Password Mismatch

When setting a password for a Web (on the "Edit Web" page), ensure that the password matches. Previously, the "verify" field was a placebo.
2008-12-20 17:54:54 -06:00 · 2008-12-20 17:54:54 -06:00 · 7828d79d35
parent 1f816af24b
commit 7828d79d35
2 changed files with 19 additions and 3 deletions
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@ -53,6 +53,8 @@ class AdminController < ApplicationController
      # form submitted
      if wiki.authenticate(system_password)
        begin
+          raise Instiki::ValidationError.new("Password for this Web didn't match") unless
+            (params['password'].empty? or params['password'] == params['password_check'])
          wiki.edit_web(
            @web.address, params['address'], params['name'], 
            params['markup'].intern, 
--- a/test/functional/admin_controller_test.rb
+++ b/test/functional/admin_controller_test.rb
@ -120,7 +120,7 @@ class AdminControllerTest < Test::Unit::TestCase
    process('edit_web', 'system_password' => 'pswd',
        'web' => 'wiki1', 'address' => 'renamed_wiki1', 'name' => 'Renamed Wiki1',
        'markup' => 'markdown', 'color' => 'blue', 'additional_style' => 'whatever', 
-        'safe_mode' => 'on', 'password' => 'new_password', 'published' => 'on', 
+        'safe_mode' => 'on', 'password' => 'new_password', 'password_check' => 'new_password', 'published' => 'on', 
        'brackets_only' => 'on', 'count_pages' => 'on', 'allow_uploads' => 'on',
        'max_upload_size' => '300')

@ -139,13 +139,27 @@ class AdminControllerTest < Test::Unit::TestCase
    assert_equal 300, @web.max_upload_size
  end

+  def test_edit_web_web_password_mismatch
+    @wiki.system.update_attribute(:password, 'pswd')
+  
+    process('edit_web', 'system_password' => 'pswd',
+        'web' => 'wiki1', 'address' => 'renamed_wiki1', 'name' => 'Renamed Wiki1',
+        'markup' => 'markdown', 'color' => 'blue', 'additional_style' => 'whatever', 
+        'safe_mode' => 'on', 'password' => 'new_password', 'password_check' => 'old_password', 'published' => 'on', 
+        'brackets_only' => 'on', 'count_pages' => 'on', 'allow_uploads' => 'on',
+        'max_upload_size' => '300')
+
+    assert_response :success
+    assert @response.has_template_object?('error')
+  end
+
  def test_edit_web_opposite_values
    @wiki.system.update_attribute(:password, 'pswd')
  
    process('edit_web', 'system_password' => 'pswd',
        'web' => 'wiki1', 'address' => 'renamed_wiki1', 'name' => 'Renamed Wiki1',
        'markup' => 'markdown', 'color' => 'blue', 'additional_style' => 'whatever', 
-        'password' => 'new_password')
+        'password' => 'new_password', 'password_check' => 'new_password')
    # safe_mode, published, brackets_only, count_pages, allow_uploads not set 
    # and should become false

@ -176,7 +190,7 @@ class AdminControllerTest < Test::Unit::TestCase
    process('edit_web', 'system_password' => 'pswd',
      'web' => 'wiki1', 'address' => 'another', 'name' => 'Renamed Wiki1',
      'markup' => 'markdown', 'color' => 'blue', 'additional_style' => 'whatever', 
-      'password' => 'new_password')
+      'password' => 'new_password', 'password_check' => 'new_password')
      
    #returns to the same form
    assert_response :success