From 2314c08265f605076387196dae89c8480a87d3d8 Mon Sep 17 00:00:00 2001
From: zhitomirskiyi <ilya@joindiaspora.com>
Date: Mon, 24 Jan 2011 22:39:57 -0800
Subject: [PATCH] current password requirement to change password

---
 app/controllers/users_controller.rb       |  4 +-
 app/views/users/edit.html.haml            |  3 ++
 config/locales/diaspora/en.yml            |  1 +
 spec/controllers/users_controller_spec.rb | 57 ++++++++---------------
 4 files changed, 25 insertions(+), 40 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 81317021e..03c4a95f8 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -27,8 +27,8 @@ class UsersController < ApplicationController
       @user.update_attributes(:disable_mail => params[:user][:disable_mail])
       flash[:notice] = I18n.t 'users.update.email_notifications_changed'
     # change passowrd
-    elsif params[:user][:password] && params[:user][:password_confirmation]
-      if @user.update_attributes(:password => params[:user][:password], :password_confirmation => params[:user][:password_confirmation])
+    elsif params[:user][:current_password] && params[:user][:password] && params[:user][:password_confirmation]
+      if @user.update_with_password(params[:user])
         flash[:notice] = I18n.t 'users.update.password_changed'
       else
         flash[:error] = I18n.t 'users.update.password_not_changed'
diff --git a/app/views/users/edit.html.haml b/app/views/users/edit.html.haml
index 3a813eb82..d09ab30bc 100644
--- a/app/views/users/edit.html.haml
+++ b/app/views/users/edit.html.haml
@@ -50,6 +50,9 @@
   = form_for @user do |f|
     = f.error_messages
 
+    %p
+      = f.label :current_password, t('.current_password')
+      = f.password_field :current_password
     %p
       = f.label :password, t('.new_password')
       = f.password_field :password
diff --git a/config/locales/diaspora/en.yml b/config/locales/diaspora/en.yml
index 18db07bc6..3acbc3bb8 100644
--- a/config/locales/diaspora/en.yml
+++ b/config/locales/diaspora/en.yml
@@ -205,6 +205,7 @@ en:
           change_language: "Change Language"
           change_password: "Change Password"
           new_password: "New Password"
+          current_password: "Current password"
           download_xml: "download my xml"
           download_photos: "download my photos"
           your_handle: "Your diaspora handle"
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 84304444a..628bd5531 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -7,14 +7,10 @@ require 'spec_helper'
 describe UsersController do
   render_views
 
-  let(:user)    { alice }
-  let!(:aspect) { user.aspects.first }
-
-  let!(:old_password) { user.encrypted_password }
-  let!(:old_language) { user.language }
-
   before do
-    sign_in :user, user
+    @user = alice
+    @aspect = @user.aspects.first
+    sign_in :user, @user
   end
 
   describe '#export' do
@@ -26,59 +22,44 @@ describe UsersController do
 
   describe '#update' do
     it "doesn't overwrite random attributes" do
-      params  = { :id => user.id,
+      params  = { :id => @user.id,
                   :user => { :diaspora_handle => "notreal@stuff.com" } }
       lambda {
         put :update, params
-      }.should_not change(user, :diaspora_handle)
+      }.should_not change(@user, :diaspora_handle)
     end
 
     context 'password updates' do
-      it 'allows a user to change his password' do
-        put(:update, :id => user.id, :user =>
-            { :password => "foobaz",
-              :password_confirmation => "foobaz" }
-           )
-        user.reload
-        user.encrypted_password.should_not == old_password
+      before do
+        @password_params = {:current_password => 'bluepin7',
+                            :password => "foobaz",
+                            :password_confirmation => "foobaz"}
       end
 
-      it 'requires a matching password confirmation' do
-        put(:update, :id => user.id, :user =>
-            { :password => "foobarz",
-              :password_confirmation => "not_the_same"}
-           )
-        user.reload
-        user.encrypted_password.should == old_password
-      end
-
-      it 'does not update if the password fields are left blank' do
-        put(:update, :id => user.id, :user =>
-            { :password => "",
-              :password_confirmation => ""}
-           )
-        user.reload
-        user.encrypted_password.should == old_password
+      it "uses devise's update with password" do
+        @user.should_receive(:update_with_password).with(hash_including(@password_params))
+        @controller.stub!(:current_user).and_return(@user)
+        put :update, :id => @user.id, :user => @password_params
       end
     end
 
     describe 'language' do
       it 'allow the user to change his language' do
         old_language = 'en'
-        user.language = old_language
-        user.save
-        put(:update, :id => user.id, :user =>
+        @user.language = old_language
+        @user.save
+        put(:update, :id => @user.id, :user =>
             { :language => "fr"}
            )
-        user.reload
-        user.language.should_not == old_language
+        @user.reload
+        @user.language.should_not == old_language
       end
     end
   end
 
   describe '#edit' do
     it "returns a 200" do
-      get 'edit', :id => user.id
+      get 'edit', :id => @user.id
       response.status.should == 200
     end
   end