Enable users to update password without inputing current password once

tomoasleep · tomoasleep · commit 1cd049789a22 · 2017-05-22T13:51:15.000+09:00
diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb
@@ -32,6 +32,14 @@ def check_enabled_registrations
     redirect_to root_path if single_user_mode? || !Setting.open_registrations
   end
 
+  def update_resource(resource, params)
+    if resource.try(:has_dummy_password?)
+      resource.update_without_current_password(params)
+    else
+      super
+    end
+  end
+
   private
 
   def determine_layout
diff --git a/app/models/form/oauth_registration.rb b/app/models/form/oauth_registration.rb
@@ -66,6 +66,7 @@ def build_user
       locale: locale,
       password: password,
       password_confirmation: password,
+      dummy_password_flag: true,
       account_attributes: {
         username: username,
         avatar: avatar
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -21,6 +21,8 @@ class User < ApplicationRecord
   scope :admins,    -> { where(admin: true) }
   scope :confirmed, -> { where.not(confirmed_at: nil) }
 
+  before_validation :disable_dummy_password_flag, on: :update, if: :encrypted_password_changed?
+
   def confirmed?
     confirmed_at.present?
   end
@@ -40,4 +42,25 @@ def setting_boost_modal
   def setting_auto_play_gif
     settings.auto_play_gif
   end
+
+  def has_dummy_password?
+    dummy_password_flag
+  end
+
+  def disable_dummy_password_flag
+    self.dummy_password_flag = false
+    true
+  end
+
+  def update_without_current_password(params, *options)
+    if params[:password].blank?
+      params.delete(:password)
+      params.delete(:password_confirmation) if params[:password_confirmation].blank?
+    end
+    p params
+
+    result = update_attributes(params, *options)
+    clean_up_passwords
+    result
+  end
 end
diff --git a/app/views/auth/registrations/edit.html.haml b/app/views/auth/registrations/edit.html.haml
@@ -5,9 +5,13 @@
   = render 'shared/error_messages', object: resource
 
   = f.input :email, placeholder: t('simple_form.labels.defaults.email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.email') }
-  = f.input :password, autocomplete: "off", placeholder: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password') }
-  = f.input :password_confirmation, autocomplete: "off", placeholder: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password') }
-  = f.input :current_password, autocomplete: "off", placeholder: t('simple_form.labels.defaults.current_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.current_password') }
+  - if current_user.has_dummy_password?
+    = f.input :password, autocomplete: "off", placeholder: t('simple_form.labels.defaults.password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.password') }
+    = f.input :password_confirmation, autocomplete: "off", placeholder: t('simple_form.labels.defaults.confirm_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_password') }
+  - else
+    = f.input :password, autocomplete: "off", placeholder: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password') }
+    = f.input :password_confirmation, autocomplete: "off", placeholder: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password') }
+    = f.input :current_password, autocomplete: "off", placeholder: t('simple_form.labels.defaults.current_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.current_password') }
 
   .actions
     = f.button :button, t('generic.save_changes'), type: :submit
diff --git a/db/migrate/20170517123337_add_dummy_password_flag_to_user.rb b/db/migrate/20170517123337_add_dummy_password_flag_to_user.rb
@@ -0,0 +1,5 @@
+class AddDummyPasswordFlagToUser < ActiveRecord::Migration[5.0]
+  def change
+    add_column :users, :dummy_password_flag, :boolean, default: false, null: false
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170504103736) do
+ActiveRecord::Schema.define(version: 20170517123337) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -336,6 +336,7 @@
     t.boolean  "otp_required_for_login"
     t.datetime "last_emailed_at"
     t.string   "otp_backup_codes",                                       array: true
+    t.boolean  "dummy_password_flag",       default: false, null: false
     t.index ["account_id"], name: "index_users_on_account_id", using: :btree
     t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true, using: :btree
     t.index ["email"], name: "index_users_on_email", unique: true, using: :btree
