Users with SHA-1 hashes are redirected to the password change page

2026-02-08 00:34:19 +01:00 · 2011-09-05 22:06:37 +02:00 · 2011-09-05 22:06:37 +02:00 · 5d3829cfbf
commit 5d3829cfbf
parent a11937788e
6 changed files with 54 additions and 0 deletions
--- a/features/handling_users_with_deprecated_password_hashes.feature
+++ b/features/handling_users_with_deprecated_password_hashes.feature
@ -0,0 +1,21 @@
+Feature: Handling users with deprecated passwords hashes
+  In order to have my password hashed with BCrypt
+  As a user with password hashed with SHA1
+  I have to be redirected to the password resetting form
+
+  Background:
+    Given the following user records
+      | login         | password_with_algorithm |
+      | new_hash_user | first_secret bcrypt     |
+      | old_hash_user | another_secret sha1     |
+
+  Scenario: A user with SHA1 password
+    Given I have logged in as "old_hash_user" with password "another_secret"
+    When I go to the homepage
+    Then I should be redirected to the change password page
+    And I should see "You have to reset your password"
+
+  Scenario: A user with BCrypt password
+    Given I have logged in as "new_hash_user" with password "first_secret"
+    When I go to the homepage
+    Then I should be on the homepage
--- a/features/support/paths.rb
+++ b/features/support/paths.rb
@ -104,6 +104,8 @@ module NavigationHelpers
    when /the tag page for "([^"]*)"/i
      @source_view = "tag"
      tag_path($1, options)
+    when /the change password page/
+      change_password_user_path @current_user

      # Add more mappings here.
      # Here is an example that pulls values out of the Regexp:
--- a/features/support/user.rb
+++ b/features/support/user.rb
@ -0,0 +1,18 @@
+class User
+  # A method used in features' user records definitions. It accepts a string
+  # with a password and the name of a hashing algorithm ('sha1' or 'bcrypt')
+  # concatenated with a space. It encrypts user's password using the given
+  # mechanism and the given password value.
+  def password_with_algorithm=(x)
+    pass, algorithm = *x.split
+    case algorithm
+    when 'bcrypt'
+      change_password pass, pass
+    when 'sha1'
+      self.crypted_password = User.sha1 pass
+      self.password = self.password_confirmation = nil
+    else
+      raise "Unknown hashing algorithm: #{algorithm}"
+    end
+  end
+end