Allow AuthSources to control if they allow password changes.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3745 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Eric Davis 2010-05-23 03:16:37 +00:00
parent 715c9d16ef
commit 908d44519c
5 changed files with 50 additions and 5 deletions

View File

@ -77,7 +77,7 @@ class MyController < ApplicationController
# Manage user's password
def password
@user = User.current
if @user.auth_source_id
unless @user.change_password_allowed?
flash[:error] = l(:notice_can_t_change_password)
redirect_to :action => 'account'
return

View File

@ -32,6 +32,15 @@ class AuthSource < ActiveRecord::Base
"Abstract"
end
def allow_password_changes?
self.class.allow_password_changes?
end
# Does this auth source backend allow password changes?
def self.allow_password_changes?
false
end
# Try to authenticate a user not yet registered against available sources
def self.authenticate(login, password)
AuthSource.find(:all, :conditions => ["onthefly_register=?", true]).each do |source|

View File

@ -71,7 +71,7 @@ class User < Principal
def before_save
# update hashed_password if password was set
self.hashed_password = User.hash_password(self.password) if self.password
self.hashed_password = User.hash_password(self.password) if self.password && self.auth_source_id.blank?
end
def reload(*args)
@ -116,7 +116,7 @@ class User < Principal
user.language = Setting.default_language
if user.save
user.reload
logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger
logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source
end
end
end
@ -161,7 +161,17 @@ class User < Principal
end
def check_password?(clear_password)
User.hash_password(clear_password) == self.hashed_password
if auth_source_id.present?
auth_source.authenticate(self.login, clear_password)
else
User.hash_password(clear_password) == self.hashed_password
end
end
# Does the backend storage allow this user to change their password?
def change_password_allowed?
return true if auth_source_id.blank?
return auth_source.allow_password_changes?
end
# Generate and set a random password. Useful for automated user creation

View File

@ -1,5 +1,5 @@
<div class="contextual">
<%= link_to(l(:button_change_password), :action => 'password') unless @user.auth_source_id %>
<%= link_to(l(:button_change_password), :action => 'password') if @user.change_password_allowed? %>
<%= call_hook(:view_my_account_contextual, :user => @user)%>
</div>
<h2><%=l(:label_my_account)%></h2>

View File

@ -273,6 +273,32 @@ class UserTest < ActiveSupport::TestCase
assert !u.password.blank?
assert !u.password_confirmation.blank?
end
context "#change_password_allowed?" do
should "be allowed if no auth source is set" do
user = User.generate_with_protected!
assert user.change_password_allowed?
end
should "delegate to the auth source" do
user = User.generate_with_protected!
allowed_auth_source = AuthSource.generate!
def allowed_auth_source.allow_password_changes?; true; end
denied_auth_source = AuthSource.generate!
def denied_auth_source.allow_password_changes?; false; end
assert user.change_password_allowed?
user.auth_source = allowed_auth_source
assert user.change_password_allowed?, "User not allowed to change password, though auth source does"
user.auth_source = denied_auth_source
assert !user.change_password_allowed?, "User allowed to change password, though auth source does not"
end
end
if Object.const_defined?(:OpenID)