diff --git a/app/mailers/maintenance/user/password_reset_mailer.rb b/app/mailers/maintenance/user/password_reset_mailer.rb index 264248a4e..1e2964e2c 100644 --- a/app/mailers/maintenance/user/password_reset_mailer.rb +++ b/app/mailers/maintenance/user/password_reset_mailer.rb @@ -1,13 +1,15 @@ module Maintenance module User class PasswordResetMailer < ActionMailer::Base - def request(user) + def reset_request(user, nonce) @user = user + @nonce = nonce mail(:to => @user.email, :subject => "#{Danbooru.config.app_name} password reset request") end - def confirmation(user) + def confirmation(user, new_password) @user = user + @new_password = new_password mail(:to => @user.email, :subject => "#{Danbooru.config.app_name} password reset confirmation") end end diff --git a/app/models/user.rb b/app/models/user.rb index aa7509a97..34bab9cdc 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -102,13 +102,13 @@ class User < ActiveRecord::Base end pass << rand(100).to_s - execute_sql("UPDATE users SET password_hash = ? WHERE id = ?", self.class.sha1(pass), id) + update_column(:password_hash, User.sha1(pass)) pass end def reset_password_and_deliver_notice new_password = reset_password() - UserMaintenanceMailer.reset_password(self, new_password).deliver + Maintenance::User::PasswordResetMailer.confirmation(self, new_password).deliver end end diff --git a/app/models/user_password_reset_nonce.rb b/app/models/user_password_reset_nonce.rb index 8877680b1..12c1a7fc2 100644 --- a/app/models/user_password_reset_nonce.rb +++ b/app/models/user_password_reset_nonce.rb @@ -6,7 +6,7 @@ class UserPasswordResetNonce < ActiveRecord::Base after_create :deliver_notice def deliver_notice - Maintenance::User::PasswordResetMailer.request(user).deliver + Maintenance::User::PasswordResetMailer.reset_request(user, self).deliver end def initialize_key diff --git a/app/views/maintenance/user/password_reset_mailer/confirmation.html.erb b/app/views/maintenance/user/password_reset_mailer/confirmation.html.erb new file mode 100644 index 000000000..21112a86a --- /dev/null +++ b/app/views/maintenance/user/password_reset_mailer/confirmation.html.erb @@ -0,0 +1,5 @@ +

Password Reset Confirmation

+ +

The password for the user "<%= @user.name %>" for the website <%= Danbooru.config.app_name %> has been reset. It is now <%= @new_password %>.

+ +

Please log in to the website and <%= link_to "change your password", edit_user_path(@user) %> as soon as possible.

diff --git a/app/views/maintenance/user/password_reset_mailer/reset_request.html.erb b/app/views/maintenance/user/password_reset_mailer/reset_request.html.erb new file mode 100644 index 000000000..ad4235d30 --- /dev/null +++ b/app/views/maintenance/user/password_reset_mailer/reset_request.html.erb @@ -0,0 +1,4 @@ +

Password Reset Request

+ +

Someone has requested that the password for "<%= @user.name %>" for the website <%= Danbooru.config.app_name %> be reset. If you did not request this, then you can ignore this email.

+

To reset your password, please visit <%= link_to "this link", edit_maintenance_user_password_reset_path(:key => @nonce.key, :email => @nonce.email) %>.

diff --git a/app/views/user_maintenance/login_reminder.html.erb b/app/views/user_maintenance/login_reminder.html.erb deleted file mode 100644 index c85b90eb0..000000000 --- a/app/views/user_maintenance/login_reminder.html.erb +++ /dev/null @@ -1,5 +0,0 @@ -

I Forgot My Login

- -

If you supplied an email address when signing up, <%= Danbooru.config.app_name %> can email you your login information. Password details will not be provided and will not be changed.

- -

If you didn't supply a valid email address, you are out of luck.

diff --git a/app/views/user_maintenance/reset_password.html.erb b/app/views/user_maintenance/reset_password.html.erb deleted file mode 100644 index 7709032ef..000000000 --- a/app/views/user_maintenance/reset_password.html.erb +++ /dev/null @@ -1,5 +0,0 @@ -

I Forgot My Password

- -

If you supplied an email address when signing up, <%= Danbooru.config.app_name %> can reset your password and email you the new one. You are strongly advised to change your password once you log on again.

- -

If you didn't supply a valid email address, you are out of luck.

diff --git a/app/views/user_maintenance_mailer/login_reminder.html.erb b/app/views/user_maintenance_mailer/login_reminder.html.erb deleted file mode 100644 index e69de29bb..000000000 diff --git a/app/views/user_maintenance_mailer/reset_password.html.erb b/app/views/user_maintenance_mailer/reset_password.html.erb deleted file mode 100644 index e69de29bb..000000000 diff --git a/test/functional/maintenance/user/password_resets_controller_test.rb b/test/functional/maintenance/user/password_resets_controller_test.rb index 1c43d8f1e..db0c1a3d4 100644 --- a/test/functional/maintenance/user/password_resets_controller_test.rb +++ b/test/functional/maintenance/user/password_resets_controller_test.rb @@ -76,6 +76,32 @@ module Maintenance @user = Factory.create(:user) @nonce = Factory.create(:user_password_reset_nonce, :email => @user.email) ActionMailer::Base.deliveries.clear + get :edit, :email => @nonce.email, :key => @nonce.key + end + + should "succeed" do + assert_response :success + end + end + end + + context "update action" do + context "with invalid parameters" do + setup do + get :update + end + + should "fail" do + assert_redirected_to new_maintenance_user_password_reset_path + end + end + + context "with valid parameters" do + setup do + @user = Factory.create(:user) + @nonce = Factory.create(:user_password_reset_nonce, :email => @user.email) + ActionMailer::Base.deliveries.clear + @old_password = @user.password_hash post :update, :email => @nonce.email, :key => @nonce.key end @@ -87,6 +113,11 @@ module Maintenance assert_equal(1, ActionMailer::Base.deliveries.size) end + should "change the password" do + @user.reload + assert_not_equal(@old_password, @user.password_hash) + end + should "delete the nonce" do assert_equal(0, UserPasswordResetNonce.count) end