github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-29 09:57:49 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: setting new password should reset password_expired_at (#29296)

Browse Source
This commit is contained in:
Kelv
2024-10-21 07:24:43 +08:00
committed by GitHub
parent 201c174b43
commit 698748bfec
2 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/models/user_password.rb
View File

@ -59,6 +59,7 @@ class UserPassword < ActiveRecord::Base
self.password_salt = SecureRandom.hex(PASSWORD_SALT_LENGTH) self.password_salt = SecureRandom.hex(PASSWORD_SALT_LENGTH)
self.password_algorithm = TARGET_PASSWORD_ALGORITHM self.password_algorithm = TARGET_PASSWORD_ALGORITHM
self.password_hash = hash_password(@raw_password, password_salt, password_algorithm) self.password_hash = hash_password(@raw_password, password_salt, password_algorithm)
self.password_expired_at = nil
end end
def regen_password!(pw) def regen_password!(pw)

42
spec/models/user_password_spec.rb
View File

@ -1,6 +1,48 @@
# frozen_string_literal: true # frozen_string_literal: true
RSpec.describe UserPassword do RSpec.describe UserPassword do
describe "#ensure_password_is_hashed" do
let(:password) { SecureRandom.hex }
fab!(:user_password)
it "ensures password_hash, password_salt, password_algorithm are saved correctly" do
user_password.update!(password:)
expect(user_password.password_salt).not_to be_nil
expect(user_password.password_algorithm).to eq(UserPassword::TARGET_PASSWORD_ALGORITHM)
new_hash =
described_class.new.send(
:hash_password,
password,
user_password.password_salt,
user_password.password_algorithm,
)
expect(user_password.password_hash).to eq(new_hash)
end
it "does not hash the password if no password given" do
expect { user_password.update!(password: nil) }.not_to change(user_password, :password_hash)
end
context "when password was expired" do
fab!(:expired_user_password)
it "resets expired password to nil when saving new password" do
expect { expired_user_password.update!(password: SecureRandom.hex) }.to change(
expired_user_password,
:password_expired_at,
).to(nil)
end
it "does not remove password_expired_at if no password given" do
expect { expired_user_password.update!(password: nil) }.not_to change(
user_password,
:password_expired_at,
)
end
end
end
describe "#confirm_password?" do describe "#confirm_password?" do
context "when input password is same as saved password" do context "when input password is same as saved password" do
let(:pw) { SecureRandom.hex } let(:pw) { SecureRandom.hex }