implemented password resets

2011-07-20 15:54:17 -04:00
parent 37e1b8d9da
commit c453e7db0f
10 changed files with 47 additions and 15 deletions
--- a/app/mailers/maintenance/user/password_reset_mailer.rb
+++ b/app/mailers/maintenance/user/password_reset_mailer.rb
@@ -1,13 +1,15 @@
 module Maintenance
  module User
    class PasswordResetMailer < ActionMailer::Base
-      def request(user)
+      def reset_request(user, nonce)
        @user = user
+        @nonce = nonce
        mail(:to => @user.email, :subject => "#{Danbooru.config.app_name} password reset request")
      end
      
-      def confirmation(user)
+      def confirmation(user, new_password)
        @user = user
+        @new_password = new_password
        mail(:to => @user.email, :subject => "#{Danbooru.config.app_name} password reset confirmation")
      end
    end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -102,13 +102,13 @@ class User < ActiveRecord::Base
      end

      pass << rand(100).to_s
-      execute_sql("UPDATE users SET password_hash = ? WHERE id = ?", self.class.sha1(pass), id)
+      update_column(:password_hash, User.sha1(pass))
      pass    
    end
    
    def reset_password_and_deliver_notice
      new_password = reset_password()
-      UserMaintenanceMailer.reset_password(self, new_password).deliver
+      Maintenance::User::PasswordResetMailer.confirmation(self, new_password).deliver
    end
  end
  
--- a/app/models/user_password_reset_nonce.rb
+++ b/app/models/user_password_reset_nonce.rb
@@ -6,7 +6,7 @@ class UserPasswordResetNonce < ActiveRecord::Base
  after_create :deliver_notice

  def deliver_notice
-    Maintenance::User::PasswordResetMailer.request(user).deliver
+    Maintenance::User::PasswordResetMailer.reset_request(user, self).deliver
  end

  def initialize_key
--- a/app/views/maintenance/user/password_reset_mailer/confirmation.html.erb
+++ b/app/views/maintenance/user/password_reset_mailer/confirmation.html.erb
@@ -0,0 +1,5 @@
+<h1>Password Reset Confirmation</h1>
+
+<p>The password for the user "<%= @user.name %>" for the website <%= Danbooru.config.app_name %> has been reset. It is now <code><%= @new_password %></code>.</p>
+
+<p>Please log in to the website and <%= link_to "change your password", edit_user_path(@user) %> as soon as possible.</p>
--- a/app/views/maintenance/user/password_reset_mailer/reset_request.html.erb
+++ b/app/views/maintenance/user/password_reset_mailer/reset_request.html.erb
@@ -0,0 +1,4 @@
+<h1>Password Reset Request</h1>
+
+<p>Someone has requested that the password for "<%= @user.name %>" for the website <%= Danbooru.config.app_name %> be reset. If you did not request this, then you can ignore this email.</p>
+<p>To reset your password, please visit <%= link_to "this link", edit_maintenance_user_password_reset_path(:key => @nonce.key, :email => @nonce.email) %>.</p>
--- a/app/views/user_maintenance/login_reminder.html.erb
+++ b/app/views/user_maintenance/login_reminder.html.erb
@@ -1,5 +0,0 @@
-<h1>I Forgot My Login</h1>
-
-<p>If you supplied an email address when signing up, <%= Danbooru.config.app_name %> can email you your login information. Password details will not be provided and will not be changed.</p>
-
-<p>If you didn't supply a valid email address, you are out of luck.</p>
--- a/app/views/user_maintenance/reset_password.html.erb
+++ b/app/views/user_maintenance/reset_password.html.erb
@@ -1,5 +0,0 @@
-<h1>I Forgot My Password</h1>
-
-<p>If you supplied an email address when signing up, <%= Danbooru.config.app_name %> can reset your password and email you the new one. You are strongly advised to change your password once you log on again.</p>
-
-<p>If you didn't supply a valid email address, you are out of luck.</p>
--- a/app/views/user_maintenance_mailer/login_reminder.html.erb
+++ b/app/views/user_maintenance_mailer/login_reminder.html.erb
--- a/app/views/user_maintenance_mailer/reset_password.html.erb
+++ b/app/views/user_maintenance_mailer/reset_password.html.erb
--- a/test/functional/maintenance/user/password_resets_controller_test.rb
+++ b/test/functional/maintenance/user/password_resets_controller_test.rb
@@ -76,6 +76,32 @@ module Maintenance
              @user = Factory.create(:user)
              @nonce = Factory.create(:user_password_reset_nonce, :email => @user.email)
              ActionMailer::Base.deliveries.clear
+              get :edit, :email => @nonce.email, :key => @nonce.key
+            end
+            
+            should "succeed" do
+              assert_response :success
+            end
+          end
+        end
+        
+        context "update action" do
+          context "with invalid parameters" do
+            setup do
+              get :update
+            end
+            
+            should "fail" do
+              assert_redirected_to new_maintenance_user_password_reset_path
+            end
+          end
+          
+          context "with valid parameters" do
+            setup do
+              @user = Factory.create(:user)
+              @nonce = Factory.create(:user_password_reset_nonce, :email => @user.email)
+              ActionMailer::Base.deliveries.clear
+              @old_password = @user.password_hash
              post :update, :email => @nonce.email, :key => @nonce.key
            end
            
@@ -87,6 +113,11 @@ module Maintenance
              assert_equal(1, ActionMailer::Base.deliveries.size)
            end
            
+            should "change the password" do
+              @user.reload
+              assert_not_equal(@old_password, @user.password_hash)
+            end
+            
            should "delete the nonce" do
              assert_equal(0, UserPasswordResetNonce.count)
            end