mirror of
https://github.com/discourse/discourse.git
synced 2024-11-26 05:33:40 +08:00
e97ef7e9af
This commit adds the ability for site administrators to mark users' passwords as expired. Note that this commit does not add any client side interface to mark a user's password as expired. The following changes are introduced in this commit: 1. Adds a `user_passwords` table and `UserPassword` model. While the `user_passwords` table is currently used to only store expired passwords, it will be used in the future to store a user's current password as well. 2. Adds a `UserPasswordExpirer.expire_user_password` method which can be used from the Rails console to mark a user's password as expired. 3. Updates `SessionsController#create` to check that the user's current password has not been marked as expired after confirming the password. If the password is determined to be expired based on the existence of a `UserPassword` record with the `password_expired_at` column set, we will not log the user in and will display a password expired notice. A forgot password email is automatically send out to the user as well.
24 lines
749 B
Ruby
24 lines
749 B
Ruby
# frozen_string_literal: true
|
|
|
|
RSpec.describe UserPasswordExpirer do
|
|
fab!(:password) { "somerandompassword" }
|
|
fab!(:user) { Fabricate(:user, password:) }
|
|
|
|
describe ".expire_user_password" do
|
|
it "should create a new UserPassword record with the user's current password information" do
|
|
freeze_time
|
|
|
|
described_class.expire_user_password(user)
|
|
|
|
expect(user.passwords.count).to eq(1)
|
|
|
|
user_password = user.passwords.first
|
|
|
|
expect(user_password.password_hash).to eq(user.password_hash)
|
|
expect(user_password.password_salt).to eq(user.salt)
|
|
expect(user_password.password_algorithm).to eq(user.password_algorithm)
|
|
expect(user_password.password_expired_at).to eq_time(Time.zone.now)
|
|
end
|
|
end
|
|
end
|