BigW Consortium Gitlab

Commit a768e1b7 by Sean McGivern

Merge branch '28938-password-change-workflow-for-admins' into 'master'

Changes the password change workflow for admins. Closes #28938 See merge request !13901
parents bf4ec606 0ffa4772
......@@ -117,11 +117,14 @@ class Admin::UsersController < Admin::ApplicationController
user_params_with_pass = user_params.dup
if params[:user][:password].present?
user_params_with_pass.merge!(
password_params = {
password: params[:user][:password],
password_confirmation: params[:user][:password_confirmation],
password_expires_at: Time.now
)
password_confirmation: params[:user][:password_confirmation]
}
password_params[:password_expires_at] = Time.now unless changing_own_password?
user_params_with_pass.merge!(password_params)
end
respond_to do |format|
......@@ -167,6 +170,10 @@ class Admin::UsersController < Admin::ApplicationController
protected
def changing_own_password?
user == current_user
end
def user
@user ||= User.find_by!(username: params[:id])
end
......
---
title: Changes the password change workflow for admins.
merge_request: 13901
author:
type: fixed
......@@ -150,6 +150,18 @@ describe Admin::UsersController do
post :update, params
end
context 'when the admin changes his own password' do
it 'updates the password' do
expect { update_password(admin, 'AValidPassword1') }
.to change { admin.reload.encrypted_password }
end
it 'does not set the new password to expire immediately' do
expect { update_password(admin, 'AValidPassword1') }
.not_to change { admin.reload.password_expires_at }
end
end
context 'when the new password is valid' do
it 'redirects to the user' do
update_password(user, 'AValidPassword1')
......@@ -158,15 +170,13 @@ describe Admin::UsersController do
end
it 'updates the password' do
update_password(user, 'AValidPassword1')
expect { user.reload }.to change { user.encrypted_password }
expect { update_password(user, 'AValidPassword1') }
.to change { user.reload.encrypted_password }
end
it 'sets the new password to expire immediately' do
update_password(user, 'AValidPassword1')
expect { user.reload }.to change { user.password_expires_at }.to(a_value <= Time.now)
expect { update_password(user, 'AValidPassword1') }
.to change { user.reload.password_expires_at }.to be_within(2.seconds).of(Time.now)
end
end
......@@ -184,9 +194,8 @@ describe Admin::UsersController do
end
it 'does not update the password' do
update_password(user, 'invalid')
expect { user.reload }.not_to change { user.encrypted_password }
expect { update_password(user, 'invalid') }
.not_to change { user.reload.encrypted_password }
end
end
......@@ -204,9 +213,8 @@ describe Admin::UsersController do
end
it 'does not update the password' do
update_password(user, 'AValidPassword1', 'AValidPassword2')
expect { user.reload }.not_to change { user.encrypted_password }
expect { update_password(user, 'AValidPassword1', 'AValidPassword2') }
.not_to change { user.reload.encrypted_password }
end
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment