From 1cd049789a22c2fa24236d0237a8747e3f871795 Mon Sep 17 00:00:00 2001 From: Tomoya Chiba Date: Thu, 18 May 2017 11:04:30 +0900 Subject: [PATCH] Enable users to update password without inputing current password once --- .../auth/registrations_controller.rb | 8 +++++++ app/models/form/oauth_registration.rb | 1 + app/models/user.rb | 23 +++++++++++++++++++ app/views/auth/registrations/edit.html.haml | 10 +++++--- ...7123337_add_dummy_password_flag_to_user.rb | 5 ++++ db/schema.rb | 3 ++- 6 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 db/migrate/20170517123337_add_dummy_password_flag_to_user.rb diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb index dd30be32a40e98..c936c613c18b60 100644 --- a/app/controllers/auth/registrations_controller.rb +++ b/app/controllers/auth/registrations_controller.rb @@ -32,6 +32,14 @@ def check_enabled_registrations redirect_to root_path if single_user_mode? || !Setting.open_registrations end + def update_resource(resource, params) + if resource.try(:has_dummy_password?) + resource.update_without_current_password(params) + else + super + end + end + private def determine_layout diff --git a/app/models/form/oauth_registration.rb b/app/models/form/oauth_registration.rb index e2757120a2826a..0bdea4e7932488 100644 --- a/app/models/form/oauth_registration.rb +++ b/app/models/form/oauth_registration.rb @@ -66,6 +66,7 @@ def build_user locale: locale, password: password, password_confirmation: password, + dummy_password_flag: true, account_attributes: { username: username, avatar: avatar diff --git a/app/models/user.rb b/app/models/user.rb index 97b96d5a6f2fbf..3d174ae6f1c931 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -21,6 +21,8 @@ class User < ApplicationRecord scope :admins, -> { where(admin: true) } scope :confirmed, -> { where.not(confirmed_at: nil) } + before_validation :disable_dummy_password_flag, on: :update, if: :encrypted_password_changed? + def confirmed? confirmed_at.present? end @@ -40,4 +42,25 @@ def setting_boost_modal def setting_auto_play_gif settings.auto_play_gif end + + def has_dummy_password? + dummy_password_flag + end + + def disable_dummy_password_flag + self.dummy_password_flag = false + true + end + + def update_without_current_password(params, *options) + if params[:password].blank? + params.delete(:password) + params.delete(:password_confirmation) if params[:password_confirmation].blank? + end + p params + + result = update_attributes(params, *options) + clean_up_passwords + result + end end diff --git a/app/views/auth/registrations/edit.html.haml b/app/views/auth/registrations/edit.html.haml index 39b726f9c21190..e878a5111e8205 100644 --- a/app/views/auth/registrations/edit.html.haml +++ b/app/views/auth/registrations/edit.html.haml @@ -5,9 +5,13 @@ = render 'shared/error_messages', object: resource = f.input :email, placeholder: t('simple_form.labels.defaults.email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.email') } - = f.input :password, autocomplete: "off", placeholder: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password') } - = f.input :password_confirmation, autocomplete: "off", placeholder: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password') } - = f.input :current_password, autocomplete: "off", placeholder: t('simple_form.labels.defaults.current_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.current_password') } + - if current_user.has_dummy_password? + = f.input :password, autocomplete: "off", placeholder: t('simple_form.labels.defaults.password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.password') } + = f.input :password_confirmation, autocomplete: "off", placeholder: t('simple_form.labels.defaults.confirm_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_password') } + - else + = f.input :password, autocomplete: "off", placeholder: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password') } + = f.input :password_confirmation, autocomplete: "off", placeholder: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password') } + = f.input :current_password, autocomplete: "off", placeholder: t('simple_form.labels.defaults.current_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.current_password') } .actions = f.button :button, t('generic.save_changes'), type: :submit diff --git a/db/migrate/20170517123337_add_dummy_password_flag_to_user.rb b/db/migrate/20170517123337_add_dummy_password_flag_to_user.rb new file mode 100644 index 00000000000000..db88026169b57f --- /dev/null +++ b/db/migrate/20170517123337_add_dummy_password_flag_to_user.rb @@ -0,0 +1,5 @@ +class AddDummyPasswordFlagToUser < ActiveRecord::Migration[5.0] + def change + add_column :users, :dummy_password_flag, :boolean, default: false, null: false + end +end diff --git a/db/schema.rb b/db/schema.rb index dd574a755f8158..8d700d8d6c12ae 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20170504103736) do +ActiveRecord::Schema.define(version: 20170517123337) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -336,6 +336,7 @@ t.boolean "otp_required_for_login" t.datetime "last_emailed_at" t.string "otp_backup_codes", array: true + t.boolean "dummy_password_flag", default: false, null: false t.index ["account_id"], name: "index_users_on_account_id", using: :btree t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true, using: :btree t.index ["email"], name: "index_users_on_email", unique: true, using: :btree