil 2013-06-13 13:21:51 -04:00			`@user.update_attributes(password_expires_at: nil)`
			`redirect_to root_path, notice: 'Password successfully changed'`
Password expire: implement password resource inside profile. add before_fiter check 2013-06-13 12:53:04 -04:00			`else`
			`render :new`
			`end`
			`end`

Separate page for password change 2013-10-09 09:17:40 -04:00			`def edit`
			`end`

			`def update`
User model to strong params. Comment other attr_accessible to let tests run Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 08:11:45 -04:00			`password_attributes = user_params.select do \|key, value\|`
Separate page for password change 2013-10-09 09:17:40 -04:00			`%w(password password_confirmation).include?(key.to_s)`
			`end`
Allow users that signed up via OAuth to set their password in order to use Git over HTTP(S). 2015-02-13 07:33:28 -05:00			`password_attributes[:password_automatically_set] = false`
Separate page for password change 2013-10-09 09:17:40 -04:00
Allow users that signed up via OAuth to set their password in order to use Git over HTTP(S). 2015-02-13 07:33:28 -05:00			`unless @user.password_automatically_set \|\| @user.valid_password?(user_params[:current_password])`
Separate page for password change 2013-10-09 09:17:40 -04:00			`redirect_to edit_profile_password_path, alert: 'You must provide a valid current password'`
			`return`
			`end`

			`if @user.update_attributes(password_attributes)`
			`flash[:notice] = "Password was successfully updated. Please login with it"`
			`redirect_to new_user_session_path`
			`else`
Avoid to show the original password field when password is automatically seted 2016-08-08 10:03:30 -04:00			`@user.reload`
Fix spinach profile tests 2013-10-09 10:01:04 -04:00			`render 'edit'`
Separate page for password change 2013-10-09 09:17:40 -04:00			`end`
			`end`

			`def reset`
			`current_user.send_reset_password_instructions`
			`redirect_to edit_profile_password_path, notice: 'We sent you an email with reset password instructions'`
			`end`

Password expire: implement password resource inside profile. add before_fiter check 2013-06-13 12:53:04 -04:00			`private`

			`def set_user`
			`@user = current_user`
			`end`

Add helpers for header title and sidebar, and move setting those from controllers to layouts. 2015-05-01 04:39:11 -04:00			`def determine_layout`
Separate page for password change 2013-10-09 09:17:40 -04:00			`if [:new, :create].include?(action_name.to_sym)`
Add helpers for header title and sidebar, and move setting those from controllers to layouts. 2015-05-01 04:39:11 -04:00			`'application'`
Separate page for password change 2013-10-09 09:17:40 -04:00			`else`
Add helpers for header title and sidebar, and move setting those from controllers to layouts. 2015-05-01 04:39:11 -04:00			`'profile'`
Separate page for password change 2013-10-09 09:17:40 -04:00			`end`
			`end`

			`def authorize_change_password!`
			`return render_404 if @user.ldap_user?`
			`end`
User model to strong params. Comment other attr_accessible to let tests run Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 08:11:45 -04:00
			`def user_params`
Fix password change. Fix test settings Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 16:40:08 -04:00			`params.require(:user).permit(:current_password, :password, :password_confirmation)`
User model to strong params. Comment other attr_accessible to let tests run Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 08:11:45 -04:00			`end`
Password expire: implement password resource inside profile. add before_fiter check 2013-06-13 12:53:04 -04:00			`end`