Fix updating password

Signed-off-by: Reinier Balt <lrbalt@gmail.com>

Gemfile

@@ -1,5 +1,4 @@
 source :gemcutter
-source :rubyforge
 source "http://gems.github.com/"
 
 gem "rake", "~>0.8.7"

Gemfile.lock

@@ -7,7 +7,6 @@ GIT
       activerecord (>= 2.3.2)
 
 GEM
-  remote: http://rubygems.org/
   remote: http://rubygems.org/
   remote: http://gems.github.com/
   specs:

app/controllers/users_controller.rb

@@ -160,7 +160,8 @@ class UsersController < ApplicationController
   end
 
   def update_password
-    @user.change_password(params[:updateuser][:password], params[:updateuser][:password_confirmation])
+    # is used for focing password change after sha->bcrypt upgrade
+    @user.change_password(params[:user][:password], params[:user][:password_confirmation])
     notify :notice, t('users.password_updated')
     redirect_to preferences_path
   rescue Exception => error

features/handling_users_with_deprecated_password_hashes.feature

@@ -4,10 +4,10 @@ Feature: Handling users with deprecated passwords hashes
   I have to be redirected to the password resetting form
 
   Background:
-    Given the following user records
-      | login         | password_with_algorithm |
-      | new_hash_user | first_secret bcrypt     |
-      | old_hash_user | another_secret sha1     |
+    Given the following user records with hash algorithm
+      | login         | password        | algorithm  |
+      | new_hash_user | first_secret    | bcrypt     |
+      | old_hash_user | another_secret  | sha1       |
 
   Scenario Outline: A user with SHA1 password
     Given I have logged in as "old_hash_user" with password "another_secret"

features/step_definitions/user_steps.rb

@@ -6,6 +6,40 @@ Given /^the following user records?$/ do |table|
   end
 end
 
+Given /^the following user records with hash algorithm$/ do |table|
+  User.delete_all
+  table.hashes.each do | hash |
+    password = hash[:password]
+    algorithm = hash[:algorithm]
+    hash.delete("algorithm")
+
+    user = Factory(:user, hash)
+
+    case algorithm
+    when 'bcrypt'
+      user.change_password( password, password )
+      user.reload
+      BCrypt::Password.new(user.crypted_password).should == password
+    when 'sha1'
+      user.password = user.password_confirmation = nil
+      user.write_attribute :crypted_password, User.sha1( password )
+      user.save
+      user.reload
+      user.crypted_password.should == User.sha1(password)
+    else
+      raise "Unknown hashing algorithm: #{algorithm}"
+    end
+
+    user.create_preference({:locale => 'en'})
+  end
+end
+
+When /^I change my password to "([^"]*)"$/ do |password|
+  Then 'I should be on the change password page'
+  %w{password password_confirmation}.each { |name| fill_in "user[#{name}]", :with => password }
+  click_button
+end
+
 Given "no users exists" do
   User.delete_all
 end
@@ -32,9 +66,3 @@ Then "I should be an admin" do
   # just check on the presence of the menu item for managing users
   Then "I should see \"Manage users\""
 end
-
-When /^I change my password to "([^"]*)"$/ do |password|
-  Then 'I should be on the change password page'
-  %w{new confirm}.each { |name| fill_in name + ' password', :with => password }
-  click_button
-end

features/support/user.rb

@@ -1,18 +0,0 @@
-class User
-  # A method used in features' user records definitions. It accepts a string
-  # with a password and the name of a hashing algorithm ('sha1' or 'bcrypt')
-  # concatenated with a space. It encrypts user's password using the given
-  # mechanism and the given password value.
-  def password_with_algorithm=(x)
-    pass, algorithm = *x.split
-    case algorithm
-    when 'bcrypt'
-      change_password pass, pass
-    when 'sha1'
-      self.crypted_password = User.sha1 pass
-      self.password = self.password_confirmation = nil
-    else
-      raise "Unknown hashing algorithm: #{algorithm}"
-    end
-  end
-end

test/functional/users_controller_test.rb

@@ -65,7 +65,7 @@ class UsersControllerTest < ActionController::TestCase
     get :change_password # should now pass because we're logged in
     assert_response :success
     assert_equal assigns['page_title'], "TRACKS::Change password"
-    post :update_password, :updateuser => {:password => 'newpassword', :password_confirmation => 'newpassword'}
+    post :update_password, :user => {:password => 'newpassword', :password_confirmation => 'newpassword'}
     assert_redirected_to preferences_path
     @updated_user = User.find(users(:admin_user).id)
     assert_not_nil User.authenticate(@updated_user.login, 'newpassword')
@@ -76,7 +76,7 @@ class UsersControllerTest < ActionController::TestCase
     post :update_password # should fail because no login
     assert_redirected_to :controller => 'login', :action => 'login'
     login_as :admin_user
-    post :update_password, :updateuser => {:password => 'newpassword', :password_confirmation => 'wrong'}
+    post :update_password, :user => {:password => 'newpassword', :password_confirmation => 'wrong'}
     assert_redirected_to :controller => 'users', :action => 'change_password'
     assert users(:admin_user).save, false
     assert_equal 'Validation failed: Password doesn\'t match confirmation', flash[:error]
@@ -86,7 +86,7 @@ class UsersControllerTest < ActionController::TestCase
     post :update_password # should fail because no login
     assert_redirected_to :controller => 'login', :action => 'login'
     login_as :admin_user
-    post :update_password, :updateuser => {:password => 'ba', :password_confirmation => 'ba'}
+    post :update_password, :user => {:password => 'ba', :password_confirmation => 'ba'}
     assert_redirected_to :controller => 'users', :action => 'change_password'
     assert users(:admin_user).save, false
     # For some reason, no errors are being raised now.