Allow admins to change user passwords #3766#19434
Open
sujanyd wants to merge 1 commit intoopenSUSE:masterfrom
Open
Allow admins to change user passwords #3766#19434sujanyd wants to merge 1 commit intoopenSUSE:masterfrom
sujanyd wants to merge 1 commit intoopenSUSE:masterfrom
Conversation
sujanyd
force-pushed
the
master
branch
6 times, most recently
from
cf0b1c6 to
075162e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Description
Summary
This PR implements the ability for administrators to change the passwords of other users via the WebUI. Administrators can now see a "Change Password" button on any user's profile which allows them to update the password without needing the user's current password.
Key Changes
-> Route: Added PATCH /users/:login/change_password to allow admin-level password updates separate from the self-service POST route.
-> Controller: Updated Webui::UsersController#change_password to:
-> Skip current password authentication when the request is a PATCH (admin-only).
-> Enforce require_admin for the PATCH path.
-> Added change_password to the check_displayed_user filter group.
View:
-> Updated show.html.haml to render the password dialog for admins on other users' profiles.
-> Updated
_password_dialog.html.haml
to detect admin-changes, hide the "Current Password" field, and use the PATCH method.
-> Updated
_info.html.haml and _index_actions.html.haml to display the "Change Password" action for admins.
Specs: Added new test cases in users_controller_spec.rb to verify:
-> Admins can successfully change another user's password.
->Non-admins are denied access to the admin password change route.
Verification
Automated Tests: Ran bundle exec rspec spec/controllers/webui/users_controller_spec.rb (Syntax and logic verified).
Manual Verification: Verified the UI logic and conditional rendering of the password update form.
Relates to: #3766