From 19dda1606b4dc76160bf2198ab95f2998eccaec8 Mon Sep 17 00:00:00 2001
From: George Andrinopoulos <geoandri@gmail.com>
Date: Thu, 2 Feb 2017 12:46:14 +0200
Subject: [PATCH] Force new password after password reset via API

---
 .../unreleased/24606-force-password-reset-on-next-login.yml | 4 ++++
 lib/api/users.rb                                            | 2 ++
 spec/requests/api/users_spec.rb                             | 6 ++++++
 3 files changed, 12 insertions(+)
 create mode 100644 changelogs/unreleased/24606-force-password-reset-on-next-login.yml

diff --git a/changelogs/unreleased/24606-force-password-reset-on-next-login.yml b/changelogs/unreleased/24606-force-password-reset-on-next-login.yml
new file mode 100644
index 0000000000..fd671d04a9
--- /dev/null
+++ b/changelogs/unreleased/24606-force-password-reset-on-next-login.yml
@@ -0,0 +1,4 @@
+---
+title: Force new password after password reset via API
+merge_request:
+author: George Andrinopoulos
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 11a7368b4c..0ed468626b 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -160,6 +160,8 @@ module API
           end
         end
 
+        user_params.merge!(password_expires_at: Time.now) if user_params[:password].present?
+
         if user.update_attributes(user_params.except(:extern_uid, :provider))
           present user, with: Entities::UserPublic
         else
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 5bf5bf0739..f912709695 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -305,6 +305,12 @@ describe API::Users, api: true  do
       expect(user.reload.bio).to eq('new test bio')
     end
 
+    it "updates user with new password and forces reset on next login" do
+      put api("/users/#{user.id}", admin), { password: '12345678' }
+      expect(response).to have_http_status(200)
+      expect(user.reload.password_expires_at).to be < Time.now
+    end
+
     it "updates user with organization" do
       put api("/users/#{user.id}", admin), { organization: 'GitLab' }
 
-- 
2.30.9