implemented password resets

2011-07-20 15:54:17 -04:00
parent 37e1b8d9da
commit c453e7db0f
10 changed files with 47 additions and 15 deletions
--- a/app/mailers/maintenance/user/password_reset_mailer.rb
+++ b/app/mailers/maintenance/user/password_reset_mailer.rb
@@ -1,13 +1,15 @@
 module Maintenance
  module User
    class PasswordResetMailer < ActionMailer::Base
-      def request(user)
+      def reset_request(user, nonce)
        @user = user
        @nonce = nonce
        mail(:to => @user.email, :subject => "#{Danbooru.config.app_name} password reset request")
      end
-      def confirmation(user)
+      def confirmation(user, new_password)
        @user = user
        @new_password = new_password
        mail(:to => @user.email, :subject => "#{Danbooru.config.app_name} password reset confirmation")
      end
    end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -102,13 +102,13 @@ class User < ActiveRecord::Base
      end
      pass << rand(100).to_s
-      execute_sql("UPDATE users SET password_hash = ? WHERE id = ?", self.class.sha1(pass), id)
+      update_column(:password_hash, User.sha1(pass))
      pass    
    end
    def reset_password_and_deliver_notice
      new_password = reset_password()
-      UserMaintenanceMailer.reset_password(self, new_password).deliver
+      Maintenance::User::PasswordResetMailer.confirmation(self, new_password).deliver
    end
  end
--- a/app/models/user_password_reset_nonce.rb
+++ b/app/models/user_password_reset_nonce.rb
@@ -6,7 +6,7 @@ class UserPasswordResetNonce < ActiveRecord::Base
  after_create :deliver_notice
  def deliver_notice
-    Maintenance::User::PasswordResetMailer.request(user).deliver
+    Maintenance::User::PasswordResetMailer.reset_request(user, self).deliver
  end
  def initialize_key
--- a/app/views/maintenance/user/password_reset_mailer/confirmation.html.erb
+++ b/app/views/maintenance/user/password_reset_mailer/confirmation.html.erb
@@ -0,0 +1,5 @@
 <h1>Password Reset Confirmation</h1>
 <p>The password for the user "<%= @user.name %>" for the website <%= Danbooru.config.app_name %> has been reset. It is now <code><%= @new_password %></code>.</p>
 <p>Please log in to the website and <%= link_to "change your password", edit_user_path(@user) %> as soon as possible.</p>
--- a/app/views/maintenance/user/password_reset_mailer/reset_request.html.erb
+++ b/app/views/maintenance/user/password_reset_mailer/reset_request.html.erb
@@ -0,0 +1,4 @@
 <h1>Password Reset Request</h1>
 <p>Someone has requested that the password for "<%= @user.name %>" for the website <%= Danbooru.config.app_name %> be reset. If you did not request this, then you can ignore this email.</p>
 <p>To reset your password, please visit <%= link_to "this link", edit_maintenance_user_password_reset_path(:key => @nonce.key, :email => @nonce.email) %>.</p>
--- a/app/views/user_maintenance/login_reminder.html.erb
+++ b/app/views/user_maintenance/login_reminder.html.erb
@@ -1,5 +0,0 @@
 <h1>I Forgot My Login</h1>
 <p>If you supplied an email address when signing up, <%= Danbooru.config.app_name %> can email you your login information. Password details will not be provided and will not be changed.</p>
 <p>If you didn't supply a valid email address, you are out of luck.</p>
--- a/app/views/user_maintenance/reset_password.html.erb
+++ b/app/views/user_maintenance/reset_password.html.erb
@@ -1,5 +0,0 @@
 <h1>I Forgot My Password</h1>
 <p>If you supplied an email address when signing up, <%= Danbooru.config.app_name %> can reset your password and email you the new one. You are strongly advised to change your password once you log on again.</p>
 <p>If you didn't supply a valid email address, you are out of luck.</p>
--- a/app/views/user_maintenance_mailer/login_reminder.html.erb
+++ b/app/views/user_maintenance_mailer/login_reminder.html.erb
--- a/app/views/user_maintenance_mailer/reset_password.html.erb
+++ b/app/views/user_maintenance_mailer/reset_password.html.erb
--- a/test/functional/maintenance/user/password_resets_controller_test.rb
+++ b/test/functional/maintenance/user/password_resets_controller_test.rb
@@ -76,6 +76,32 @@ module Maintenance
              @user = Factory.create(:user)
              @nonce = Factory.create(:user_password_reset_nonce, :email => @user.email)
              ActionMailer::Base.deliveries.clear
              get :edit, :email => @nonce.email, :key => @nonce.key
            end
            should "succeed" do
              assert_response :success
            end
          end
        end
        context "update action" do
          context "with invalid parameters" do
            setup do
              get :update
            end
            should "fail" do
              assert_redirected_to new_maintenance_user_password_reset_path
            end
          end
          context "with valid parameters" do
            setup do
              @user = Factory.create(:user)
              @nonce = Factory.create(:user_password_reset_nonce, :email => @user.email)
              ActionMailer::Base.deliveries.clear
              @old_password = @user.password_hash
              post :update, :email => @nonce.email, :key => @nonce.key
            end
@@ -87,6 +113,11 @@ module Maintenance
              assert_equal(1, ActionMailer::Base.deliveries.size)
            end
            should "change the password" do
              @user.reload
              assert_not_equal(@old_password, @user.password_hash)
            end
            should "delete the nonce" do
              assert_equal(0, UserPasswordResetNonce.count)
            end