don't log users out when doing a sis import fixes #5583

Change-Id: I3450f1d7369f7710cf5627597f38ea7e9f5fea0a Reviewed-on: https://gerrit.instructure.com/5659 Reviewed-by: JT Olds <jt@instructure.com> Tested-by: Hudson <hudson@instructure.com>
2011-09-14 15:38:25 -06:00 · 2011-09-14 15:38:25 -06:00 · 06fe062709
parent 973b04c084
commit 06fe062709
2 changed files with 41 additions and 1 deletions
--- a/lib/sis/user_importer.rb
+++ b/lib/sis/user_importer.rb
@ -113,12 +113,15 @@ module SIS
                pseudo.sis_user_id = row['user_id']
                pseudo.account = @root_account
                pseudo.workflow_state = row['status']=~ /active/i ? 'active' : 'deleted'
-                if !row['password'].blank? && (pseudo.new_record? || pseudo.password_auto_generated)
+                # if a password is provided, use it only if this is a new user, or the user hasn't changed the password in canvas *AND* the incoming password has changed
+                # otherwise the persistence_token will change even though we're setting to the same password, logging the user out
+                if !row['password'].blank? && (pseudo.new_record? || pseudo.password_auto_generated && !pseudo.valid_password?(row['password']))
                  pseudo.password = row['password']
                  pseudo.password_confirmation = row['password']
                  pseudo.password_auto_generated = true
                end
                pseudo.sis_ssha = row['ssha_password'] if !row['ssha_password'].blank?
+                pseudo.reset_persistence_token if pseudo.sis_ssha_changed? && pseudo.password_auto_generated

                begin
                  User.transaction(:requires_new => true) do
--- a/spec/lib/sis_csv_importer_spec.rb
+++ b/spec/lib/sis_csv_importer_spec.rb
@ -520,7 +520,35 @@ describe SIS::SisCsv do
        "user_2,user2,,User,Dos,user2@example.com,active,#{gen_ssha_password("encpass1")}"
      )

+      user1_persistence_token = nil
+      user2_persistence_token = nil
      User.find_by_email('user1@example.com').pseudonyms.first.tap do |p|
+        user1_persistence_token = p.persistence_token
+        p.valid_arbitrary_credentials?('password1').should be_true
+        p.valid_arbitrary_credentials?('password2').should be_false
+        p.valid_arbitrary_credentials?('password3').should be_false
+        p.valid_arbitrary_credentials?('password4').should be_false
+      end
+
+      user2_sis_ssha = nil
+      User.find_by_email('user2@example.com').pseudonyms.first.tap do |p|
+        user2_persistence_token = p.persistence_token
+        user2_sis_ssha = p.sis_ssha
+        p.valid_arbitrary_credentials?('encpass1').should be_true
+        p.valid_arbitrary_credentials?('encpass2').should be_false
+        p.valid_arbitrary_credentials?('encpass3').should be_false
+        p.valid_arbitrary_credentials?('password4').should be_false
+      end
+
+      # passwords haven't changed, neither should persistence tokens
+      process_csv_data_cleanly(
+        "user_id,login_id,password,first_name,last_name,email,status,ssha_password",
+        "user_1,user1,password1,User,Uno,user1@example.com,active,",
+        "user_2,user2,,User,Dos,user2@example.com,active,#{user2_sis_ssha}"
+      )
+
+      User.find_by_email('user1@example.com').pseudonyms.first.tap do |p|
+        user1_persistence_token.should == p.persistence_token
        p.valid_arbitrary_credentials?('password1').should be_true
        p.valid_arbitrary_credentials?('password2').should be_false
        p.valid_arbitrary_credentials?('password3').should be_false
@ -528,12 +556,14 @@ describe SIS::SisCsv do
      end

      User.find_by_email('user2@example.com').pseudonyms.first.tap do |p|
+        user2_persistence_token.should == p.persistence_token
        p.valid_arbitrary_credentials?('encpass1').should be_true
        p.valid_arbitrary_credentials?('encpass2').should be_false
        p.valid_arbitrary_credentials?('encpass3').should be_false
        p.valid_arbitrary_credentials?('password4').should be_false
      end

+      # passwords change, persistence token should change
      process_csv_data_cleanly(
        "user_id,login_id,password,first_name,last_name,email,status,ssha_password",
        "user_1,user1,password2,User,Uno,user1@example.com,active,",
@ -541,6 +571,7 @@ describe SIS::SisCsv do
      )

      User.find_by_email('user1@example.com').pseudonyms.first.tap do |p|
+        user1_persistence_token.should_not == p.persistence_token
        p.valid_arbitrary_credentials?('password1').should be_false
        p.valid_arbitrary_credentials?('password2').should be_true
        p.valid_arbitrary_credentials?('password3').should be_false
@ -548,9 +579,11 @@ describe SIS::SisCsv do

        p.password_confirmation = p.password = 'password4'
        p.save
+        user1_persistence_token = p.persistence_token
      end

      User.find_by_email('user2@example.com').pseudonyms.first.tap do |p|
+        user2_persistence_token.should_not == p.persistence_token
        p.valid_arbitrary_credentials?('encpass1').should be_false
        p.valid_arbitrary_credentials?('encpass2').should be_true
        p.valid_arbitrary_credentials?('encpass3').should be_false
@ -558,8 +591,10 @@ describe SIS::SisCsv do

        p.password_confirmation = p.password = 'password4'
        p.save
+        user2_persistence_token = p.persistence_token
      end

+      # user set password, persistence token should not change
      process_csv_data_cleanly(
        "user_id,login_id,password,first_name,last_name,email,status,ssha_password",
        "user_1,user1,password3,User,Uno,user1@example.com,active,",
@ -567,6 +602,7 @@ describe SIS::SisCsv do
      )

      User.find_by_email('user1@example.com').pseudonyms.first.tap do |p|
+        user1_persistence_token.should == p.persistence_token
        p.valid_arbitrary_credentials?('password1').should be_false
        p.valid_arbitrary_credentials?('password2').should be_false
        p.valid_arbitrary_credentials?('password3').should be_false
@ -574,6 +610,7 @@ describe SIS::SisCsv do
      end

      User.find_by_email('user2@example.com').pseudonyms.first.tap do |p|
+        user2_persistence_token.should == p.persistence_token
        p.valid_arbitrary_credentials?('encpass1').should be_false
        p.valid_arbitrary_credentials?('encpass2').should be_false
        p.valid_arbitrary_credentials?('encpass3').should be_false