From a5f6bc725a040f415cf93371e0fe62fb0360a81b Mon Sep 17 00:00:00 2001
From: Mike Slemmer <mike@jamkazam.com>
Date: Fri, 21 Dec 2012 16:56:16 -0800
Subject: [PATCH] reset password work

---
 lib/jam_ruby/app/mailers/user_mailer.rb       | 18 +++++-----
 .../user_mailer/password_reset.html.erb       |  7 ++++
 .../user_mailer/password_reset.text.erb       |  2 ++
 .../user_mailer/reset_password.html.erb       |  5 ---
 .../user_mailer/reset_password.text.erb       |  1 -
 lib/jam_ruby/constants/validation_messages.rb |  5 ++-
 lib/jam_ruby/models/user.rb                   | 30 +++++++++++++++-
 spec/jam_ruby/models/user_spec.rb             | 34 ++++++++++++++++++-
 8 files changed, 84 insertions(+), 18 deletions(-)
 create mode 100644 lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.html.erb
 create mode 100644 lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.text.erb
 delete mode 100644 lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.html.erb
 delete mode 100644 lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.text.erb

diff --git a/lib/jam_ruby/app/mailers/user_mailer.rb b/lib/jam_ruby/app/mailers/user_mailer.rb
index c231827c6..8be2e6c0f 100644
--- a/lib/jam_ruby/app/mailers/user_mailer.rb
+++ b/lib/jam_ruby/app/mailers/user_mailer.rb
@@ -29,15 +29,6 @@ module JamRuby
        end
     end
 
-    def reset_password(user)
-      @user = user
-      sendgrid_unique_args :type => "reset_password"
-      mail(:to => user.email, :subject => "Jamkazam Reset Password") do |format|
-        format.text
-        format.html
-       end
-    end
-    
     def password_changed(user)
       @user = user
       sendgrid_unique_args :type => "password_changed"
@@ -46,5 +37,14 @@ module JamRuby
         format.html
        end
     end    
+
+    def password_reset(user)
+      @user = user
+      sendgrid_unique_args :type => "password_reset"
+      mail(:to => user.email, :subject => "Jamkazam Password Reset") do |format|
+        format.text
+        format.html
+      end
+    end
   end
 end
diff --git a/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.html.erb b/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.html.erb
new file mode 100644
index 000000000..5865b73ed
--- /dev/null
+++ b/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.html.erb
@@ -0,0 +1,7 @@
+<html>
+<body>
+Reset Password! <%= @user.email %>
+<br/>
+Here is the token: <%= @user.reset_password_token %>
+</body>
+</html>
diff --git a/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.text.erb b/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.text.erb
new file mode 100644
index 000000000..263a237f2
--- /dev/null
+++ b/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.text.erb
@@ -0,0 +1,2 @@
+Reset Password! <%= @user.email %>
+Here is the token: <%= @user.reset_password_token %>
diff --git a/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.html.erb b/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.html.erb
deleted file mode 100644
index 0b757c910..000000000
--- a/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.html.erb
+++ /dev/null
@@ -1,5 +0,0 @@
-<html>
-<body>
-Reset Password! <%= @user.email %>
-</body>
-</html>
\ No newline at end of file
diff --git a/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.text.erb b/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.text.erb
deleted file mode 100644
index 6507fcc0b..000000000
--- a/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.text.erb
+++ /dev/null
@@ -1 +0,0 @@
-Reset Password! <%= @user.email %>
\ No newline at end of file
diff --git a/lib/jam_ruby/constants/validation_messages.rb b/lib/jam_ruby/constants/validation_messages.rb
index 08dfa17bf..80379f92f 100644
--- a/lib/jam_ruby/constants/validation_messages.rb
+++ b/lib/jam_ruby/constants/validation_messages.rb
@@ -1,4 +1,6 @@
 module ValidationMessages
+  
+  # Note that these are not set up to be internationalizable
 
   # general messages
   PERMISSION_VALIDATION_ERROR = "You do not have permissions to perform this action."
@@ -27,5 +29,6 @@ module ValidationMessages
 
   # user
   OLD_PASSWORD_DOESNT_MATCH = "Your old password is incorrect."
+  EMAIL_NOT_FOUND = "Email address not found."
 
-end
\ No newline at end of file
+end
diff --git a/lib/jam_ruby/models/user.rb b/lib/jam_ruby/models/user.rb
index cb9e73019..9631bf2a0 100644
--- a/lib/jam_ruby/models/user.rb
+++ b/lib/jam_ruby/models/user.rb
@@ -178,15 +178,42 @@ module JamRuby
 
     def set_password(old_password, new_password, new_password_confirmation)
       raise JamRuby::JamArgumentError unless authenticate old_password
+      change_password(new_password, new_password_confirmation)
+      save
+    end
+
+    def self.set_password_from_token(email, token, new_password, new_password_confirmation)
+      user = User.find_by_email(email)
+      if user.nil? || user.reset_password_token != token || Time.now - user.reset_password_token_created > 3.days
+        raise JamRuby::JamArgumentError
+      end
+      user.reset_password_token = nil
+      user.reset_password_token_created = nil
+      user.change_password(new_password, new_password_confirmation)
+      user.save
+    end
+      
+    def change_password(new_password, new_password_confirmation)
       # FIXME: Should verify that the new password meets certain quality criteria. Really, maybe that should be a 
       # verification step.
+      self.updating_password = true 
       self.password = new_password
       self.password_confirmation = new_password_confirmation
-      save
       
       UserMailer.password_changed(self).deliver  
     end
 
+    def self.reset_password(email)
+      user = User.find_by_email(email)
+      raise JamRuby::JamArgumentError if user.nil?
+
+      user.reset_password_token = SecureRandom.urlsafe_base64
+      user.reset_password_token_created = Time.now
+      user.save
+
+      UserMailer.password_reset(user).deliver
+    end
+
     def self.band_index(user_id)
       bands = Band.joins(:band_musicians)
                   .where(:bands_musicians => {:user_id => "#{user_id}"})
@@ -661,5 +688,6 @@ module JamRuby
           end
         end
       end
+
   end
 end
diff --git a/spec/jam_ruby/models/user_spec.rb b/spec/jam_ruby/models/user_spec.rb
index 72b6bd9eb..b6f80c8f6 100644
--- a/spec/jam_ruby/models/user_spec.rb
+++ b/spec/jam_ruby/models/user_spec.rb
@@ -151,7 +151,39 @@ describe User do
     
   end
   
+  describe "reset_password" do
+    before do
+      @user.confirm_email!
+      @user.save
+    end
+    
+    it "fails if the provided email address is unrecognized" do
+      expect { User.reset_password("invalidemail@invalid.com") }.to raise_error
+    end
 
+    it "assigns a reset_token and reset_token_created on reset" do
+      User.reset_password(@user.email)
+      @user.reload
+      @user.reset_password_token.should_not be_nil
+      @user.reset_password_token_created.should_not be_nil
+      @user.reset_password_token_created.should <= Time.now
+      @user.reset_password_token_created.should >= Time.now - 1.minute
+    end
+
+    it "errors if the wrong token is comes in" do
+      User.reset_password(@user.email)
+      @user.reload
+      expect { User.set_password_from_token(@user.email, "wrongtoken", "newpassword", "newpassword") }.to raise_error
+    end
+
+    it "changes the password if the token is right" do
+      User.reset_password(@user.email)
+      @user.reload
+      User.set_password_from_token(@user.email, @user.reset_password_token, "newpassword", "newpassword")
+      User.authenticate(@user.email, "newpassword").should_not be_nil
+      @user.reload
+    end
+  end
 
   describe "return value of authenticate method" do
     before { @user.save }
@@ -220,4 +252,4 @@ describe User do
 
     end
   end
-end
\ No newline at end of file
+end