Impersonation no longer gets stuck on password change.

053a1988 · Tiago Botelho · Douwe Maan · 7a61a8e0 · 053a1988 · 053a1988
Commit 053a1988 authored Sep 13, 2017 by Tiago Botelho Committed by Douwe Maan Nov 20, 2017
4 changed files
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -196,7 +196,11 @@ class ApplicationController < ActionController::Base
  end

  def check_password_expiration
-    if current_user && current_user.password_expires_at && current_user.password_expires_at < Time.now && !current_user.ldap_user?
+    return if session[:impersonator_id] || current_user&.ldap_user?
+
+    password_expires_at = current_user&.password_expires_at
+
+    if password_expires_at && password_expires_at < Time.now
      return redirect_to new_profile_password_path
    end
  end

--- a/changelogs/unreleased/1870-impersonation-stuck-on-password-change.yml
+++ b/changelogs/unreleased/1870-impersonation-stuck-on-password-change.yml
+---
+title: Impersonation no longer gets stuck on password change.
+merge_request: 2904
+author:
+type: fixed
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -6,6 +6,10 @@ describe ApplicationController do
  describe '#check_password_expiration' do
    let(:controller) { described_class.new }

+    before do
+      allow(controller).to receive(:session).and_return({})
+    end
+
    it 'redirects if the user is over their password expiry' do
      user.password_expires_at = Time.new(2002)


--- a/spec/features/admin/admin_users_spec.rb
+++ b/spec/features/admin/admin_users_spec.rb
@@ -167,19 +167,36 @@ describe "Admin::Users" do
        it 'sees impersonation log out icon' do
          icon = first('.fa.fa-user-secret')

-          expect(icon).not_to eql nil
+          expect(icon).not_to be nil
        end

        it 'logs out of impersonated user back to original user' do
          find(:css, 'li.impersonation a').click

-          expect(page.find(:css, '.header-user .profile-link')['data-user']).to eql(current_user.username)
+          expect(page.find(:css, '.header-user .profile-link')['data-user']).to eq(current_user.username)
        end

        it 'is redirected back to the impersonated users page in the admin after stopping' do
          find(:css, 'li.impersonation a').click

-          expect(current_path).to eql "/admin/users/#{another_user.username}"
+          expect(current_path).to eq("/admin/users/#{another_user.username}")
+        end
+      end
+
+      context 'when impersonating a user with an expired password' do
+        before do
+          another_user.update(password_expires_at: Time.now - 5.minutes)
+          click_link 'Impersonate'
+        end
+
+        it 'does not redirect to password change page' do
+          expect(current_path).to eq('/')
+        end
+
+        it 'is redirected back to the impersonated users page in the admin after stopping' do
+          find(:css, 'li.impersonation a').click
+
+          expect(current_path).to eq("/admin/users/#{another_user.username}")
        end
      end
    end