Commit 4c8cbf88 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'user-new-password' into 'master'

Require current password even if password was expired

Fixes #1469

See merge request !1002
parents 535feb08 014e6d0f
......@@ -11,6 +11,11 @@ class Profiles::PasswordsController < ApplicationController
end
def create
unless @user.valid_password?(user_params[:current_password])
redirect_to new_profile_password_path, alert: 'You must provide a valid current password'
return
end
new_password = user_params[:password]
new_password_confirmation = user_params[:password_confirmation]
......
......@@ -11,6 +11,9 @@
- @user.errors.full_messages.each do |msg|
%li= msg
.form-group
= f.label :current_password, class: 'control-label'
.col-sm-10= f.password_field :current_password, required: true, class: 'form-control'
.form-group
= f.label :password, class: 'control-label'
.col-sm-10= f.password_field :password, required: true, class: 'form-control'
......
......@@ -145,6 +145,7 @@ class Profile < Spinach::FeatureSteps
end
step 'I submit new password' do
fill_in :user_current_password, with: '12345678'
fill_in :user_password, with: '12345678'
fill_in :user_password_confirmation, with: '12345678'
click_button "Set new password"
......@@ -179,7 +180,7 @@ class Profile < Spinach::FeatureSteps
@group.add_owner(current_user)
@project = create(:project, namespace: @group)
@event = create(:closed_issue_event, project: @project)
@project.team << [current_user, :master]
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment