Force password change after admin reset
When an admin changes a user's password for them, force the user to reset the password after logging in by expiring the new password immediately.
This commit is contained in:
parent
78a67fc48d
commit
bec350528c
|
@ -28,6 +28,7 @@ v 8.8.0 (unreleased)
|
|||
- Display informative message when new milestone is created
|
||||
- Sanitize milestones and labels titles
|
||||
- Support multi-line tag messages. !3833 (Calin Seciu)
|
||||
- Force users to reset their password after an admin changes it
|
||||
- Allow "NEWS" and "CHANGES" as alternative names for CHANGELOG. !3768 (Connor Shea)
|
||||
- Added button to toggle whitespaces changes on diff view
|
||||
- Backport GitHub Enterprise import support from EE
|
||||
|
|
|
@ -119,6 +119,7 @@ class Admin::UsersController < Admin::ApplicationController
|
|||
user_params_with_pass.merge!(
|
||||
password: params[:user][:password],
|
||||
password_confirmation: params[:user][:password_confirmation],
|
||||
password_expires_at: Time.now
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -114,6 +114,82 @@ describe Admin::UsersController do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'POST update' do
|
||||
context 'when the password has changed' do
|
||||
def update_password(user, password, password_confirmation = nil)
|
||||
params = {
|
||||
id: user.to_param,
|
||||
user: {
|
||||
password: password,
|
||||
password_confirmation: password_confirmation || password
|
||||
}
|
||||
}
|
||||
|
||||
post :update, params
|
||||
end
|
||||
|
||||
context 'when the new password is valid' do
|
||||
it 'redirects to the user' do
|
||||
update_password(user, 'AValidPassword1')
|
||||
|
||||
expect(response).to redirect_to(admin_user_path(user))
|
||||
end
|
||||
|
||||
it 'updates the password' do
|
||||
update_password(user, 'AValidPassword1')
|
||||
|
||||
expect { user.reload }.to change { user.encrypted_password }
|
||||
end
|
||||
|
||||
it 'sets the new password to expire immediately' do
|
||||
update_password(user, 'AValidPassword1')
|
||||
|
||||
expect { user.reload }.to change { user.password_expires_at }.to(a_value <= Time.now)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the new password is invalid' do
|
||||
it 'shows the edit page again' do
|
||||
update_password(user, 'invalid')
|
||||
|
||||
expect(response).to render_template(:edit)
|
||||
end
|
||||
|
||||
it 'returns the error message' do
|
||||
update_password(user, 'invalid')
|
||||
|
||||
expect(assigns[:user].errors).to contain_exactly(a_string_matching(/too short/))
|
||||
end
|
||||
|
||||
it 'does not update the password' do
|
||||
update_password(user, 'invalid')
|
||||
|
||||
expect { user.reload }.not_to change { user.encrypted_password }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the new password does not match the password confirmation' do
|
||||
it 'shows the edit page again' do
|
||||
update_password(user, 'AValidPassword1', 'AValidPassword2')
|
||||
|
||||
expect(response).to render_template(:edit)
|
||||
end
|
||||
|
||||
it 'returns the error message' do
|
||||
update_password(user, 'AValidPassword1', 'AValidPassword2')
|
||||
|
||||
expect(assigns[:user].errors).to contain_exactly(a_string_matching(/doesn't match/))
|
||||
end
|
||||
|
||||
it 'does not update the password' do
|
||||
update_password(user, 'AValidPassword1', 'AValidPassword2')
|
||||
|
||||
expect { user.reload }.not_to change { user.encrypted_password }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST impersonate" do
|
||||
context "when the user is blocked" do
|
||||
before do
|
||||
|
|
|
@ -210,6 +210,8 @@ describe "Admin::Users", feature: true do
|
|||
before do
|
||||
fill_in "user_name", with: "Big Bang"
|
||||
fill_in "user_email", with: "bigbang@mail.com"
|
||||
fill_in "user_password", with: "AValidPassword1"
|
||||
fill_in "user_password_confirmation", with: "AValidPassword1"
|
||||
check "user_admin"
|
||||
click_button "Save changes"
|
||||
end
|
||||
|
@ -223,6 +225,7 @@ describe "Admin::Users", feature: true do
|
|||
@simple_user.reload
|
||||
expect(@simple_user.name).to eq('Big Bang')
|
||||
expect(@simple_user.is_admin?).to be_truthy
|
||||
expect(@simple_user.password_expires_at).to be <= Time.now
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue