mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 201 Wiki Activity
Browse Source

Security notification is not sent when an admin changes the password of a user (#32199). 

Patch by Yuichi HARADA.


git-svn-id: http://svn.redmine.org/redmine/trunk@21006 e93f8b46-1217-0410-a6f0-8f06a7374b81
tags/5.0.0
Go MAEDA 3 years ago
parent
97c2607da4
commit
a8a87ef47e
2 changed files with 21 additions and 1 deletions
Split View Show Diff Stats
  1. 3
    1
      app/controllers/users_controller.rb
  2. 18
    0
      test/functional/users_controller_test.rb

+ 3
- 1
app/controllers/users_controller.rb View File

@@ -153,7 +153,8 @@ class UsersController < ApplicationController
end

def update
if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
is_updating_password = params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
if is_updating_password
@user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
end
@user.safe_attributes = params[:user]
@@ -165,6 +166,7 @@ class UsersController < ApplicationController
if @user.save
@user.pref.save

Mailer.deliver_password_updated(@user, User.current) if is_updating_password
if was_activated
Mailer.deliver_account_activated(@user)
elsif @user.active? && params[:send_information] && @user != User.current

+ 18
- 0
test/functional/users_controller_test.rb View File

@@ -590,6 +590,24 @@ class UsersControllerTest < Redmine::ControllerTest
assert_mail_body_match 'newpass123', mail
end

def test_update_with_password_change_by_admin_should_send_a_security_notification
with_settings :bcc_recipients => '0' do
ActionMailer::Base.deliveries.clear
user = User.find_by(login: 'jsmith')

put :update, :params => {
:id => user.id,
:user => {:password => 'newpass123', :password_confirmation => 'newpass123'}
}

assert_equal 1, ActionMailer::Base.deliveries.size
mail = ActionMailer::Base.deliveries.last
assert_equal [user.mail], mail.to
assert_match 'Security notification', mail.subject
assert_mail_body_match 'Your password has been changed.', mail
end
end

def test_update_with_generate_password_should_email_the_password
ActionMailer::Base.deliveries.clear
with_settings :bcc_recipients => '1' do

Write Preview
Loading…
Cancel
Save