Users with SHA-1 hashes can reset their passwords

app/controllers/users_controller.rb

@@ -2,7 +2,7 @@ class UsersController < ApplicationController
   before_filter :admin_login_required, :only => [ :index, :show, :destroy ]
   skip_before_filter :login_required, :only => [ :new, :create ]
   skip_before_filter :check_for_deprecated_password_hash,
-    :only => [ :change_password ]
+    :only => [ :change_password, :update_password ]
   prepend_before_filter :login_optional, :only => [ :new, :create ]
   
   # GET /users GET /users.xml

features/handling_users_with_deprecated_password_hashes.feature

@@ -14,6 +14,8 @@ Feature: Handling users with deprecated passwords hashes
     When I go to the homepage
     Then I should be redirected to the change password page
     And I should see "You have to reset your password"
+    When I change my password to "newer_better_password"
+    Then I should be redirected to the preference page
 
   Scenario: A user with BCrypt password
     Given I have logged in as "new_hash_user" with password "first_secret"

features/step_definitions/user_steps.rb

@@ -32,3 +32,9 @@ Then "I should be an admin" do
   # just check on the presence of the menu item for managing users
   Then "I should see \"Manage users\""
 end
+
+When /^I change my password to "([^"]*)"$/ do |password|
+  Then 'I should be on the change password page'
+  %w{new confirm}.each { |name| fill_in name + ' password', :with => password }
+  click_button
+end