Merge branch 'rd-fix-reset-password-while-logged-in' into 'master'

Allow logged in user to change his password Closes gitlab-ee#3482 See merge request gitlab-org/gitlab-ce!16169
2018-01-02 16:18:54 +00:00 · 2018-01-02 16:18:54 +00:00 · 5f5ac346b4
commit 5f5ac346b4
parent 653b969e88 6304fe44ec
2 changed files with 21 additions and 0 deletions
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@ -1,6 +1,8 @@
 class PasswordsController < Devise::PasswordsController
  include Gitlab::CurrentSettings

+  skip_before_action :require_no_authentication, only: [:edit, :update]
+
  before_action :resource_from_email, only: [:create]
  before_action :check_password_authentication_available, only: [:create]
  before_action :throttle_reset,      only: [:create]
--- a/spec/features/password_reset_spec.rb
+++ b/spec/features/password_reset_spec.rb
@ -33,6 +33,25 @@ feature 'Password reset' do
    end
  end

+  describe 'Changing password while logged in' do
+    it 'updates the password' do
+      user = create(:user)
+      token = user.send_reset_password_instructions
+
+      sign_in(user)
+
+      visit(edit_user_password_path(reset_password_token: token))
+
+      fill_in 'New password', with: 'hello1234'
+      fill_in 'Confirm new password', with: 'hello1234'
+
+      click_button 'Change your password'
+
+      expect(page).to have_content(I18n.t('devise.passwords.updated_not_active'))
+      expect(current_path).to eq new_user_session_path
+    end
+  end
+
  def forgot_password(user)
    visit root_path
    click_on 'Forgot your password?'