Skip to content
Snippets Groups Projects
Verified Commit 9198967a authored by Bogdan Denkovych's avatar Bogdan Denkovych :one:
Browse files

Allow reset password when password auth is partially disabled

parent d02cd1e5
1 merge request!147198Allow reset password when password auth is partially disabled
......@@ -14,7 +14,11 @@ def send_reset_password_instructions(attributes = {})
return super unless email
recoverable = email.user
return recoverable.password_auth_unavailable_error! unless recoverable.allow_password_authentication_for_web?
unless recoverable.allow_password_authentication?
recoverable.errors.add(:password, :unavailable, message: _('Password authentication is unavailable.'))
return recoverable
end
recoverable.send_reset_password_instructions(to: email.email)
recoverable
......@@ -29,11 +33,6 @@ def send_reset_password_instructions(opts = {})
token
end
def password_auth_unavailable_error!
errors.add(:password, :unavailable, message: _('Password authentication is unavailable.'))
self
end
protected
def send_reset_password_instructions_notification(token, opts = {})
......
......@@ -68,8 +68,11 @@
end
shared_examples "does not send 'Reset password instructions' email when password auth is not allowed" do
it 'find the user with error' do
expect(send_reset_password_instructions).to be_instance_of User
it 'finds the user' do
expect(send_reset_password_instructions).to eq(expected_user)
end
it 'returns the user with error' do
expect(send_reset_password_instructions.errors[:password])
.to include(_('Password authentication is unavailable.'))
end
......@@ -91,14 +94,6 @@
let(:email) { user_confirmed_primary_email }
it_behaves_like "sends 'Reset password instructions' email"
context 'when password authentication is not allowed' do
before do
allow(Gitlab::CurrentSettings).to receive_messages(password_authentication_enabled_for_web?: false)
end
it_behaves_like "does not send 'Reset password instructions' email when password auth is not allowed"
end
end
context "when email param matches user's unconfirmed primary email" do
......@@ -167,22 +162,52 @@
it_behaves_like "does not send 'Reset password instructions' email"
end
context 'with an LDAP user' do
let_it_be(:ldap_user) { create(:omniauth_user, :ldap) }
context 'for password authentication availability' do
let(:expected_user) { create(:user) }
let(:email) { expected_user.email }
context 'with a confirmed primary email' do
let(:email) { ldap_user.email }
it_behaves_like "sends 'Reset password instructions' email"
it_behaves_like "does not send 'Reset password instructions' email when password auth is not allowed"
context 'when password authentication is disabled for web' do
before do
stub_application_setting(password_authentication_enabled_for_web: false)
end
it_behaves_like "sends 'Reset password instructions' email"
end
context 'with a confirmed secondary email' do
let(:email) do
create(:email, :confirmed, user: ldap_user, email: 'confirmed-secondary-ldap-email@example.com').email
context 'when password authentication is disabled for git' do
before do
stub_application_setting(password_authentication_enabled_for_git: false)
end
it_behaves_like "sends 'Reset password instructions' email"
end
context 'when password authentication is disabled' do
before do
stub_application_setting(password_authentication_enabled_for_web: false)
stub_application_setting(password_authentication_enabled_for_git: false)
end
it_behaves_like "does not send 'Reset password instructions' email when password auth is not allowed"
end
context 'for an LDAP user' do
let(:expected_user) { create(:omniauth_user, :ldap) }
context "when email param is user's primary email" do
it_behaves_like "does not send 'Reset password instructions' email when password auth is not allowed"
end
context "when email param is user's confirmed secondary email" do
let(:email) do
create(:email, :confirmed, user: expected_user, email: 'confirmed-secondary-ldap-email@example.com').email
end
it_behaves_like "does not send 'Reset password instructions' email when password auth is not allowed"
end
end
end
end
end
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment