Option to force a user to change his password (#3872).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@12081 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2013-08-05 17:58:33 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2013-08-05 17:58:33 +0000
commit: b764e398475c26217bcca8ac9063f053bc1cf627 (patch)
tree: f8c44b9b990ff60f3cf51fe65bb8dad9dae8bd35 /app/controllers
parent: bd4fba08e5bec539a746e9be422b9c2baab51406 (diff)
download: redmine-b764e398475c26217bcca8ac9063f053bc1cf627.tar.gz
redmine-b764e398475c26217bcca8ac9063f053bc1cf627.zip
3 files changed, 27 insertions, 5 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 7089c176f..d39fc2ace 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -20,7 +20,7 @@ class AccountController < ApplicationController
   include CustomFieldsHelper
 
   # prevents login action to be filtered by check_if_login_required application scope filter
-  skip_before_filter :check_if_login_required
+  skip_before_filter :check_if_login_required, :check_password_change
 
   # Login request and validation
   def login
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index bb8dae56f..6e53ffe01 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -38,7 +38,7 @@ class ApplicationController < ActionController::Base
     cookies.delete(autologin_cookie_name)
   end
 
-  before_filter :session_expiration, :user_setup, :check_if_login_required, :set_localization
+  before_filter :session_expiration, :user_setup, :check_if_login_required, :check_password_change, :set_localization
 
   rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
   rescue_from ::Unauthorized, :with => :deny_access
@@ -78,6 +78,9 @@ class ApplicationController < ActionController::Base
     session[:user_id] = user.id
     session[:ctime] = Time.now.utc.to_i
     session[:atime] = Time.now.utc.to_i
+    if user.must_change_password?
+      session[:pwd] = '1'
+    end
   end
 
   def user_setup
@@ -112,6 +115,10 @@ class ApplicationController < ActionController::Base
         authenticate_with_http_basic do |username, password|
           user = User.try_to_login(username, password) || User.find_by_api_key(username)
         end
+        if user && user.must_change_password?
+          render_error :message => 'You must change your password', :status => 403
+          return
+        end
       end
       # Switch user if requested by an admin user
       if user && user.admin? && (username = api_switch_user_from_request)
@@ -170,6 +177,16 @@ class ApplicationController < ActionController::Base
     require_login if Setting.login_required?
   end
 
+  def check_password_change
+    if session[:pwd]
+      if User.current.must_change_password?
+        redirect_to my_password_path
+      else
+        session.delete(:pwd)
+      end
+    end
+  end
+
   def set_localization
     lang = nil
     if User.current.logged?
diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb
index 5328991b3..82532918a 100644
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -17,6 +17,8 @@
 
 class MyController < ApplicationController
   before_filter :require_login
+  # let user change his password when he has to
+  skip_before_filter :check_password_change, :only => :password
 
   helper :issues
   helper :users
@@ -90,14 +92,17 @@ class MyController < ApplicationController
       return
     end
     if request.post?
-      if @user.check_password?(params[:password])
+      if !@user.check_password?(params[:password])
+        flash.now[:error] = l(:notice_account_wrong_password)
+      elsif params[:password] == params[:new_password]
+        flash.now[:error] = 'Your new password must be different from your current password'
+      else
         @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
+        @user.must_change_passwd = false
         if @user.save
           flash[:notice] = l(:notice_account_password_updated)
           redirect_to my_account_path
         end
-      else
-        flash[:error] = l(:notice_account_wrong_password)
       end
     end
   end
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2013-08-05 17:58:33 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2013-08-05 17:58:33 +0000
commit	b764e398475c26217bcca8ac9063f053bc1cf627 (patch)
tree	f8c44b9b990ff60f3cf51fe65bb8dad9dae8bd35 /app/controllers
parent	bd4fba08e5bec539a746e9be422b9c2baab51406 (diff)
download	redmine-b764e398475c26217bcca8ac9063f053bc1cf627.tar.gz redmine-b764e398475c26217bcca8ac9063f053bc1cf627.zip