From 19dda1606b4dc76160bf2198ab95f2998eccaec8 Mon Sep 17 00:00:00 2001 From: George Andrinopoulos Date: Thu, 2 Feb 2017 12:46:14 +0200 Subject: [PATCH] Force new password after password reset via API --- .../unreleased/24606-force-password-reset-on-next-login.yml | 4 ++++ lib/api/users.rb | 2 ++ spec/requests/api/users_spec.rb | 6 ++++++ 3 files changed, 12 insertions(+) create mode 100644 changelogs/unreleased/24606-force-password-reset-on-next-login.yml diff --git a/changelogs/unreleased/24606-force-password-reset-on-next-login.yml b/changelogs/unreleased/24606-force-password-reset-on-next-login.yml new file mode 100644 index 00000000000..fd671d04a9f --- /dev/null +++ b/changelogs/unreleased/24606-force-password-reset-on-next-login.yml @@ -0,0 +1,4 @@ +--- +title: Force new password after password reset via API +merge_request: +author: George Andrinopoulos diff --git a/lib/api/users.rb b/lib/api/users.rb index 11a7368b4c0..0ed468626b7 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -160,6 +160,8 @@ module API end end + user_params.merge!(password_expires_at: Time.now) if user_params[:password].present? + if user.update_attributes(user_params.except(:extern_uid, :provider)) present user, with: Entities::UserPublic else diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index 5bf5bf0739e..f9127096953 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -305,6 +305,12 @@ describe API::Users, api: true do expect(user.reload.bio).to eq('new test bio') end + it "updates user with new password and forces reset on next login" do + put api("/users/#{user.id}", admin), { password: '12345678' } + expect(response).to have_http_status(200) + expect(user.reload.password_expires_at).to be < Time.now + end + it "updates user with organization" do put api("/users/#{user.id}", admin), { organization: 'GitLab' }