Force user to provide old password in order to change it
This commit is contained in:
parent
0630be3828
commit
642398285d
4 changed files with 59 additions and 19 deletions
|
@ -33,7 +33,14 @@ class ProfilesController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def update_password
|
def update_password
|
||||||
params[:user].reject!{ |k, v| k != "password" && k != "password_confirmation"}
|
params[:user].select! do |key, value|
|
||||||
|
%w(current_password password password_confirmation).include?(key.to_s)
|
||||||
|
end
|
||||||
|
|
||||||
|
unless @user.valid_password?(params[:user][:current_password])
|
||||||
|
redirect_to account_profile_path, alert: 'You must provide a valid current password'
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
if @user.update_attributes(params[:user])
|
if @user.update_attributes(params[:user])
|
||||||
flash[:notice] = "Password was successfully updated. Please login with it"
|
flash[:notice] = "Password was successfully updated. Please login with it"
|
||||||
|
|
|
@ -57,16 +57,25 @@
|
||||||
.tab-pane#tab-password
|
.tab-pane#tab-password
|
||||||
%fieldset.update-password
|
%fieldset.update-password
|
||||||
%legend Password
|
%legend Password
|
||||||
|
- if current_user.ldap_user?
|
||||||
|
%h3.nothing_here_message Not available for LDAP user
|
||||||
|
- else
|
||||||
= form_for @user, url: update_password_profile_path, method: :put do |f|
|
= form_for @user, url: update_password_profile_path, method: :put do |f|
|
||||||
%div
|
%div
|
||||||
%p.slead After a successful password update you will be redirected to login page where you should login with your new password
|
%p.slead
|
||||||
|
You must provide current password in order to change it.
|
||||||
|
%br
|
||||||
|
After a successful password update you will be redirected to login page where you should login with your new password
|
||||||
-if @user.errors.any?
|
-if @user.errors.any?
|
||||||
.alert.alert-error
|
.alert.alert-error
|
||||||
%ul
|
%ul
|
||||||
- @user.errors.full_messages.each do |msg|
|
- @user.errors.full_messages.each do |msg|
|
||||||
%li= msg
|
%li= msg
|
||||||
.control-group
|
.control-group
|
||||||
= f.label :password
|
= f.label :current_password, class: 'cgreen'
|
||||||
|
.controls= f.password_field :current_password, required: true
|
||||||
|
.control-group
|
||||||
|
= f.label :password, 'New password'
|
||||||
.controls= f.password_field :password, required: true
|
.controls= f.password_field :password, required: true
|
||||||
.control-group
|
.control-group
|
||||||
= f.label :password_confirmation
|
= f.label :password_confirmation
|
||||||
|
|
|
@ -11,6 +11,12 @@ Feature: Profile
|
||||||
Then I change my contact info
|
Then I change my contact info
|
||||||
And I should see new contact info
|
And I should see new contact info
|
||||||
|
|
||||||
|
Scenario: I change my password without old one
|
||||||
|
Given I visit profile account page
|
||||||
|
When I try change my password w/o old one
|
||||||
|
Then I should see a missing password error message
|
||||||
|
And I should be redirected to account page
|
||||||
|
|
||||||
Scenario: I change my password
|
Scenario: I change my password
|
||||||
Given I visit profile account page
|
Given I visit profile account page
|
||||||
Then I change my password
|
Then I change my password
|
||||||
|
|
|
@ -22,8 +22,17 @@ class Profile < Spinach::FeatureSteps
|
||||||
@user.twitter.should == 'testtwitter'
|
@user.twitter.should == 'testtwitter'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
step 'I try change my password w/o old one' do
|
||||||
|
within '.update-password' do
|
||||||
|
fill_in "user_password", with: "222333"
|
||||||
|
fill_in "user_password_confirmation", with: "222333"
|
||||||
|
click_button "Save"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
step 'I change my password' do
|
step 'I change my password' do
|
||||||
within '.update-password' do
|
within '.update-password' do
|
||||||
|
fill_in "user_current_password", with: "123456"
|
||||||
fill_in "user_password", with: "222333"
|
fill_in "user_password", with: "222333"
|
||||||
fill_in "user_password_confirmation", with: "222333"
|
fill_in "user_password_confirmation", with: "222333"
|
||||||
click_button "Save"
|
click_button "Save"
|
||||||
|
@ -32,12 +41,17 @@ class Profile < Spinach::FeatureSteps
|
||||||
|
|
||||||
step 'I unsuccessfully change my password' do
|
step 'I unsuccessfully change my password' do
|
||||||
within '.update-password' do
|
within '.update-password' do
|
||||||
|
fill_in "user_current_password", with: "123456"
|
||||||
fill_in "user_password", with: "password"
|
fill_in "user_password", with: "password"
|
||||||
fill_in "user_password_confirmation", with: "confirmation"
|
fill_in "user_password_confirmation", with: "confirmation"
|
||||||
click_button "Save"
|
click_button "Save"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
step "I should see a missing password error message" do
|
||||||
|
page.should have_content "You must provide a valid current password"
|
||||||
|
end
|
||||||
|
|
||||||
step "I should see a password error message" do
|
step "I should see a password error message" do
|
||||||
page.should have_content "Password doesn't match confirmation"
|
page.should have_content "Password doesn't match confirmation"
|
||||||
end
|
end
|
||||||
|
@ -110,6 +124,10 @@ class Profile < Spinach::FeatureSteps
|
||||||
current_path.should == new_user_session_path
|
current_path.should == new_user_session_path
|
||||||
end
|
end
|
||||||
|
|
||||||
|
step 'I should be redirected to account page' do
|
||||||
|
current_path.should == account_profile_path
|
||||||
|
end
|
||||||
|
|
||||||
step 'I click on my profile picture' do
|
step 'I click on my profile picture' do
|
||||||
click_link 'profile-pic'
|
click_link 'profile-pic'
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue