diff options
| author | Go MAEDA <maeda@farend.jp> | 2021-05-24 06:28:23 +0000 |
|---|---|---|
| committer | Go MAEDA <maeda@farend.jp> | 2021-05-24 06:28:23 +0000 |
| commit | a8a87ef47ea71ed47a828ce5c770668d28a3d54e (patch) | |
| tree | 12fb31b419a254a8fb70c768859110043b122d75 | |
| parent | 97c2607da4606605e2c12b775d5cdb75be32dbc2 (diff) | |
| download | redmine-a8a87ef47ea71ed47a828ce5c770668d28a3d54e.tar.gz redmine-a8a87ef47ea71ed47a828ce5c770668d28a3d54e.zip | |
Security notification is not sent when an admin changes the password of a user (#32199).
Patch by Yuichi HARADA.
git-svn-id: http://svn.redmine.org/redmine/trunk@21006 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/users_controller.rb | 4 | ||||
| -rw-r--r-- | test/functional/users_controller_test.rb | 18 |
2 files changed, 21 insertions, 1 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 6c1cc8d8e..81e794640 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -153,7 +153,8 @@ class UsersController < ApplicationController end def update - if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?) + is_updating_password = params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?) + if is_updating_password @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] end @user.safe_attributes = params[:user] @@ -165,6 +166,7 @@ class UsersController < ApplicationController if @user.save @user.pref.save + Mailer.deliver_password_updated(@user, User.current) if is_updating_password if was_activated Mailer.deliver_account_activated(@user) elsif @user.active? && params[:send_information] && @user != User.current diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb index c185f0eca..c963bf248 100644 --- a/test/functional/users_controller_test.rb +++ b/test/functional/users_controller_test.rb @@ -590,6 +590,24 @@ class UsersControllerTest < Redmine::ControllerTest assert_mail_body_match 'newpass123', mail end + def test_update_with_password_change_by_admin_should_send_a_security_notification + with_settings :bcc_recipients => '0' do + ActionMailer::Base.deliveries.clear + user = User.find_by(login: 'jsmith') + + put :update, :params => { + :id => user.id, + :user => {:password => 'newpass123', :password_confirmation => 'newpass123'} + } + + assert_equal 1, ActionMailer::Base.deliveries.size + mail = ActionMailer::Base.deliveries.last + assert_equal [user.mail], mail.to + assert_match 'Security notification', mail.subject + assert_mail_body_match 'Your password has been changed.', mail + end + end + def test_update_with_generate_password_should_email_the_password ActionMailer::Base.deliveries.clear with_settings :bcc_recipients => '1' do |