diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-03-05 09:16:16 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-03-05 09:16:16 +0000 |
| commit | 89daf0f16a7e51a52c010cfb197c5bbe51e4810f (patch) | |
| tree | 892dafc0ca8e78557de8ce01b65d7aa67a581391 /app/controllers | |
| parent | 6865c96d99fe0c3b93d929c823c9f9f892ca78ad (diff) | |
| download | redmine-89daf0f16a7e51a52c010cfb197c5bbe51e4810f.tar.gz redmine-89daf0f16a7e51a52c010cfb197c5bbe51e4810f.zip | |
Password reset should count as a password change for User#must_change_passwd (#25253).
Patch by Felix Schäfer.
git-svn-id: http://svn.redmine.org/redmine/trunk@16374 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/account_controller.rb | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 54a29fbf4..f98603270 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -80,13 +80,18 @@ class AccountController < ApplicationController return end if request.post? - @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation] - if @user.save - @token.destroy - Mailer.password_updated(@user) - flash[:notice] = l(:notice_account_password_updated) - redirect_to signin_path - return + if @user.must_change_passwd? && @user.check_password?(params[:new_password]) + flash.now[:error] = l(:notice_new_password_must_be_different) + else + @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation] + @user.must_change_passwd = false + if @user.save + @token.destroy + Mailer.password_updated(@user) + flash[:notice] = l(:notice_account_password_updated) + redirect_to signin_path + return + end end end render :template => "account/password_recovery" |