meineerde/redmine
1
0
Fork 0
mirror of https://github.com/meineerde/redmine.git synced 2025-12-19 15:01:14 +00:00
Code Issues Releases Wiki Activity

Password reset should count as a password change for User#must_change_passwd (#25253).

Browse Source 
Patch by Felix Schäfer.

git-svn-id: http://svn.redmine.org/redmine/trunk@16374 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2017-03-05 09:16:16 +00:00
parent 6865c96d99
commit 89daf0f16a
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/controllers/account_controller.rb
View File

@ -80,13 +80,18 @@ class AccountController < ApplicationController
return return
end end
if request.post? if request.post?
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation] if @user.must_change_passwd? && @user.check_password?(params[:new_password])
if @user.save flash.now[:error] = l(:notice_new_password_must_be_different)
@token.destroy else
Mailer.password_updated(@user) @user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
flash[:notice] = l(:notice_account_password_updated) @user.must_change_passwd = false
redirect_to signin_path if @user.save
return @token.destroy
Mailer.password_updated(@user)
flash[:notice] = l(:notice_account_password_updated)
redirect_to signin_path
return
end
end end
end end
render :template => "account/password_recovery" render :template => "account/password_recovery"