Add User#will_save_change_to_login? to clear reset_password_tokens

Devise checks before updating any of the authentication_keys if it needs to clear the reset_password_tokens. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/42733 (Weak authentication and session management)
author: Sebastian Arcila Valenzuela <sarcila@gitlab.com> 2019-08-12 16:41:05 +0300
committer: Sebastian Arcila Valenzuela <sarcila@gitlab.com> 2019-08-21 14:05:55 +0300
commit: 5012c622405e63655256735d266168450ad1d159 (patch)
tree: ae42c0fb467ab91c73fd559a9bc56426b9574508 /spec/models/user_spec.rb
parent: d9f9904c60b1fee162d22ece4b8875fafd04b7e6 (diff)
1 files changed, 41 insertions, 0 deletions
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 46b86e8393d..1a641c868d9 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -3045,6 +3045,47 @@ describe User do
     end
   end
 
+  describe '#will_save_change_to_login?' do
+    let(:user) { create(:user, username: 'old-username', email: 'old-email@example.org') }
+    let(:new_username) { 'new-name' }
+    let(:new_email) { 'new-email@example.org' }
+
+    subject { user.will_save_change_to_login? }
+
+    context 'when the username is changed' do
+      before do
+        user.username = new_username
+      end
+
+      it { is_expected.to be true }
+    end
+
+    context 'when the email is changed' do
+      before do
+        user.email = new_email
+      end
+
+      it { is_expected.to be true }
+    end
+
+    context 'when both email and username are changed' do
+      before do
+        user.username = new_username
+        user.email = new_email
+      end
+
+      it { is_expected.to be true }
+    end
+
+    context 'when email and username aren\'t changed' do
+      before do
+        user.name = 'new_name'
+      end
+
+      it { is_expected.to be_falsy }
+    end
+  end
+
   describe '#sync_attribute?' do
     let(:user) { described_class.new }
author	Sebastian Arcila Valenzuela <sarcila@gitlab.com>	2019-08-12 16:41:05 +0300
committer	Sebastian Arcila Valenzuela <sarcila@gitlab.com>	2019-08-21 14:05:55 +0300
commit	5012c622405e63655256735d266168450ad1d159 (patch)
tree	ae42c0fb467ab91c73fd559a9bc56426b9574508 /spec/models/user_spec.rb
parent	d9f9904c60b1fee162d22ece4b8875fafd04b7e6 (diff)