Fixes #16850 - Added record of password change to audit log #3970
Conversation
|
Can an existing organization member please verify this patch? |
2 similar comments
|
Can an existing organization member please verify this patch? |
|
Can an existing organization member please verify this patch? |
|
@theforeman-bot ok to test |
| end | ||
|
|
||
| def set_password_changed | ||
| self.password_changed = true |
There was a problem hiding this comment.
This seems to be missing a conditional, will it not mark password_changed on every model validation?
| @@ -445,6 +446,24 @@ def self.try_to_auto_create_user(login, password) | |||
| user | |||
| end | |||
|
|
|||
| def password_changed | |||
| @password_changed ||= nil | |||
There was a problem hiding this comment.
Unsure what ||= nil is achieving here, should this just be an attr_reader :password_changed ?
| @password_changed = value | ||
| end | ||
|
|
||
| def password_changed_changed? |
There was a problem hiding this comment.
Is this necessary? Doesn't AM::Dirty provide it?
|
|
||
| def set_password_changed | ||
| self.password_changed = true | ||
| self.audit_comment = 'Password has been changed' |
There was a problem hiding this comment.
Is this necessary if the attribute's recorded?
theforeman-bot
added
Needs re-review
Needs testing
and removed
Waiting on contributor
labels
|
@domcleal I changed pull request and to yours previous comments: 1.attr_reader is fine, thank you, 2. password_changed_changed? is neccessary because it working with virtual attribute and other things I rosolve please could yo look at that ? |
| @@ -88,6 +90,7 @@ def self.name_format | |||
| before_validation :verify_current_password, :if => Proc.new {|user| user == User.current}, | |||
| :unless => Proc.new {|user| user.password.empty?} | |||
| before_validation :prepare_password, :normalize_mail | |||
| before_validation :set_password_changed, :if => Proc.new { |user| user.manage_password? && !user.password.blank? } | |||
There was a problem hiding this comment.
!..blank? should be present?
| @@ -320,6 +320,32 @@ def setup_user(operation) | |||
| assert_includes record.errors.keys, :admin | |||
| end | |||
|
|
|||
| test "log of password change should be saved" do | |||
| user = FactoryGirl.create(:user) | |||
| user.password = nil | |||
There was a problem hiding this comment.
This is rather hacky, reload the object from the database instead (User.find_by_id(user.id)) and add a comment to state why (i.e. to clear the value of user.password).
| user.save | ||
| as_admin do | ||
| user.password = "newpassword" | ||
| user.valid? |
| @@ -320,6 +320,32 @@ def setup_user(operation) | |||
| assert_includes record.errors.keys, :admin | |||
| end | |||
|
|
|||
| test "log of password change should be saved" do | |||
| end | ||
| end | ||
|
|
||
| test "log of password change shouldnt be saved" do |
There was a problem hiding this comment.
- shouldn't, missing an apostrophe
- There is no password change here - it isn't that the log of a password change shouldn't be saved, it's that there is no audit log entry created when there is no password change.
There was a problem hiding this comment.
In this test I want to test that , it should not mark password_changed on every model validation
|
|
||
| test "log of password change shouldnt be saved" do | ||
| user = FactoryGirl.create(:user) | ||
| user.password = nil |
There was a problem hiding this comment.
ditto all comments above, they apply to this test too.
| after_save :ensure_default_role | ||
| after_save :unset_password_changed |
There was a problem hiding this comment.
Missing test coverage? A test should run two saves in a row and check for no second audit entry.
There was a problem hiding this comment.
@dhlavac When I see your tests - it looks like you're calling at most .valid? and .save, so I'm not 100% positive this is ggcovered as per the comment above.
theforeman-bot
added
Needs re-review
Needs testing
and removed
Waiting on contributor
labels
|
thanks @domcleal, I fixed all your comments, could you please take another look? |
| assert_includes user.changed, "password_changed" | ||
| assert user.save | ||
| end | ||
| user = User.find_by_id(user.id) #to clear the value of user.password |
There was a problem hiding this comment.
This is this meant to test the after_save, isn't it? Replacing the entire user object will also reset the value, so it doesn't test the callback.
theforeman-bot
added
Needs re-review
Needs testing
and removed
Waiting on contributor
labels
|
@domcleal I have edited test which testing after_save |
theforeman-bot
added
Needs re-review
Needs testing
and removed
Waiting on contributor
labels
theforeman-bot
added
Needs re-review
Needs testing
and removed
Waiting on contributor
labels
|
@domcleal I hope Final version added assertion for Audit object to every test |
| @@ -320,6 +320,68 @@ def setup_user(operation) | |||
| assert_includes record.errors.keys, :admin | |||
| end | |||
|
|
|||
| test "audit of password change should be saved only once, second time audited changes should not contain password_changed" do | |||
| user = FactoryGirl.create(:user) | |||
There was a problem hiding this comment.
Please move the user creation to a setup block, it's the same in all 3 hosts. You can group them in a context audits for password change or similar.
| after_save :ensure_default_role | ||
| after_save :unset_password_changed |
There was a problem hiding this comment.
@dhlavac When I see your tests - it looks like you're calling at most .valid? and .save, so I'm not 100% positive this is ggcovered as per the comment above.
|
@dLobatog Audit log was created before validation and after save I set the variable password_changed to false then I think this is correct, if I tested it is not still true. Thanks for comment tests were added to context and setup block was created. |
theforeman-bot
added
Needs re-review
Needs testing
and removed
Waiting on contributor
labels
| context "audits for password change" do | ||
| def setup_user_for_audits | ||
| user = FactoryGirl.create(:user) | ||
| user = User.find_by_id(user.id) #to clear the value of user.password |
There was a problem hiding this comment.
Useless assignment to variable - user.
Use find_by instead of dynamic find_by_id.
| @@ -320,6 +320,71 @@ def setup_user(operation) | |||
| assert_includes record.errors.keys, :admin | |||
| end | |||
|
|
|||
| context "audits for password change" do | |||
|
Merged, thanks @dhlavac. |
No description provided.