Merge pull request #14298 from CartoDB/14295-eumapi_expired_password

14295 eumapi expired password
6 years ago · e7e834c6f8
parent 9ffd42c11e 1c8cc194f9
commit e7e834c6f8
5 changed files with 51 additions and 3 deletions
--- a/NEWS.md
+++ b/NEWS.md
@ -5,7 +5,7 @@ Development
 - None yet

 ### Features
- None yet
+- Support forcing password change upon first login in EUMAPI (#14295)

 ### Bug fixes / enhancements
 - Correctly set the logger level, instead of log rotation (#14302)
--- a/app/controllers/carto/api/organization_users_controller.rb
+++ b/app/controllers/carto/api/organization_users_controller.rb
@ -68,6 +68,10 @@ module Carto
          account_creator.with_soft_mapzen_routing_limit(create_params[:soft_mapzen_routing_limit])
        end

+        if create_params[:force_password_change] == true
+          account_creator.with_force_password_change
+        end
+
        unless account_creator.valid_creation?(current_viewer)
          render_jsonp(account_creator.validation_errors.full_messages, 410)
          return
@ -162,7 +166,7 @@ module Carto
      # TODO: Use native strong params when in Rails 4+
      def create_params
        @create_params ||=
-          permit(COMMON_MUTABLE_ATTRIBUTES + [:username])
+          permit(COMMON_MUTABLE_ATTRIBUTES + [:username, :force_password_change])
      end

      # TODO: Use native strong params when in Rails 4+
--- a/app/models/carto/user_creation.rb
+++ b/app/models/carto/user_creation.rb
@ -52,6 +52,7 @@ class Carto::UserCreation < ActiveRecord::Base
    user_creation.created_via = created_via
    user_creation.viewer = user.viewer || false
    user_creation.org_admin = user.org_admin || false
+    user_creation.last_password_change_date = user.last_password_change_date

    user_creation
  end
@ -234,6 +235,7 @@ class Carto::UserCreation < ActiveRecord::Base
    @cartodb_user.soft_mapzen_routing_limit = soft_mapzen_routing_limit unless soft_mapzen_routing_limit.nil?
    @cartodb_user.viewer = viewer if viewer
    @cartodb_user.org_admin = org_admin if org_admin
+    @cartodb_user.last_password_change_date = last_password_change_date unless last_password_change_date.nil?

    if pertinent_invitation
      @cartodb_user.viewer = pertinent_invitation.viewer
--- a/lib/user_account_creator.rb
+++ b/lib/user_account_creator.rb
@ -33,6 +33,7 @@ module CartoDB
      @user_params = {}
      @custom_errors = {}
      @created_via = created_via
+      @force_password_change = false
    end

    def with_username(value)
@ -83,6 +84,11 @@ module CartoDB
      with_param(PARAM_ORG_ADMIN, value)
    end

+    def with_force_password_change
+      @built = false
+      @force_password_change = true
+    end
+
    def with_organization(organization, viewer: false)
      @built = false
      @organization = organization
@ -156,6 +162,10 @@ module CartoDB
        end
      end

+      if @force_password_change && @user.password_expiration_in_d.nil?
+        @custom_errors[:force_password_change] = ['Cannot be set if password expiration is not configured']
+      end
+
      @custom_errors[:oauth] = 'Invalid oauth' if @oauth_api && !@oauth_api.valid?(@user)

      @user.created_via = @created_via
@ -233,6 +243,10 @@ module CartoDB
      @user.viewer = @user_params[PARAM_VIEWER] if @user_params[PARAM_VIEWER]
      @user.org_admin = @user_params[PARAM_ORG_ADMIN] if @user_params[PARAM_ORG_ADMIN]

+      if @force_password_change && @user.password_expiration_in_d.present?
+        @user.last_password_change_date = Date.today - @user.password_expiration_in_d - 1
+      end
+
      @built = true
      @user
    end
--- a/spec/requests/carto/api/organization_users_controller_spec.rb
+++ b/spec/requests/carto/api/organization_users_controller_spec.rb
@ -54,7 +54,8 @@ describe Carto::Api::OrganizationUsersController do
                  soft_obs_general_limit: nil,
                  viewer: nil,
                  org_admin: nil,
-                  email: "#{username}@carto.com")
+                  email: "#{username}@carto.com",
+                  force_password_change: false)

    params = {
      password: '2{Patrañas}',
@ -71,6 +72,7 @@ describe Carto::Api::OrganizationUsersController do
    params[:soft_obs_general_limit] = soft_obs_general_limit unless soft_obs_general_limit.nil?
    params[:viewer] = viewer if viewer
    params[:org_admin] = org_admin if org_admin
+    params[:force_password_change] = force_password_change

    params.except!(:password) unless with_password
    params
@ -349,6 +351,32 @@ describe Carto::Api::OrganizationUsersController do
      @organization.reload
      @organization.users.find { |u| u.username == username }.should be_nil
    end
+
+    describe 'with password expiration' do
+      before(:all) do
+        @organization.password_expiration_in_d = 10
+        @organization.save
+      end
+
+      after(:all) do
+        @organization.password_expiration_in_d = nil
+        @organization.save
+      end
+
+      it 'can create users with expired passwords' do
+        login(@organization.owner)
+        username = unique_name('user')
+        params = user_params(username, org_admin: true, with_password: true, force_password_change: true)
+        post_json api_v2_organization_users_create_url(id_or_name: @organization.name), params do |response|
+          response.status.should eq 200
+        end
+
+        @organization.reload
+        last_user_created = @organization.users.find { |u| u.username == username }
+        expect(last_user_created.password_expired?).to(be(true))
+        last_user_created.destroy
+      end
+    end
  end

  describe 'user update' do