Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FEATURE: Log password changes in UserHistory (#6600)

This commit is contained in:
David Taylor 2018-11-14 00:32:42 +00:00 committed by Guo Xiang Tan
parent 38a9bc740d
commit 17bc82765b
3 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/users_controller.rb
View File

@ -497,6 +497,11 @@ class UsersController < ApplicationController
Invite.invalidate_for_email(@user.email) # invite link can't be used to log in anymore
secure_session["password-#{token}"] = nil
secure_session["second-factor-#{token}"] = nil
UserHistory.create!(
target_user: @user,
acting_user: @user,
action: UserHistory.actions[:change_password]
)
logon_after_password_reset
end
end

3
app/models/user_history.rb
View File

@ -82,7 +82,8 @@ class UserHistory < ActiveRecord::Base
removed_unsuspend_user: 63,
post_rejected: 64,
merge_user: 65,
entity_export: 66
entity_export: 66,
change_password: 67
)
end

16
spec/requests/users_controller_spec.rb
View File

@ -235,6 +235,22 @@ describe UsersController do
expect(response).to redirect_to(wizard_path)
end
it "logs the password change" do
user = Fabricate(:admin)
UserAuthToken.generate!(user_id: user.id)
token = user.email_tokens.create(email: user.email).token
get "/u/password-reset/#{token}"
expect do
put "/u/password-reset/#{token}", params: { password: 'hg9ow8yhg98oadminlonger' }
end.to change { UserHistory.count }.by (1)
entry = UserHistory.last
expect(entry.target_user_id).to eq(user.id)
expect(entry.action).to eq(UserHistory.actions[:change_password])
end
it "doesn't invalidate the token when loading the page" do
user = Fabricate(:user)
user_token = UserAuthToken.generate!(user_id: user.id)