[32178] Don't use flash in rendering change password form

https://community.openproject.com/wp/32178
pull/8005/head
Oliver Günther 5 years ago
parent b3d886e437
commit 743cceecb3
No known key found for this signature in database
GPG Key ID: A3A8BDAD7C0C552C
  1. 2
      app/controllers/account_controller.rb
  2. 1
      app/controllers/concerns/user_password_change.rb
  3. 1
      app/views/my/password.html.erb
  4. 4
      spec/controllers/account_controller_spec.rb

@ -250,7 +250,7 @@ class AccountController < ApplicationController
# When making changes here, also check MyController.change_password
def change_password
# Retrieve user_id from session
@user = User.find(flash[:_password_change_user_id])
@user = User.find(params[:password_change_user_id])
change_password_flow(user: @user, params: params, show_user_name: true) do
password_authentication(@user.login, params[:new_password])

@ -81,7 +81,6 @@ module Concerns::UserPasswordChange
def render_password_change(user, message, show_user_name: false)
flash[:error] = message unless message.nil?
flash[:_password_change_user_id] = user.id
@user = user
@username = user.login
render 'my/password', locals: { show_user_name: show_user_name }

@ -34,6 +34,7 @@ See docs/COPYRIGHT.rdoc for more details.
<%= styled_form_tag({ action: :change_password },
{ autocomplete: 'off', class: 'form -wide-labels' }) do %>
<%= back_url_hidden_field_tag %>
<%= hidden_field_tag :password_change_user_id, @user.id %>
<section class="form--section">
<%= render partial: 'my/password_form_fields',
locals: { show_user_name: !!(defined? show_user_name) ? show_user_name : nil,

@ -421,10 +421,8 @@ describe AccountController, type: :controller do
describe "User who is not allowed to change password can't login" do
before do
post 'change_password',
flash: {
_password_change_user_id: admin.id
},
params: {
password_change_user_id: admin.id,
username: admin.login,
password: 'adminADMIN!',
new_password: 'adminADMIN!New',

Loading…
Cancel
Save