From: Eric Davis Date: Sun, 23 May 2010 03:16:37 +0000 (+0000) Subject: Allow AuthSources to control if they allow password changes. X-Git-Tag: 1.0.0~88 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=908d44519c410db2ef841c72e501a6c198051b43;p=redmine.git Allow AuthSources to control if they allow password changes. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3745 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb index f68675991..f637b49b6 100644 --- a/app/controllers/my_controller.rb +++ b/app/controllers/my_controller.rb @@ -77,7 +77,7 @@ class MyController < ApplicationController # Manage user's password def password @user = User.current - if @user.auth_source_id + unless @user.change_password_allowed? flash[:error] = l(:notice_can_t_change_password) redirect_to :action => 'account' return diff --git a/app/models/auth_source.rb b/app/models/auth_source.rb index 537ed2d43..84f17b1bc 100644 --- a/app/models/auth_source.rb +++ b/app/models/auth_source.rb @@ -32,6 +32,15 @@ class AuthSource < ActiveRecord::Base "Abstract" end + def allow_password_changes? + self.class.allow_password_changes? + end + + # Does this auth source backend allow password changes? + def self.allow_password_changes? + false + end + # Try to authenticate a user not yet registered against available sources def self.authenticate(login, password) AuthSource.find(:all, :conditions => ["onthefly_register=?", true]).each do |source| diff --git a/app/models/user.rb b/app/models/user.rb index 2dad3bb18..a38a09170 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -71,7 +71,7 @@ class User < Principal def before_save # update hashed_password if password was set - self.hashed_password = User.hash_password(self.password) if self.password + self.hashed_password = User.hash_password(self.password) if self.password && self.auth_source_id.blank? end def reload(*args) @@ -116,7 +116,7 @@ class User < Principal user.language = Setting.default_language if user.save user.reload - logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger + logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source end end end @@ -161,7 +161,17 @@ class User < Principal end def check_password?(clear_password) - User.hash_password(clear_password) == self.hashed_password + if auth_source_id.present? + auth_source.authenticate(self.login, clear_password) + else + User.hash_password(clear_password) == self.hashed_password + end + end + + # Does the backend storage allow this user to change their password? + def change_password_allowed? + return true if auth_source_id.blank? + return auth_source.allow_password_changes? end # Generate and set a random password. Useful for automated user creation diff --git a/app/views/my/account.rhtml b/app/views/my/account.rhtml index 9bf45b33e..befe6be5a 100644 --- a/app/views/my/account.rhtml +++ b/app/views/my/account.rhtml @@ -1,5 +1,5 @@
-<%= link_to(l(:button_change_password), :action => 'password') unless @user.auth_source_id %> +<%= link_to(l(:button_change_password), :action => 'password') if @user.change_password_allowed? %> <%= call_hook(:view_my_account_contextual, :user => @user)%>

<%=l(:label_my_account)%>

diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index f63716501..77a9ee984 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -273,6 +273,32 @@ class UserTest < ActiveSupport::TestCase assert !u.password.blank? assert !u.password_confirmation.blank? end + + context "#change_password_allowed?" do + should "be allowed if no auth source is set" do + user = User.generate_with_protected! + assert user.change_password_allowed? + end + + should "delegate to the auth source" do + user = User.generate_with_protected! + + allowed_auth_source = AuthSource.generate! + def allowed_auth_source.allow_password_changes?; true; end + + denied_auth_source = AuthSource.generate! + def denied_auth_source.allow_password_changes?; false; end + + assert user.change_password_allowed? + + user.auth_source = allowed_auth_source + assert user.change_password_allowed?, "User not allowed to change password, though auth source does" + + user.auth_source = denied_auth_source + assert !user.change_password_allowed?, "User allowed to change password, though auth source does not" + end + + end if Object.const_defined?(:OpenID)