debian-mirror-gitlab/app/controllers/profiles/passwords_controller.rb

# frozen_string_literal: true

class Profiles::PasswordsController < Profiles::ApplicationController
  skip_before_action :check_password_expiration, only: [:new, :create]
  skip_before_action :check_two_factor_requirement, only: [:new, :create]

  before_action :set_user
  before_action :authorize_change_password!

  layout :determine_layout

  feature_category :authentication_and_authorization

  def new
  end

  def create
    unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password])
      redirect_to new_profile_password_path, alert: _('You must provide a valid current password')
      return
    end

    password_attributes = {
      password: user_params[:password],
      password_confirmation: user_params[:password_confirmation],
      password_automatically_set: false
    }

    result = Users::UpdateService.new(current_user, password_attributes.merge(user: @user)).execute

    if result[:status] == :success
      Users::UpdateService.new(current_user, user: @user, password_expires_at: nil).execute

      redirect_to root_path, notice: _('Password successfully changed')
    else
      render :new
    end
  end

  def edit
  end

  def update
    password_attributes = user_params.select do |key, value|
      %w(password password_confirmation).include?(key.to_s)
    end
    password_attributes[:password_automatically_set] = false

    unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password])
      redirect_to edit_profile_password_path, alert: _('You must provide a valid current password')
      return
    end

    result = Users::UpdateService.new(current_user, password_attributes.merge(user: @user)).execute

    if result[:status] == :success
      flash[:notice] = _('Password was successfully updated. Please sign in again.')
      redirect_to new_user_session_path
    else
      @user.reset
      render 'edit'
    end
  end

  def reset
    current_user.send_reset_password_instructions
    redirect_to edit_profile_password_path, notice: _('We sent you an email with reset password instructions')
  end

  private

  def set_user
    @user = current_user
  end

  def determine_layout
    if [:new, :create].include?(action_name.to_sym)
      'application'
    else
      'profile'
    end
  end

  def authorize_change_password!
    render_404 unless @user.allow_password_authentication?
  end

  def user_params
    params.require(:user).permit(:current_password, :password, :password_confirmation)
  end
end
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# frozen_string_literal: true`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`class Profiles::PasswordsController < Profiles::ApplicationController`
			`skip_before_action :check_password_expiration, only: [:new, :create]`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`skip_before_action :check_two_factor_requirement, only: [:new, :create]`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`before_action :set_user`
			`before_action :authorize_change_password!`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`layout :determine_layout`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`feature_category :authentication_and_authorization`

Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`def new`
			`end`

			`def create`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`unless @user.password_automatically_set \|\| @user.valid_password?(user_params[:current_password])`
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`redirect_to new_profile_password_path, alert: _('You must provide a valid current password')`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`return`
			`end`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`password_attributes = {`
			`password: user_params[:password],`
			`password_confirmation: user_params[:password_confirmation],`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`password_automatically_set: false`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`}`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`result = Users::UpdateService.new(current_user, password_attributes.merge(user: @user)).execute`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
			`if result[:status] == :success`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`Users::UpdateService.new(current_user, user: @user, password_expires_at: nil).execute`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`redirect_to root_path, notice: _('Password successfully changed')`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`else`
			`render :new`
			`end`
			`end`

			`def edit`
			`end`

			`def update`
			`password_attributes = user_params.select do \|key, value\|`
			`%w(password password_confirmation).include?(key.to_s)`
			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`password_attributes[:password_automatically_set] = false`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`unless @user.password_automatically_set \|\| @user.valid_password?(user_params[:current_password])`
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`redirect_to edit_profile_password_path, alert: _('You must provide a valid current password')`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`return`
			`end`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`result = Users::UpdateService.new(current_user, password_attributes.merge(user: @user)).execute`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30
			`if result[:status] == :success`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`flash[:notice] = _('Password was successfully updated. Please sign in again.')`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`redirect_to new_user_session_path`
			`else`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`@user.reset`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`render 'edit'`
			`end`
			`end`

			`def reset`
			`current_user.send_reset_password_instructions`
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`redirect_to edit_profile_password_path, notice: _('We sent you an email with reset password instructions')`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`end`

			`private`

			`def set_user`
			`@user = current_user`
			`end`

			`def determine_layout`
			`if [:new, :create].include?(action_name.to_sym)`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`'application'`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`else`
			`'profile'`
			`end`
			`end`

			`def authorize_change_password!`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`render_404 unless @user.allow_password_authentication?`
Imported Upstream version 7.2.1 2014-09-02 18:07:02 +05:30			`end`

			`def user_params`
			`params.require(:user).permit(:current_password, :password, :password_confirmation)`
			`end`
			`end`