Allow AuthSources to control if they allow password changes.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3745 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/my_controller.rb

@@ -77,7 +77,7 @@ class MyController < ApplicationController
   # Manage user's password
   def password
     @user = User.current
-    if @user.auth_source_id
+    unless @user.change_password_allowed?
       flash[:error] = l(:notice_can_t_change_password)
       redirect_to :action => 'account'
       return

app/models/auth_source.rb

@@ -32,6 +32,15 @@ class AuthSource < ActiveRecord::Base
     "Abstract"
   end
 
+  def allow_password_changes?
+    self.class.allow_password_changes?
+  end
+
+  # Does this auth source backend allow password changes?
+  def self.allow_password_changes?
+    false
+  end
+
   # Try to authenticate a user not yet registered against available sources
   def self.authenticate(login, password)
     AuthSource.find(:all, :conditions => ["onthefly_register=?", true]).each do |source|

app/models/user.rb

@@ -71,7 +71,7 @@ class User < Principal
   
   def before_save
     # update hashed_password if password was set
-    self.hashed_password = User.hash_password(self.password) if self.password
+    self.hashed_password = User.hash_password(self.password) if self.password && self.auth_source_id.blank?
   end
   
   def reload(*args)
@@ -116,7 +116,7 @@ class User < Principal
         user.language = Setting.default_language
         if user.save
           user.reload
-          logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger
+          logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source
         end
       end
     end    
@@ -161,7 +161,17 @@ class User < Principal
   end
 
   def check_password?(clear_password)
-    User.hash_password(clear_password) == self.hashed_password
+    if auth_source_id.present?
+      auth_source.authenticate(self.login, clear_password)
+    else
+      User.hash_password(clear_password) == self.hashed_password
+    end
+  end
+
+  # Does the backend storage allow this user to change their password?
+  def change_password_allowed?
+    return true if auth_source_id.blank?
+    return auth_source.allow_password_changes?
   end
 
   # Generate and set a random password.  Useful for automated user creation

app/views/my/account.rhtml

@@ -1,5 +1,5 @@
 <div class="contextual">
-<%= link_to(l(:button_change_password), :action => 'password') unless @user.auth_source_id %>
+<%= link_to(l(:button_change_password), :action => 'password') if @user.change_password_allowed? %>
 <%= call_hook(:view_my_account_contextual, :user => @user)%>
 </div>
 <h2><%=l(:label_my_account)%></h2>

test/unit/user_test.rb

@@ -273,6 +273,32 @@ class UserTest < ActiveSupport::TestCase
     assert !u.password.blank?
     assert !u.password_confirmation.blank?
   end
+
+  context "#change_password_allowed?" do
+    should "be allowed if no auth source is set" do
+      user = User.generate_with_protected!
+      assert user.change_password_allowed?
+    end
+
+    should "delegate to the auth source" do
+      user = User.generate_with_protected!
+      
+      allowed_auth_source = AuthSource.generate!
+      def allowed_auth_source.allow_password_changes?; true; end
+
+      denied_auth_source = AuthSource.generate!
+      def denied_auth_source.allow_password_changes?; false; end
+
+      assert user.change_password_allowed?
+
+      user.auth_source = allowed_auth_source
+      assert user.change_password_allowed?, "User not allowed to change password, though auth source does"
+
+      user.auth_source = denied_auth_source
+      assert !user.change_password_allowed?, "User allowed to change password, though auth source does not"
+    end
+
+  end
   
   if Object.const_defined?(:OpenID)