consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

expired password last

Browse Source
This commit is contained in:
Marcia
2016-10-06 14:19:48 +02:00
parent 1f72c5cc74
commit 680c0636ed
4 changed files with 9 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/models/user.rb
View File

@@ -1,4 +1,4 @@
class User < ActiveRecord::Base class User < ActiveRecord::Base
include Verification include Verification
@@ -57,8 +57,6 @@
before_validation :clean_document_number before_validation :clean_document_number
before_create :set_password_changed_at
# Get the existing user by email if the provider gives us a verified email. # Get the existing user by email if the provider gives us a verified email.
def self.first_or_initialize_for_oauth(auth) def self.first_or_initialize_for_oauth(auth)
oauth_email = auth.info.email oauth_email = auth.info.email
@@ -242,10 +240,6 @@
true true
end end
def set_password_changed_at
set_password_changed_at = created_at
end
def ability def ability
@ability ||= Ability.new(self) @ability ||= Ability.new(self)
end end

10
config/initializers/devise_security_extension.rb
View File

@@ -41,16 +41,8 @@ module Devise
module Models module Models
module PasswordExpirable module PasswordExpirable
def need_change_password? def need_change_password?
if password_change?
password_expired?
else
false
end
end
def password_change?
self.administrator? && password_expired? self.administrator? && password_expired?
end end
def password_expired? def password_expired?
self.password_changed_at < self.expire_password_after.ago self.password_changed_at < self.expire_password_after.ago

2
lib/tasks/users.rake
View File

@@ -80,7 +80,7 @@ namespace :users do
desc "Update password changed at for existing users" desc "Update password changed at for existing users"
task update_password_changed_at: :environment do task update_password_changed_at: :environment do
User.all.each do |user| User.all.each do |user|
user.update(password_changed_at:user.created_at) user.update(password_changed_at: user.created_at)
end end
end end

8
spec/features/users_auth_spec.rb
View File

@@ -319,21 +319,25 @@ feature 'Users' do
login_as(user) login_as(user)
visit root_path visit root_path
expect(page).to_not have_content "Your password is expired" expect(page).to_not have_content "Your password is expired"
end end
scenario 'Admin with password expired trying to use same password' do scenario 'Admin with password expired trying to use same password' do
user = create(:user, password_changed_at: Time.now - 1.year, password: '123456789') user = create(:user, password_changed_at: Time.now - 1.year, password: '123456789')
admin = create(:administrator, user: user) admin = create(:administrator, user: user)
login_as(admin.user) login_as(admin.user)
visit root_path visit root_path
expect(page).to have_content "Your password is expired" expect(page).to have_content "Your password is expired"
fill_in 'user_current_password', with: 'judgmentday' fill_in 'user_current_password', with: 'judgmentday'
fill_in 'user_password', with: '123456789' fill_in 'user_password', with: '123456789'
fill_in 'user_password_confirmation', with: '123456789' fill_in 'user_password_confirmation', with: '123456789'
click_button 'Change your password' click_button 'Change your password'
expect(page).to have_content "must be different than the current password." expect(page).to have_content "must be different than the current password."
end end
end end