# let user change user's password when user has to
skip_before_action :check_password_change, :only => :password
- require_sudo_mode :account, only: :post
+ accept_api_auth :account
+
+ require_sudo_mode :account, only: :put
require_sudo_mode :reset_rss_key, :reset_api_key, :show_api_key, :destroy
helper :issues
def account
@user = User.current
@pref = @user.pref
- if request.post?
+ if request.put?
@user.safe_attributes = params[:user]
@user.pref.safe_attributes = params[:pref]
if @user.save
@user.pref.save
set_language_if_valid @user.language
- flash[:notice] = l(:notice_account_updated)
- redirect_to my_account_path
+ respond_to do |format|
+ format.html {
+ flash[:notice] = l(:notice_account_updated)
+ redirect_to my_account_path
+ }
+ format.api { render_api_ok }
+ end
return
+ else
+ respond_to do |format|
+ format.html { render :action => :account }
+ format.api { render_validation_errors(@user) }
+ end
end
end
end
--- /dev/null
+api.user do
+ api.id @user.id
+ api.login @user.login
+ api.admin @user.admin?
+ api.firstname @user.firstname
+ api.lastname @user.lastname
+ api.mail @user.mail
+ api.created_on @user.created_on
+ api.last_login_on @user.last_login_on
+ api.api_key @user.api_key
+
+ render_api_custom_values @user.visible_custom_field_values, api
+end
<%= labelled_form_for :user, @user,
:url => { :action => "account" },
:html => { :id => 'my_account_form',
- :method => :post, :multipart => true } do |f| %>
+ :method => :put, :multipart => true } do |f| %>
<div class="splitcontent">
<div class="splitcontentleft">
<fieldset class="box tabular">
match '/imports/:id/mapping', :to => 'imports#mapping', :via => [:get, :post], :as => 'import_mapping'
match '/imports/:id/run', :to => 'imports#run', :via => [:get, :post], :as => 'import_run'
- match 'my/account', :controller => 'my', :action => 'account', :via => [:get, :post]
+ match 'my/account', :controller => 'my', :action => 'account', :via => [:get, :put]
match 'my/account/destroy', :controller => 'my', :action => 'destroy', :via => [:get, :post]
match 'my/page', :controller => 'my', :action => 'page', :via => :get
post 'my/page', :to => 'my#update_page'
end
def test_update_account
- post :account, :params => {
+ put :account, :params => {
:user => {
:firstname => "Joe",
:login => "root",
def test_update_account_should_send_security_notification
ActionMailer::Base.deliveries.clear
- post :account, :params => {
+ put :account, :params => {
:user => {
:mail => 'foobar@example.com'
--- /dev/null
+# frozen_string_literal: true
+
+# Redmine - project management software
+# Copyright (C) 2006-2017 Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+require File.expand_path('../../../test_helper', __FILE__)
+
+class Redmine::ApiTest::MyTest < Redmine::ApiTest::Base
+ fixtures :users, :email_addresses, :members, :member_roles, :roles, :projects
+
+ test "GET /my/account.json should return user" do
+ assert Setting.rest_api_enabled?
+ get '/my/account.json', :headers => credentials('dlopper', 'foo')
+
+ assert_response :success
+ assert_equal 'application/json', response.content_type
+ json = ActiveSupport::JSON.decode(response.body)
+ assert json.key?('user')
+ assert_equal 'dlopper', json['user']['login']
+ end
+
+ test "PUT /my/account.xml with valid parameters should update the user" do
+ put '/my/account.xml',
+ :params => {
+ :user => {
+ :firstname => 'Dave', :lastname => 'Renamed',
+ :mail => 'dave@somenet.foo'
+ }
+ },
+ :headers => credentials('dlopper', 'foo')
+ assert_response :no_content
+ assert_equal '', @response.body
+
+ assert user = User.find_by_lastname('Renamed')
+ assert_equal 'Dave', user.firstname
+ assert_equal 'Renamed', user.lastname
+ assert_equal 'dave@somenet.foo', user.mail
+ refute user.admin?
+ end
+
+ test "PUT /my/account.json with valid parameters should update the user" do
+ put '/my/account.xml',
+ :params => {
+ :user => {
+ :firstname => 'Dave', :lastname => 'Renamed',
+ :mail => 'dave@somenet.foo'
+ }
+ },
+ :headers => credentials('dlopper', 'foo')
+ assert_response :no_content
+ assert_equal '', @response.body
+
+ assert user = User.find_by_lastname('Renamed')
+ assert_equal 'Dave', user.firstname
+ assert_equal 'Renamed', user.lastname
+ assert_equal 'dave@somenet.foo', user.mail
+ refute user.admin?
+
+ end
+
+ test "PUT /my/account.xml with invalid parameters" do
+ put '/my/account.xml',
+ :params => {
+ :user => {
+ :login => 'dlopper', :firstname => '', :lastname => 'Lastname'
+ }
+ },
+ :headers => credentials('dlopper', 'foo')
+
+ assert_response :unprocessable_entity
+ assert_equal 'application/xml', @response.content_type
+ assert_select 'errors error', :text => "First name cannot be blank"
+ end
+
+ test "PUT /my/account.json with invalid parameters" do
+ put '/my/account.json',
+ :params => {
+ :user => {
+ :login => 'dlopper', :firstname => '', :lastname => 'Lastname'
+ }
+ },
+ :headers => credentials('dlopper', 'foo')
+
+ assert_response :unprocessable_entity
+ assert_equal 'application/json', @response.content_type
+ json = ActiveSupport::JSON.decode(response.body)
+ assert_kind_of Hash, json
+ assert json.has_key?('errors')
+ assert_kind_of Array, json['errors']
+ end
+end
+
class RoutingMyTest < Redmine::RoutingTest
def test_my
should_route 'GET /my/account' => 'my#account'
- should_route 'POST /my/account' => 'my#account'
+ should_route 'PUT /my/account' => 'my#account'
should_route 'GET /my/account/destroy' => 'my#destroy'
should_route 'POST /my/account/destroy' => 'my#destroy'
expire_sudo_mode!
get '/my/account'
assert_response :success
- post '/my/account', :params => {user: { mail: 'newmail@test.com' }}
+ put '/my/account', :params => {user: { mail: 'newmail@test.com' }}
assert_response :success
assert_select 'h2', 'Confirm your password to continue'
assert_select 'form[action="/my/account"]'
assert_select '#flash_error', 0
# wrong password
- post '/my/account', :params => {user: { mail: 'newmail@test.com' }, sudo_password: 'wrong'}
+ put '/my/account', :params => {user: { mail: 'newmail@test.com' }, sudo_password: 'wrong'}
assert_response :success
assert_select 'h2', 'Confirm your password to continue'
assert_select 'form[action="/my/account"]'
assert_select '#flash_error'
# correct password
- post '/my/account', :params => {user: { mail: 'newmail@test.com' }, sudo_password: 'jsmith'}
+ put '/my/account', :params => {user: { mail: 'newmail@test.com' }, sudo_password: 'jsmith'}
assert_redirected_to '/my/account'
assert_equal 'newmail@test.com', User.find_by_login('jsmith').mail
# sudo mode should now be active and not require password again
- post '/my/account', :params => {user: { mail: 'even.newer.mail@test.com' }}
+ put '/my/account', :params => {user: { mail: 'even.newer.mail@test.com' }}
assert_redirected_to '/my/account'
assert_equal 'even.newer.mail@test.com', User.find_by_login('jsmith').mail
end