| @@ -77,7 +77,7 class MyController < ApplicationController | |||||
| 77 | # Manage user's password |
|
77 | # Manage user's password | |
| 78 | def password |
|
78 | def password | |
| 79 | @user = User.current |
|
79 | @user = User.current | |
| 80 | if @user.auth_source_id |
|
80 | unless @user.change_password_allowed? | |
| 81 | flash[:error] = l(:notice_can_t_change_password) |
|
81 | flash[:error] = l(:notice_can_t_change_password) | |
| 82 | redirect_to :action => 'account' |
|
82 | redirect_to :action => 'account' | |
| 83 | return |
|
83 | return | |
| @@ -32,6 +32,15 class AuthSource < ActiveRecord::Base | |||||
| 32 | "Abstract" |
|
32 | "Abstract" | |
| 33 | end |
|
33 | end | |
| 34 |
|
34 | |||
|
|
35 | def allow_password_changes? | |||
|
|
36 | self.class.allow_password_changes? | |||
|
|
37 | end | |||
|
|
38 | ||||
|
|
39 | # Does this auth source backend allow password changes? | |||
|
|
40 | def self.allow_password_changes? | |||
|
|
41 | false | |||
|
|
42 | end | |||
|
|
43 | ||||
| 35 | # Try to authenticate a user not yet registered against available sources |
|
44 | # Try to authenticate a user not yet registered against available sources | |
| 36 | def self.authenticate(login, password) |
|
45 | def self.authenticate(login, password) | |
| 37 | AuthSource.find(:all, :conditions => ["onthefly_register=?", true]).each do |source| |
|
46 | AuthSource.find(:all, :conditions => ["onthefly_register=?", true]).each do |source| | |
| @@ -71,7 +71,7 class User < Principal | |||||
| 71 |
|
71 | |||
| 72 | def before_save |
|
72 | def before_save | |
| 73 | # update hashed_password if password was set |
|
73 | # update hashed_password if password was set | |
| 74 | self.hashed_password = User.hash_password(self.password) if self.password |
|
74 | self.hashed_password = User.hash_password(self.password) if self.password && self.auth_source_id.blank? | |
| 75 | end |
|
75 | end | |
| 76 |
|
76 | |||
| 77 | def reload(*args) |
|
77 | def reload(*args) | |
| @@ -116,7 +116,7 class User < Principal | |||||
| 116 | user.language = Setting.default_language |
|
116 | user.language = Setting.default_language | |
| 117 | if user.save |
|
117 | if user.save | |
| 118 | user.reload |
|
118 | user.reload | |
| 119 | logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger |
|
119 | logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source | |
| 120 | end |
|
120 | end | |
| 121 | end |
|
121 | end | |
| 122 | end |
|
122 | end | |
| @@ -161,7 +161,17 class User < Principal | |||||
| 161 | end |
|
161 | end | |
| 162 |
|
162 | |||
| 163 | def check_password?(clear_password) |
|
163 | def check_password?(clear_password) | |
| 164 | User.hash_password(clear_password) == self.hashed_password |
|
164 | if auth_source_id.present? | |
|
|
165 | auth_source.authenticate(self.login, clear_password) | |||
|
|
166 | else | |||
|
|
167 | User.hash_password(clear_password) == self.hashed_password | |||
|
|
168 | end | |||
|
|
169 | end | |||
|
|
170 | ||||
|
|
171 | # Does the backend storage allow this user to change their password? | |||
|
|
172 | def change_password_allowed? | |||
|
|
173 | return true if auth_source_id.blank? | |||
|
|
174 | return auth_source.allow_password_changes? | |||
| 165 | end |
|
175 | end | |
| 166 |
|
176 | |||
| 167 | # Generate and set a random password. Useful for automated user creation |
|
177 | # Generate and set a random password. Useful for automated user creation | |
| @@ -1,5 +1,5 | |||||
| 1 | <div class="contextual"> |
|
1 | <div class="contextual"> | |
| 2 |
<%= link_to(l(:button_change_password), :action => 'password') |
|
2 | <%= link_to(l(:button_change_password), :action => 'password') if @user.change_password_allowed? %> | |
| 3 | <%= call_hook(:view_my_account_contextual, :user => @user)%> |
|
3 | <%= call_hook(:view_my_account_contextual, :user => @user)%> | |
| 4 | </div> |
|
4 | </div> | |
| 5 | <h2><%=l(:label_my_account)%></h2> |
|
5 | <h2><%=l(:label_my_account)%></h2> | |
| @@ -273,6 +273,32 class UserTest < ActiveSupport::TestCase | |||||
| 273 | assert !u.password.blank? |
|
273 | assert !u.password.blank? | |
| 274 | assert !u.password_confirmation.blank? |
|
274 | assert !u.password_confirmation.blank? | |
| 275 | end |
|
275 | end | |
|
|
276 | ||||
|
|
277 | context "#change_password_allowed?" do | |||
|
|
278 | should "be allowed if no auth source is set" do | |||
|
|
279 | user = User.generate_with_protected! | |||
|
|
280 | assert user.change_password_allowed? | |||
|
|
281 | end | |||
|
|
282 | ||||
|
|
283 | should "delegate to the auth source" do | |||
|
|
284 | user = User.generate_with_protected! | |||
|
|
285 | ||||
|
|
286 | allowed_auth_source = AuthSource.generate! | |||
|
|
287 | def allowed_auth_source.allow_password_changes?; true; end | |||
|
|
288 | ||||
|
|
289 | denied_auth_source = AuthSource.generate! | |||
|
|
290 | def denied_auth_source.allow_password_changes?; false; end | |||
|
|
291 | ||||
|
|
292 | assert user.change_password_allowed? | |||
|
|
293 | ||||
|
|
294 | user.auth_source = allowed_auth_source | |||
|
|
295 | assert user.change_password_allowed?, "User not allowed to change password, though auth source does" | |||
|
|
296 | ||||
|
|
297 | user.auth_source = denied_auth_source | |||
|
|
298 | assert !user.change_password_allowed?, "User allowed to change password, though auth source does not" | |||
|
|
299 | end | |||
|
|
300 | ||||
|
|
301 | end | |||
| 276 |
|
302 | |||
| 277 | if Object.const_defined?(:OpenID) |
|
303 | if Object.const_defined?(:OpenID) | |
| 278 |
|
304 | |||
General Comments 0
You need to be logged in to leave comments.
Login now