Allow AuthSources to control if they allow password changes.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3745 e93f8b46-1217-0410-a6f0-8f06a7374b81

4 files changed, 24 insertions, 5 deletions

diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb
index f68675991..f637b49b6 100644
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -77,7 +77,7 @@ class MyController < ApplicationController
   # Manage user's password
   def password
     @user = User.current
-    if @user.auth_source_id
+    unless @user.change_password_allowed?
       flash[:error] = l(:notice_can_t_change_password)
       redirect_to :action => 'account'
       return
diff --git a/app/models/auth_source.rb b/app/models/auth_source.rb
index 537ed2d43..84f17b1bc 100644
--- a/app/models/auth_source.rb
+++ b/app/models/auth_source.rb
@@ -32,6 +32,15 @@ class AuthSource < ActiveRecord::Base
     "Abstract"
   end
 
+  def allow_password_changes?
+    self.class.allow_password_changes?
+  end
+
+  # Does this auth source backend allow password changes?
+  def self.allow_password_changes?
+    false
+  end
+
   # Try to authenticate a user not yet registered against available sources
   def self.authenticate(login, password)
     AuthSource.find(:all, :conditions => ["onthefly_register=?", true]).each do |source|
diff --git a/app/models/user.rb b/app/models/user.rb
index 2dad3bb18..a38a09170 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -71,7 +71,7 @@ class User < Principal
   
   def before_save
     # update hashed_password if password was set
-    self.hashed_password = User.hash_password(self.password) if self.password
+    self.hashed_password = User.hash_password(self.password) if self.password && self.auth_source_id.blank?
   end
   
   def reload(*args)
@@ -116,7 +116,7 @@ class User < Principal
         user.language = Setting.default_language
         if user.save
           user.reload
-          logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger
+          logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source
         end
       end
     end    
@@ -161,7 +161,17 @@ class User < Principal
   end
 
   def check_password?(clear_password)
-    User.hash_password(clear_password) == self.hashed_password
+    if auth_source_id.present?
+      auth_source.authenticate(self.login, clear_password)
+    else
+      User.hash_password(clear_password) == self.hashed_password
+    end
+  end
+
+  # Does the backend storage allow this user to change their password?
+  def change_password_allowed?
+    return true if auth_source_id.blank?
+    return auth_source.allow_password_changes?
   end
 
   # Generate and set a random password.  Useful for automated user creation
diff --git a/app/views/my/account.rhtml b/app/views/my/account.rhtml
index 9bf45b33e..befe6be5a 100644
--- a/app/views/my/account.rhtml
+++ b/app/views/my/account.rhtml
@@ -1,5 +1,5 @@
 <div class="contextual">
-<%= link_to(l(:button_change_password), :action => 'password') unless @user.auth_source_id %>
+<%= link_to(l(:button_change_password), :action => 'password') if @user.change_password_allowed? %>
 <%= call_hook(:view_my_account_contextual, :user => @user)%>
 </div>
 <h2><%=l(:label_my_account)%></h2>