James A. wrote:
Please do work on it - patches are greatly appreciated.
On 3/29/06, Jim M. [email protected] wrote:
If no one else is working on it I’ll post a patch when I’m done.
Posted via http://www.ruby-forum.com/.
engine-developers mailing list
Ok I attached two patches to ticket #70. I have tested it with User
Engine, but I cannot run a full regression test as I can’t get any of
the tests to run and pass (even without any patches!)
Basically it adds a password field in the _password.rhtml partial if the
request came from a user changing their own password, and adds the logic
to the controller to check that the existing password is correct if one
existed in the first place. This also works well with userengine, and
allows the admin to change another persons password without the need to
type in the existing password. I also added some error testing in the
controllers which were ignoring return errors.
However this opens up another security question as to whether the admin
should be prompted for their password before allowing any changes like
this. I think it could be made an optional configuration, I’ll look into