Commit 6304fe44 authored by Rubén Dávila's avatar Rubén Dávila 🌴

Allow logged in user to change his password

Users were unable to change their password through the "Reset password"
link that was sent to their email if they were logged in. This is due to
a default controller filter from Devise that requires the user to not be
logged in in order to use this link.
parent ff077cf7
Pipeline #15672736 passed with stages
in 85 minutes and 20 seconds
class PasswordsController < Devise::PasswordsController
include Gitlab::CurrentSettings
skip_before_action :require_no_authentication, only: [:edit, :update]
before_action :resource_from_email, only: [:create]
before_action :check_password_authentication_available, only: [:create]
before_action :throttle_reset, only: [:create]
......@@ -33,6 +33,25 @@ feature 'Password reset' do
describe 'Changing password while logged in' do
it 'updates the password' do
user = create(:user)
token = user.send_reset_password_instructions
visit(edit_user_password_path(reset_password_token: token))
fill_in 'New password', with: 'hello1234'
fill_in 'Confirm new password', with: 'hello1234'
click_button 'Change your password'
expect(page).to have_content(I18n.t('devise.passwords.updated_not_active'))
expect(current_path).to eq new_user_session_path
def forgot_password(user)
visit root_path
click_on 'Forgot your password?'
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment