Logut user after password change, Closes #1047

app/controllers/login_controller.rb

@@ -69,16 +69,7 @@ class LoginController < ApplicationController
   end
   
   def logout
-    @user.forget_me if logged_in?
+    logout_user
-    cookies.delete :auth_token
-    session['user_id'] = nil
-    if ( SITE_CONFIG['authentication_schemes'].include? 'cas')  && session[:cas_user]
-      CASClient::Frameworks::Rails::Filter.logout(self)
-    else
-      reset_session
-      notify :notice, t('login.logged_out')
-      redirect_to_login
-    end
   end
 
   def expire_session
@@ -149,13 +140,6 @@ class LoginController < ApplicationController
   
   private
       
-  def redirect_to_login
-    respond_to do |format|
-      format.html { redirect_to login_path }
-      format.m { redirect_to login_path(:format => 'm') }
-    end
-  end
-  
   def should_expire_sessions?
     session['noexpiry'] != "on"
   end

app/controllers/preferences_controller.rb

@@ -12,8 +12,11 @@ class PreferencesController < ApplicationController
     user_updated = current_user.update_attributes(params['user'])
     prefs_updated = current_user.preference.update_attributes(params['prefs'])
     if (user_updated && prefs_updated)
-      notify :notice, "Preferences updated"
+      if !params['user']['password'].blank? # password updated?
-      redirect_to :action => 'index'
+        logout_user t('preferences.password_changed')
+      else
+        preference_updated
+      end
     else
       msg = "Preferences could not be updated: "
       msg += "User model errors; " unless user_updated
@@ -28,4 +31,12 @@ class PreferencesController < ApplicationController
     render :text => l(Date.today, :format => format)
   end
 
+private
+
+  # Display notification if preferences are successful updated
+  def preference_updated
+    notify :notice, t('preferences.updated')
+    redirect_to :action => 'index'
+  end
+  
 end

config/locales/en.yml

@@ -659,6 +659,8 @@ en:
     staleness_starts_after: Staleness starts after %{days} days
     change_identity_url: Change Your Identity URL
     change_password: Change your password
+    password_changed: You password has been changed, please log on again.
+    updated: Preferences updated
     page_title: TRACKS::Preferences
     title: Your preferences
     token_description: Token (for feeds and API use)

lib/login_system.rb

@@ -10,6 +10,22 @@ module LoginSystem
     current_user.prefs unless current_user.nil?
   end
   
+  # Logout the {#current_user} and redirect to login page
+  #
+  # @param [String] message notification to display
+  def logout_user message=t('login.logged_out')
+    @user.forget_me if logged_in?
+    cookies.delete :auth_token
+    session['user_id'] = nil
+    if ( SITE_CONFIG['authentication_schemes'].include? 'cas')  && session[:cas_user]
+      CASClient::Frameworks::Rails::Filter.logout(self)
+    else
+      reset_session
+      notify :notice, message
+      redirect_to_login
+    end
+  end
+    
   protected
   
   # overwrite this if you want to restrict access to only a few actions
@@ -192,4 +208,14 @@ module LoginSystem
       render :text => t('login.unsuccessful'), :status => 401
   end
 
+private
+
+  # Redirect the user to the login page.
+  def redirect_to_login
+    respond_to do |format|
+      format.html { redirect_to login_path }
+      format.m { redirect_to login_path(:format => 'm') }
+    end
+  end
+
 end