4 files changed, 35 insertions, 7 deletions

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 49e46b6fa..a2348bb08 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -257,7 +257,10 @@ class UserController < ApplicationController
             return
         end
 
-        @signchangeemail = ChangeEmailValidator.new(params[:signchangeemail])
+        # validate taking into account the user_circumstance
+        validator_params = params[:signchangeemail].clone
+        validator_params[:user_circumstance] = session[:user_circumstance]
+        @signchangeemail = ChangeEmailValidator.new(validator_params)
         @signchangeemail.logged_in_user = @user
 
         if !@signchangeemail.valid?
@@ -279,8 +282,11 @@ class UserController < ApplicationController
         # if not already, send a confirmation link to the new email address which logs
         # them into the old email's user account, but with special user_circumstance
         if (not session[:user_circumstance]) or (session[:user_circumstance] != "change_email")
-            post_redirect = PostRedirect.new(:uri => signchangeemail_url(), :post_params => params,
-                :circumstance => "change_email" # special login that lets you change your email
+            # don't store the password in the db
+            params[:signchangeemail].delete(:password)
+            post_redirect = PostRedirect.new(:uri => signchangeemail_url(), 
+                                             :post_params => params,
+                                             :circumstance => "change_email" # special login that lets you change your email
             )
             post_redirect.user = @user
             post_redirect.save!
@@ -297,6 +303,9 @@ class UserController < ApplicationController
         # circumstance is 'change_email', so can actually change the email
         @user.email = @signchangeemail.new_email
         @user.save!
+
+        # Now clear the circumstance
+        session[:user_circumstance] = nil
         flash[:notice] = "You have now changed your email address used on WhatDoTheyKnow.com"
         redirect_to user_url(@user)
     end
diff --git a/app/models/change_email_validator.rb b/app/models/change_email_validator.rb
index 15d2cb624..5cead4b4c 100644
--- a/app/models/change_email_validator.rb
+++ b/app/models/change_email_validator.rb
@@ -22,12 +22,17 @@ class ChangeEmailValidator < ActiveRecord::BaseWithoutTable
     column :old_email, :string
     column :new_email, :string
     column :password, :string
+    column :user_circumstance, :string
 
     attr_accessor :logged_in_user
 
     validates_presence_of :old_email, :message => N_("Please enter your old email address")
     validates_presence_of :new_email, :message => N_("Please enter your new email address")
-    validates_presence_of :password, :message => N_("Please enter your password")
+    validates_presence_of :password, :message => N_("Please enter your password"), :unless => :changing_email
+    
+    def changing_email()
+      self.user_circumstance == 'change_email'
+    end
 
     def validate
         if !self.old_email.blank? && !MySociety::Validate.is_valid_email(self.old_email)
@@ -37,7 +42,7 @@ class ChangeEmailValidator < ActiveRecord::BaseWithoutTable
         if !errors[:old_email]
             if self.old_email.downcase != self.logged_in_user.email.downcase
                 errors.add(:old_email, "Old email address isn't the same as the address of the account you are logged in with")
-            elsif !self.logged_in_user.has_this_password?(self.password)
+            elsif (!self.changing_email) && (!self.logged_in_user.has_this_password?(self.password))
                 if !errors[:password]
                     errors.add(:password, "Password is not correct")
                 end
diff --git a/lib/tasks/temp.rake b/lib/tasks/temp.rake
new file mode 100644
index 000000000..ce04c7ddd
--- /dev/null
+++ b/lib/tasks/temp.rake
@@ -0,0 +1,15 @@
+namespace :temp do
+
+  desc "Remove plaintext passwords from post_redirect params" 
+  task :remove_post_redirect_passwords => :environment do 
+    PostRedirect.find_each(:conditions => ['post_params_yaml is not null']) do |post_redirect|
+      if post_redirect.post_params && post_redirect.post_params[:signchangeemail] && post_redirect.post_params[:signchangeemail][:password]
+        params = post_redirect.post_params
+        params[:signchangeemail].delete(:password)
+        post_redirect.post_params = params
+        post_redirect.save!
+      end
+    end
+  end
+
+end
diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb
index 81da94e67..00ec24605 100644
--- a/spec/controllers/user_controller_spec.rb
+++ b/spec/controllers/user_controller_spec.rb
@@ -419,8 +419,7 @@ describe UserController, "when changing email address" do
                 "action"=>"signchangeemail", 
                 "signchangeemail"=>{
                     "old_email"=>"bob@localhost", 
-                    "new_email"=>"newbob@localhost", 
-                    "password"=>"jonespassword"}, 
+                    "new_email"=>"newbob@localhost"}, 
                 "controller"=>"user",
                 "locale"=>"en"}
         post :signchangeemail, post_redirect.post_params