Users with SHA-1 hashes can reset their passwords

2025-12-24 03:00:12 +01:00 · 2011-09-05 22:45:52 +02:00 · 2011-09-05 22:45:52 +02:00 · ad1f3b5862
commit ad1f3b5862
parent 5d3829cfbf
3 changed files with 9 additions and 1 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -2,7 +2,7 @@ class UsersController < ApplicationController
  before_filter :admin_login_required, :only => [ :index, :show, :destroy ]
  skip_before_filter :login_required, :only => [ :new, :create ]
  skip_before_filter :check_for_deprecated_password_hash,
-    :only => [ :change_password ]
+    :only => [ :change_password, :update_password ]
  prepend_before_filter :login_optional, :only => [ :new, :create ]
  
  # GET /users GET /users.xml
--- a/features/handling_users_with_deprecated_password_hashes.feature
+++ b/features/handling_users_with_deprecated_password_hashes.feature
@ -14,6 +14,8 @@ Feature: Handling users with deprecated passwords hashes
    When I go to the homepage
    Then I should be redirected to the change password page
    And I should see "You have to reset your password"
+    When I change my password to "newer_better_password"
+    Then I should be redirected to the preference page

  Scenario: A user with BCrypt password
    Given I have logged in as "new_hash_user" with password "first_secret"
--- a/features/step_definitions/user_steps.rb
+++ b/features/step_definitions/user_steps.rb
@ -32,3 +32,9 @@ Then "I should be an admin" do
  # just check on the presence of the menu item for managing users
  Then "I should see \"Manage users\""
 end
+
+When /^I change my password to "([^"]*)"$/ do |password|
+  Then 'I should be on the change password page'
+  %w{new confirm}.each { |name| fill_in name + ' password', :with => password }
+  click_button
+end