Forum: Rails Engines development anyone working on ticket #70? adding password confirmation

anyone working on ticket #70? adding password confirmation
Posted by Jim Morris (wolfmanjm)
on 2006-03-29 11:48 
This is the one where you have to type your current password before you 
can create a new password.

I need this feature and I am almost done implementing it, there are some 
edge conditions left to deal with though, like in the user engine, not 
allowing the admin to change anyones password without confirming the 
admin password (same reasons if the admin leaves the page logged in). I 
guess that could be said of a lot of other admin funtions too, but it is 
a start.

If no one else is working on it I'll post a patch when I'm done.
Edit | Move | Delete topic | Reply with quote
Re: anyone working on ticket #70? adding password confirmati
Posted by James Adam (Guest)
on 2006-03-29 11:51
(Received via mailing list) 
Please do work on it - patches are greatly appreciated.

- james

On 3/29/06, Jim Morris <morris@wolfman.com> wrote:
> If no one else is working on it I'll post a patch when I'm done.
>
> --
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> engine-developers mailing list
> engine-developers@lists.rails-engines.org
> http://lists.rails-engines.org/listinfo.cgi/engine...
>


--
* J *
  ~
Edit | Delete | Reply with quote
Re: anyone working on ticket #70? adding password confirmati
Posted by Jim Morris (wolfmanjm)
on 2006-03-30 02:19 
James Adam wrote:
> Please do work on it - patches are greatly appreciated.
> 
> - james
> 
> On 3/29/06, Jim Morris <morris@wolfman.com> wrote:
>> If no one else is working on it I'll post a patch when I'm done.
>>
>> --
>> Posted via http://www.ruby-forum.com/.
>> _______________________________________________
>> engine-developers mailing list
>> engine-developers@lists.rails-engines.org
>> http://lists.rails-engines.org/listinfo.cgi/engine...
>>
> 
> 
> --
> * J *
>   ~

Ok I attached two patches to ticket #70. I have tested it with User 
Engine, but I cannot run a full regression test as I can't get any of 
the tests to run and pass (even without any patches!)

Basically it adds a password field in the _password.rhtml partial if the 
request came from a user changing their own password, and adds the logic 
to the controller to check that the existing password is correct if one 
existed in the first place. This also works well with userengine, and 
allows the admin to change another persons password without the need to 
type in the existing password. I also added some error testing in the 
controllers which were ignoring return errors.

However this opens up another security question as to whether the admin 
should be prompted for their password before allowing any changes like 
this. I think it could be made an optional configuration, I'll look into 
that next.
Edit | Delete | Reply with quote
Enable email notification | Enable multi-page view
Please log in before posting. Registration is free and takes only a minute.
Existing account (Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
No account? Register here.
Powered by RForum and Captchator. Contact information - E-Mail: webmaster (at) ruby-forum (dot) com.