avoid authentication after password update

6 years ago · e8c42db1a7
parent 4c4124c528
commit e8c42db1a7
2 changed files with 17 additions and 9 deletions
--- a/app/controllers/password_change_controller.rb
+++ b/app/controllers/password_change_controller.rb
@ -48,10 +48,7 @@ class PasswordChangeController < ApplicationController
    end

    if @user.update_in_central && @user.save
-      params[:email] = @user.username
-      params[:password] = pw
-
-      authenticate!(:password, scope: @user.username)
+      warden.set_user(@user, scope: @user.username)
      CartoDB::Stats::Authentication.instance.increment_login_counter(@user.email)

      redirect_to session.delete('return_to') ||
--- a/spec/requests/password_change_controller_spec.rb
+++ b/spec/requests/password_change_controller_spec.rb
@ -92,18 +92,29 @@ describe PasswordChangeController do
      response.body.should include 'must be at least'
    end

-    it 'changes password and authenticate session' do
+    it 'changes password' do
      login_as(@user, scope: @user.username)

      put password_change_url(@user.username), payload_ok, @headers

-      @user.reload
-      @user.validate_old_password('password123')
-      @user.last_password_change_date.should be
+      @user.reload.last_password_change_date.should be
+    end
+
+    it 'does not require to authenticate again' do
+      login_as(@user, scope: @user.username)
+
+      PasswordChangeController.any_instance.expects(:authenticate!).never
+
+      put password_change_url(@user.username), payload_ok, @headers
+    end
+
+    it 'redirects to dashboard by default' do
+      login_as(@user, scope: @user.username)
+
+      put password_change_url(@user.username), payload_ok, @headers

      follow_redirect!
      request.path.should eq dashboard_path
-
    end
  end
 end