Changes the password change workflow for admins.
This commit is contained in:
Tiago Botelho
parent
d546f7d36e
commit
0ffa4772c2
3 changed files with 36 additions and 16 deletions
|
|
@ -117,11 +117,14 @@ class Admin::UsersController < Admin::ApplicationController
|
|||
user_params_with_pass = user_params.dup
|
||||
|
||||
if params[:user][:password].present?
|
||||
user_params_with_pass.merge!(
|
||||
password_params = {
|
||||
password: params[:user][:password],
|
||||
password_confirmation: params[:user][:password_confirmation],
|
||||
password_expires_at: Time.now
|
||||
)
|
||||
password_confirmation: params[:user][:password_confirmation]
|
||||
}
|
||||
|
||||
password_params[:password_expires_at] = Time.now unless changing_own_password?
|
||||
|
||||
user_params_with_pass.merge!(password_params)
|
||||
end
|
||||
|
||||
respond_to do |format|
|
||||
|
|
@ -167,6 +170,10 @@ class Admin::UsersController < Admin::ApplicationController
|
|||
|
||||
protected
|
||||
|
||||
def changing_own_password?
|
||||
user == current_user
|
||||
end
|
||||
|
||||
def user
|
||||
@user ||= User.find_by!(username: params[:id])
|
||||
end
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Changes the password change workflow for admins.
|
||||
merge_request: 13901
|
||||
author:
|
||||
type: fixed
|
||||
|
|
@ -150,6 +150,18 @@ describe Admin::UsersController do
|
|||
post :update, params
|
||||
end
|
||||
|
||||
context 'when the admin changes his own password' do
|
||||
it 'updates the password' do
|
||||
expect { update_password(admin, 'AValidPassword1') }
|
||||
.to change { admin.reload.encrypted_password }
|
||||
end
|
||||
|
||||
it 'does not set the new password to expire immediately' do
|
||||
expect { update_password(admin, 'AValidPassword1') }
|
||||
.not_to change { admin.reload.password_expires_at }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the new password is valid' do
|
||||
it 'redirects to the user' do
|
||||
update_password(user, 'AValidPassword1')
|
||||
|
|
@ -158,15 +170,13 @@ describe Admin::UsersController do
|
|||
end
|
||||
|
||||
it 'updates the password' do
|
||||
update_password(user, 'AValidPassword1')
|
||||
|
||||
expect { user.reload }.to change { user.encrypted_password }
|
||||
expect { update_password(user, 'AValidPassword1') }
|
||||
.to change { user.reload.encrypted_password }
|
||||
end
|
||||
|
||||
it 'sets the new password to expire immediately' do
|
||||
update_password(user, 'AValidPassword1')
|
||||
|
||||
expect { user.reload }.to change { user.password_expires_at }.to(a_value <= Time.now)
|
||||
expect { update_password(user, 'AValidPassword1') }
|
||||
.to change { user.reload.password_expires_at }.to be_within(2.seconds).of(Time.now)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -184,9 +194,8 @@ describe Admin::UsersController do
|
|||
end
|
||||
|
||||
it 'does not update the password' do
|
||||
update_password(user, 'invalid')
|
||||
|
||||
expect { user.reload }.not_to change { user.encrypted_password }
|
||||
expect { update_password(user, 'invalid') }
|
||||
.not_to change { user.reload.encrypted_password }
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -204,9 +213,8 @@ describe Admin::UsersController do
|
|||
end
|
||||
|
||||
it 'does not update the password' do
|
||||
update_password(user, 'AValidPassword1', 'AValidPassword2')
|
||||
|
||||
expect { user.reload }.not_to change { user.encrypted_password }
|
||||
expect { update_password(user, 'AValidPassword1', 'AValidPassword2') }
|
||||
.not_to change { user.reload.encrypted_password }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in a new issue