From 637da6cca51dcf5a312783606dc86621f2bc72ab Mon Sep 17 00:00:00 2001 From: Daniel Gerhardt Date: Tue, 14 Apr 2015 14:30:29 +0200 Subject: [PATCH] Forbid password changing for CAS users --- app/controllers/passwords_controller.rb | 8 ++++++++ app/views/layouts/nav/sidebar/_profile.html.haml | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 28f113b5cb..890bd5a604 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -5,6 +5,7 @@ class PasswordsController < Devise::PasswordsController before_action :resource_from_email, only: [:create] before_action :check_password_authentication_available, only: [:create] + before_action :prevent_cas_reset, only: [:create] before_action :throttle_reset, only: [:create] # rubocop: disable CodeReuse/ActiveRecord @@ -55,6 +56,13 @@ class PasswordsController < Devise::PasswordsController alert: "Password authentication is unavailable." end + def prevent_cas_reset + return unless resource && resource.cas_user? + + redirect_to after_sending_reset_password_instructions_path_for(resource_name), + alert: "Cannot reset password for CAS user." + end + def throttle_reset return unless resource && resource.recently_sent_password_reset? diff --git a/app/views/layouts/nav/sidebar/_profile.html.haml b/app/views/layouts/nav/sidebar/_profile.html.haml index 1e3bb8f122..69f83093d3 100644 --- a/app/views/layouts/nav/sidebar/_profile.html.haml +++ b/app/views/layouts/nav/sidebar/_profile.html.haml @@ -72,7 +72,7 @@ = link_to profile_emails_path do %strong.fly-out-top-item-name = _('Emails') - - if current_user.allow_password_authentication? + - if current_user.allow_password_authentication? && !current_user.cas_user? = nav_link(controller: :passwords) do = link_to edit_profile_password_path do .nav-icon-container -- 2.11.0