reset password work

2012-12-21 16:56:16 -08:00 · 2012-12-21 16:56:16 -08:00 · a5f6bc725a
parent db2f16c471
commit a5f6bc725a
8 changed files with 84 additions and 18 deletions
--- a/lib/jam_ruby/app/mailers/user_mailer.rb
+++ b/lib/jam_ruby/app/mailers/user_mailer.rb
@ -29,15 +29,6 @@ module JamRuby
       end
    end

-    def reset_password(user)
-      @user = user
-      sendgrid_unique_args :type => "reset_password"
-      mail(:to => user.email, :subject => "Jamkazam Reset Password") do |format|
-        format.text
-        format.html
-       end
-    end
-    
    def password_changed(user)
      @user = user
      sendgrid_unique_args :type => "password_changed"
@ -46,5 +37,14 @@ module JamRuby
        format.html
       end
    end    
+
+    def password_reset(user)
+      @user = user
+      sendgrid_unique_args :type => "password_reset"
+      mail(:to => user.email, :subject => "Jamkazam Password Reset") do |format|
+        format.text
+        format.html
+      end
+    end
  end
 end
--- a/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.html.erb
+++ b/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.html.erb
@ -0,0 +1,7 @@
+<html>
+<body>
+Reset Password! <%= @user.email %>
+<br/>
+Here is the token: <%= @user.reset_password_token %>
+</body>
+</html>
--- a/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.text.erb
+++ b/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.text.erb
@ -0,0 +1,2 @@
+Reset Password! <%= @user.email %>
+Here is the token: <%= @user.reset_password_token %>
--- a/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.html.erb
+++ b/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.html.erb
@ -1,5 +0,0 @@
-<html>
-<body>
-Reset Password! <%= @user.email %>
-</body>
-</html>
--- a/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.text.erb
+++ b/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.text.erb
@ -1 +0,0 @@
-Reset Password! <%= @user.email %>
--- a/lib/jam_ruby/constants/validation_messages.rb
+++ b/lib/jam_ruby/constants/validation_messages.rb
@ -1,4 +1,6 @@
 module ValidationMessages
+  
+  # Note that these are not set up to be internationalizable

  # general messages
  PERMISSION_VALIDATION_ERROR = "You do not have permissions to perform this action."
@ -27,5 +29,6 @@ module ValidationMessages

  # user
  OLD_PASSWORD_DOESNT_MATCH = "Your old password is incorrect."
+  EMAIL_NOT_FOUND = "Email address not found."

-end
+end
--- a/lib/jam_ruby/models/user.rb
+++ b/lib/jam_ruby/models/user.rb
@ -178,15 +178,42 @@ module JamRuby

    def set_password(old_password, new_password, new_password_confirmation)
      raise JamRuby::JamArgumentError unless authenticate old_password
+      change_password(new_password, new_password_confirmation)
+      save
+    end
+
+    def self.set_password_from_token(email, token, new_password, new_password_confirmation)
+      user = User.find_by_email(email)
+      if user.nil? || user.reset_password_token != token || Time.now - user.reset_password_token_created > 3.days
+        raise JamRuby::JamArgumentError
+      end
+      user.reset_password_token = nil
+      user.reset_password_token_created = nil
+      user.change_password(new_password, new_password_confirmation)
+      user.save
+    end
+      
+    def change_password(new_password, new_password_confirmation)
      # FIXME: Should verify that the new password meets certain quality criteria. Really, maybe that should be a 
      # verification step.
+      self.updating_password = true 
      self.password = new_password
      self.password_confirmation = new_password_confirmation
-      save
      
      UserMailer.password_changed(self).deliver  
    end

+    def self.reset_password(email)
+      user = User.find_by_email(email)
+      raise JamRuby::JamArgumentError if user.nil?
+
+      user.reset_password_token = SecureRandom.urlsafe_base64
+      user.reset_password_token_created = Time.now
+      user.save
+
+      UserMailer.password_reset(user).deliver
+    end
+
    def self.band_index(user_id)
      bands = Band.joins(:band_musicians)
                  .where(:bands_musicians => {:user_id => "#{user_id}"})
@ -661,5 +688,6 @@ module JamRuby
          end
        end
      end
+
  end
 end
--- a/spec/jam_ruby/models/user_spec.rb
+++ b/spec/jam_ruby/models/user_spec.rb
@ -151,7 +151,39 @@ describe User do
    
  end
  
+  describe "reset_password" do
+    before do
+      @user.confirm_email!
+      @user.save
+    end
+    
+    it "fails if the provided email address is unrecognized" do
+      expect { User.reset_password("invalidemail@invalid.com") }.to raise_error
+    end

+    it "assigns a reset_token and reset_token_created on reset" do
+      User.reset_password(@user.email)
+      @user.reload
+      @user.reset_password_token.should_not be_nil
+      @user.reset_password_token_created.should_not be_nil
+      @user.reset_password_token_created.should <= Time.now
+      @user.reset_password_token_created.should >= Time.now - 1.minute
+    end
+
+    it "errors if the wrong token is comes in" do
+      User.reset_password(@user.email)
+      @user.reload
+      expect { User.set_password_from_token(@user.email, "wrongtoken", "newpassword", "newpassword") }.to raise_error
+    end
+
+    it "changes the password if the token is right" do
+      User.reset_password(@user.email)
+      @user.reload
+      User.set_password_from_token(@user.email, @user.reset_password_token, "newpassword", "newpassword")
+      User.authenticate(@user.email, "newpassword").should_not be_nil
+      @user.reload
+    end
+  end

  describe "return value of authenticate method" do
    before { @user.save }
@ -220,4 +252,4 @@ describe User do

    end
  end
-end
+end