Commit 6304fe44 authored by Rubén Dávila's avatar Rubén Dávila

Allow logged in user to change his password

Users were unable to change their password through the "Reset password"
link that was sent to their email if they were logged in. This is due to
a default controller filter from Devise that requires the user to not be
logged in in order to use this link.
parent ff077cf7
class PasswordsController < Devise::PasswordsController class PasswordsController < Devise::PasswordsController
include Gitlab::CurrentSettings include Gitlab::CurrentSettings
skip_before_action :require_no_authentication, only: [:edit, :update]
before_action :resource_from_email, only: [:create] before_action :resource_from_email, only: [:create]
before_action :check_password_authentication_available, only: [:create] before_action :check_password_authentication_available, only: [:create]
before_action :throttle_reset, only: [:create] before_action :throttle_reset, only: [:create]
......
...@@ -33,6 +33,25 @@ feature 'Password reset' do ...@@ -33,6 +33,25 @@ feature 'Password reset' do
end end
end end
describe 'Changing password while logged in' do
it 'updates the password' do
user = create(:user)
token = user.send_reset_password_instructions
sign_in(user)
visit(edit_user_password_path(reset_password_token: token))
fill_in 'New password', with: 'hello1234'
fill_in 'Confirm new password', with: 'hello1234'
click_button 'Change your password'
expect(page).to have_content(I18n.t('devise.passwords.updated_not_active'))
expect(current_path).to eq new_user_session_path
end
end
def forgot_password(user) def forgot_password(user)
visit root_path visit root_path
click_on 'Forgot your password?' click_on 'Forgot your password?'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment