Signed-off-by: Darryl L. Pierce <mcpierce(a)gmail.com>
---
app/controllers/users_controller.rb | 30 +++++++++++++++++
app/views/users/password.html.erb | 30 +++++++++++++++++
app/views/users/show.html.erb | 2 +
config/routes.rb | 8 ++++-
public/images/icons/password.png | Bin 0 -> 744 bytes
test/functional/users_controller_test.rb | 53 ++++++++++++++++++++++++++++++
6 files changed, 122 insertions(+), 1 deletions(-)
create mode 100644 app/views/users/password.html.erb
create mode 100755 public/images/icons/password.png
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 1c58dbf..6cf7a27 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -151,6 +151,36 @@ class UsersController < ApplicationController
:per_page => 10)
end
+ # POST /users/1/change_password
+ def change_password
+ respond_to do |format|
+ if @this_user.can_edit?(@user)
+ if User.authenticate((a)this_user.email, params[:old_password])
+ @this_user.update_attributes(params[:user])
+
+ if @this_user.valid?
+ if @this_user.save
+ flash[:message] = "Password update successfully."
+ format.html { redirect_to user_path(@this_user) }
+ else
+ @this_user.valid?
+ format.html { render :action => :password }
+ end
+ else
+ @this_user.valid?
+ format.html { render :action => :password }
+ end
+ else
+ flash[:error] = "Old password did not match."
+ format.html { redirect_to password_user_path(@this_user) }
+ end
+ else
+ flash[:error] = "You cannot change the password for
#{(a)this_user.display_name}."
+ format.html { redirect_to user_path(@this_user) }
+ end
+ end
+ end
+
private
def load_this_user
diff --git a/app/views/users/password.html.erb b/app/views/users/password.html.erb
new file mode 100644
index 0000000..acdd794
--- /dev/null
+++ b/app/views/users/password.html.erb
@@ -0,0 +1,30 @@
+<% form_for(:user, @this_user, :url => change_password_user_path(@this_user)) do
|form| %>
+ <table class="edit">
+ <tr>
+ <td class="label-required">Current password</td>
+ <td class="value"><%= password_field_tag :old_password
%></td>
+ </tr>
+
+ <tr>
+ <td class="label-required">New password</td>
+ <td class="value">
+ <%= form.password_field :password %>
+ <%= error_message_on(@this_user, :password) %>
+ </td>
+ </tr>
+
+ <tr>
+ <td class="label-required">Confirm password</td>
+ <td class="value">
+ <%= form.password_field :password_confirmation %>
+ <%= error_message_on(@this_user, :password_confirmation) %>
+ </td>
+ </tr>
+
+ <tr>
+ <td class="buttons" colspan="2">
+ <%= submit_tag "Update" %>
+ </td>
+ </tr>
+ </table>
+<% end %>
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index 4fa4cf1..e0de5b9 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -11,6 +11,8 @@
<%= link_to(image_tag("icons/back.png", :alt => "Back to
users list..."), users_path) %>
<%= link_to(image_tag("icons/edit.png", :alt =>
"Edit"),
edit_user_path(@this_user)) if @this_user.can_edit?(@user) %>
+ <%= link_to(image_tag("icons/password.png", :alt => "Change
password"),
+ password_user_path(@this_user)) if @this_user.can_edit?(@user) %>
</td>
</tr>
diff --git a/config/routes.rb b/config/routes.rb
index d4d2ec6..ff7cf95 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -30,7 +30,13 @@ ActionController::Routing::Routes.draw do |map|
}
end
end
- map.resources :users, :member => {:backlog => :get, :roles => :get} do |user|
+ map.resources :users, :member =>
+ {
+ :backlog => :get,
+ :roles => :get,
+ :password => :get,
+ :change_password => :post
+ } do |user|
user.resources :tasks
end
diff --git a/public/images/icons/password.png b/public/images/icons/password.png
new file mode 100755
index 0000000000000000000000000000000000000000..30b0dc316e52dba388d88112d4c1cc32672fffbb
GIT binary patch
literal 744
zcmV<E0vG*>P)<h;3K|Lk000e1NJLTq000mG000mO1^@s6AM^iV00004XF*Lt006JZ
zHwB960000PbVXQnQ*UN;cVTj606}DLVr3vnZDD6+Qe|Oed2z{QJOBU!dPzh<R5;6x
zlU+!YVHk$LRU{on2NEG99t4gN<(k<vgSIj~$mk$~eksv@gmxl=Ow(;Fr^B3}b5Lr_
z2G&-MqzD~`qBeg)s5vYXON+MJpPSp<&)xfdS}mK_2lvVQa$nE=JkR@40I2o!$#_If
zgcYe*-~X369QeQ}9^~I<-#CKyR)jn~<T%PeX7qx)>jGlUfiHCke$)P}4*HwX@?mb`
zzgiE#M5fLDxtj=lZ6q=+Lkt2$!wyVqxC~@X03De&Gn$t$kdWJig()R`(|L#ldNHNi
zi?tK@-;xA1zab1r3XkO&T;m5wdrx2~XU8>fpl4v~7ZF1h+!NXGy*rQ6jw}?mrNKGI
zL&zzIrIL-VTRiLE`+jy5wt-SCISiy4pO}x6>V>$`&V{7&3{GoOF)87oTao_ek0H|L
zXxL5q?8f4p7$RLZL=Q4>?LH3$EqhS@^b{VAG@wL(0y*{DquI)BECvw!(t<WU7OeSj
z4slT2o&n>y8jr^s8DqzY3Mx|xw6AM%RhNVG>V(j48H=@2*+n87;k63kFsH&hc^Czx
zU)p@TON5%2#gM-!LRIG_NS|MUrcZ`*_YPuLB^9Iro+W2D85SRofmAHM&xik`9B1#a
z@o-oLow*L$!CJHqC<x>_n){?E(&Zwhf|^V!qqZ#X+&c)jMMwsg3*W31W<{FoWOGV1
zuOTTStWS(&DYr&0v}HowTZPN*IY_RcCU%rj3Cs*;4T3Shy&sFSmGFOV!%!{P*`>;C
zSiN43jAg&56(U(ojS}<bU;n~z%OUZEdjI^WYM*^X$^G8flvN$?agoUOo#Ks1ETcBX
ap8o(~AJmyDx~^sb0000<MNUMnLSTY)_fHN0
literal 0
HcmV?d00001
diff --git a/test/functional/users_controller_test.rb
b/test/functional/users_controller_test.rb
index 7375369..838fac2 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -309,4 +309,57 @@ class UsersControllerTest < ActionController::TestCase
assert_response :success
assert assigns['product_roles'], "Failed to load the user's
roles."
end
+
+ # Ensures anonymous users can't change passwords.
+ def test_change_password_as_anonymous
+ post :change_password
+
+ assert_redirected_to login_path
+ end
+
+ # Ensures that a valid user must be supplied.
+ def test_change_password_with_invalid_user
+ post :change_password, {}, {:user_id => @user.id}
+
+ assert_redirected_to users_path
+ end
+
+ # Ensures that only the user can change his password.
+ def test_change_password_for_other_user
+ post :change_password, {:id => @other_user.id}, {:user_id => @user.id}
+
+ assert_redirected_to user_path(@other_user)
+ end
+
+ # Ensures that the current password has to match.
+ def test_change_password_with_wrong_current_password
+ post :change_password,
+ {:id => @user.id, :old_password => "garbledina"},
+ {:user_id => @user.id}
+
+ assert_redirected_to password_user_path(@user)
+ end
+
+ # Ensures that the new passwords have to valid.
+ def test_change_password_with_incorrect_passwords
+ post :change_password,
+ {:id => @user.id, :old_password => "farkle",
+ :user => {:password => "a", :password_confirmation =>
"b" }},
+ {:user_id => @user.id}
+
+ assert_response :success
+ assert !User.authenticate((a)user.email, "a"), "Password should not have
been updated."
+ end
+
+ # Ensures that a valid password update works as expected.
+ def test_change_password
+ post :change_password,
+ {:id => @user.id, :old_password => "farkle",
+ :user => {:password => "visible", :password_confirmation =>
"visible"}},
+ {:user_id => @user.id}
+
+ assert_redirected_to user_path(@user)
+ assert User.authenticate((a)user.email, "visible"),
+ "Password was not properly updated."
+ end
end
--
1.6.0.2