From ad1f3b58629610fb8d02b7ff70e9f42a3f976c34 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20St=C4=99pie=C5=84?= <jstepien@users.sourceforge.net>
Date: Mon, 5 Sep 2011 22:45:52 +0200
Subject: [PATCH] Users with SHA-1 hashes can reset their passwords

---
 app/controllers/users_controller.rb                         | 2 +-
 .../handling_users_with_deprecated_password_hashes.feature  | 2 ++
 features/step_definitions/user_steps.rb                     | 6 ++++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 4cf60081..30931609 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -2,7 +2,7 @@ class UsersController < ApplicationController
   before_filter :admin_login_required, :only => [ :index, :show, :destroy ]
   skip_before_filter :login_required, :only => [ :new, :create ]
   skip_before_filter :check_for_deprecated_password_hash,
-    :only => [ :change_password ]
+    :only => [ :change_password, :update_password ]
   prepend_before_filter :login_optional, :only => [ :new, :create ]
   
   # GET /users GET /users.xml
diff --git a/features/handling_users_with_deprecated_password_hashes.feature b/features/handling_users_with_deprecated_password_hashes.feature
index 388a3729..a1443324 100644
--- a/features/handling_users_with_deprecated_password_hashes.feature
+++ b/features/handling_users_with_deprecated_password_hashes.feature
@@ -14,6 +14,8 @@ Feature: Handling users with deprecated passwords hashes
     When I go to the homepage
     Then I should be redirected to the change password page
     And I should see "You have to reset your password"
+    When I change my password to "newer_better_password"
+    Then I should be redirected to the preference page
 
   Scenario: A user with BCrypt password
     Given I have logged in as "new_hash_user" with password "first_secret"
diff --git a/features/step_definitions/user_steps.rb b/features/step_definitions/user_steps.rb
index 164bf1fb..117b2b66 100644
--- a/features/step_definitions/user_steps.rb
+++ b/features/step_definitions/user_steps.rb
@@ -32,3 +32,9 @@ Then "I should be an admin" do
   # just check on the presence of the menu item for managing users
   Then "I should see \"Manage users\""
 end
+
+When /^I change my password to "([^"]*)"$/ do |password|
+  Then 'I should be on the change password page'
+  %w{new confirm}.each { |name| fill_in name + ' password', :with => password }
+  click_button
+end