Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-06 13:25:44 +01:00
Code Issues Packages Projects Releases Activity

Security notification is not sent when an admin changes the password of a user (#32199).

Browse Source 
Patch by Yuichi HARADA.


git-svn-id: http://svn.redmine.org/redmine/trunk@21006 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Go MAEDA
2021-05-24 06:28:23 +00:00
parent 97c2607da4
commit a8a87ef47e
2 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/users_controller.rb
View File

@@ -153,7 +153,8 @@ class UsersController < ApplicationController
end end
def update def update
if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?) is_updating_password = params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
if is_updating_password
@user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
end end
@user.safe_attributes = params[:user] @user.safe_attributes = params[:user]
@@ -165,6 +166,7 @@ class UsersController < ApplicationController
if @user.save if @user.save
@user.pref.save @user.pref.save
Mailer.deliver_password_updated(@user, User.current) if is_updating_password
if was_activated if was_activated
Mailer.deliver_account_activated(@user) Mailer.deliver_account_activated(@user)
elsif @user.active? && params[:send_information] && @user != User.current elsif @user.active? && params[:send_information] && @user != User.current

18
test/functional/users_controller_test.rb
View File

@@ -590,6 +590,24 @@ class UsersControllerTest < Redmine::ControllerTest
assert_mail_body_match 'newpass123', mail assert_mail_body_match 'newpass123', mail
end end
def test_update_with_password_change_by_admin_should_send_a_security_notification
with_settings :bcc_recipients => '0' do
ActionMailer::Base.deliveries.clear
user = User.find_by(login: 'jsmith')
put :update, :params => {
:id => user.id,
:user => {:password => 'newpass123', :password_confirmation => 'newpass123'}
}
assert_equal 1, ActionMailer::Base.deliveries.size
mail = ActionMailer::Base.deliveries.last
assert_equal [user.mail], mail.to
assert_match 'Security notification', mail.subject
assert_mail_body_match 'Your password has been changed.', mail
end
end
def test_update_with_generate_password_should_email_the_password def test_update_with_generate_password_should_email_the_password
ActionMailer::Base.deliveries.clear ActionMailer::Base.deliveries.clear
with_settings :bcc_recipients => '1' do with_settings :bcc_recipients => '1' do