Commit f2343889 authored by Robert Speicher's avatar Robert Speicher

Merge branch...

Merge branch '13691-allow-admin-to-reset-user-password-and-force-password-reset-on-next-login' into 'master'

Force password change after admin reset

Closes #13691.

See merge request !4016
parents 59e62fc4 bec35052
...@@ -29,6 +29,7 @@ v 8.8.0 (unreleased) ...@@ -29,6 +29,7 @@ v 8.8.0 (unreleased)
- Display informative message when new milestone is created - Display informative message when new milestone is created
- Sanitize milestones and labels titles - Sanitize milestones and labels titles
- Support multi-line tag messages. !3833 (Calin Seciu) - Support multi-line tag messages. !3833 (Calin Seciu)
- Force users to reset their password after an admin changes it
- Allow "NEWS" and "CHANGES" as alternative names for CHANGELOG. !3768 (Connor Shea) - Allow "NEWS" and "CHANGES" as alternative names for CHANGELOG. !3768 (Connor Shea)
- Added button to toggle whitespaces changes on diff view - Added button to toggle whitespaces changes on diff view
- Backport GitHub Enterprise import support from EE - Backport GitHub Enterprise import support from EE
......
...@@ -119,6 +119,7 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -119,6 +119,7 @@ class Admin::UsersController < Admin::ApplicationController
user_params_with_pass.merge!( user_params_with_pass.merge!(
password: params[:user][:password], password: params[:user][:password],
password_confirmation: params[:user][:password_confirmation], password_confirmation: params[:user][:password_confirmation],
password_expires_at: Time.now
) )
end end
......
...@@ -114,6 +114,82 @@ describe Admin::UsersController do ...@@ -114,6 +114,82 @@ describe Admin::UsersController do
end end
end end
describe 'POST update' do
context 'when the password has changed' do
def update_password(user, password, password_confirmation = nil)
params = {
id: user.to_param,
user: {
password: password,
password_confirmation: password_confirmation || password
}
}
post :update, params
end
context 'when the new password is valid' do
it 'redirects to the user' do
update_password(user, 'AValidPassword1')
expect(response).to redirect_to(admin_user_path(user))
end
it 'updates the password' do
update_password(user, 'AValidPassword1')
expect { user.reload }.to change { user.encrypted_password }
end
it 'sets the new password to expire immediately' do
update_password(user, 'AValidPassword1')
expect { user.reload }.to change { user.password_expires_at }.to(a_value <= Time.now)
end
end
context 'when the new password is invalid' do
it 'shows the edit page again' do
update_password(user, 'invalid')
expect(response).to render_template(:edit)
end
it 'returns the error message' do
update_password(user, 'invalid')
expect(assigns[:user].errors).to contain_exactly(a_string_matching(/too short/))
end
it 'does not update the password' do
update_password(user, 'invalid')
expect { user.reload }.not_to change { user.encrypted_password }
end
end
context 'when the new password does not match the password confirmation' do
it 'shows the edit page again' do
update_password(user, 'AValidPassword1', 'AValidPassword2')
expect(response).to render_template(:edit)
end
it 'returns the error message' do
update_password(user, 'AValidPassword1', 'AValidPassword2')
expect(assigns[:user].errors).to contain_exactly(a_string_matching(/doesn't match/))
end
it 'does not update the password' do
update_password(user, 'AValidPassword1', 'AValidPassword2')
expect { user.reload }.not_to change { user.encrypted_password }
end
end
end
end
describe "POST impersonate" do describe "POST impersonate" do
context "when the user is blocked" do context "when the user is blocked" do
before do before do
......
...@@ -210,6 +210,8 @@ describe "Admin::Users", feature: true do ...@@ -210,6 +210,8 @@ describe "Admin::Users", feature: true do
before do before do
fill_in "user_name", with: "Big Bang" fill_in "user_name", with: "Big Bang"
fill_in "user_email", with: "bigbang@mail.com" fill_in "user_email", with: "bigbang@mail.com"
fill_in "user_password", with: "AValidPassword1"
fill_in "user_password_confirmation", with: "AValidPassword1"
check "user_admin" check "user_admin"
click_button "Save changes" click_button "Save changes"
end end
...@@ -223,6 +225,7 @@ describe "Admin::Users", feature: true do ...@@ -223,6 +225,7 @@ describe "Admin::Users", feature: true do
@simple_user.reload @simple_user.reload
expect(@simple_user.name).to eq('Big Bang') expect(@simple_user.name).to eq('Big Bang')
expect(@simple_user.is_admin?).to be_truthy expect(@simple_user.is_admin?).to be_truthy
expect(@simple_user.password_expires_at).to be <= Time.now
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment