tyler.durden
/
opensupports
mirror of https://github.com/opensupports/opensupports.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ivan - Fix Recover Password validations

This commit is contained in:
ivan 2016-08-04 16:01:24 -03:00
parent 830e2115a3
commit 3c3c11027d
7 changed files with 56 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
server/controllers/user/recover-password.php
View File

@ -1,5 +1,6 @@
<?php
use Respect\Validation\Validator as DataValidator;
DataValidator::with('CustomValidations', true);
class RecoverPasswordController extends Controller {
const PATH = '/recover-password';
@ -13,7 +14,7 @@ class RecoverPasswordController extends Controller {
'permission' => 'any',
'requestData' => [
'email' => [
'validation' => DataValidator::email() ,
'validation' => DataValidator::email()->userEmail(),
'error' => ERRORS::INVALID_EMAIL
],
'password' => [
@ -24,21 +25,21 @@ class RecoverPasswordController extends Controller {
];
}
public function handler(){
public function handler() {
$this->requestData();
$this->changePassword();
}
public function requestData(){
public function requestData() {
$this->email = Controller::request('email');
$this->token = Controller::request('token');
$this->password = Controller::request('password');
}
public function changePassword(){
$recoverPassword = RecoverPassword::getDatastore($this->token, 'token');
public function changePassword() {
$recoverPassword = RecoverPassword::getDataStore($this->token, 'token');
$user = User::getDataStore($this->email, 'email');
if($recoverPassword && $user) {
if (!$recoverPassword->isNull() && !$user->isNull()) {
$recoverPassword->delete();
$user->setProperties([
@ -46,11 +47,9 @@ class RecoverPasswordController extends Controller {
]);
$user->store();
Response::respondSuccess('password changed');
return;
Response::respondSuccess();
} else {
Response::respondError(ERRORS::NO_PERMISSION);
}
Response::respondError(ERRORS::NO_PERMISSION);
}
}

3
server/controllers/user/send-recover-password.php
View File

@ -1,5 +1,6 @@
<?php
use Respect\Validation\Validator as DataValidator;
DataValidator::with('CustomValidations', true);
class SendRecoverPasswordController extends Controller {
const PATH = '/send-recover-password';
@ -9,7 +10,7 @@ class SendRecoverPasswordController extends Controller {
'permission' => 'any',
'requestData' => [
'email' => [
'validation' => DataValidator::email(),
'validation' => DataValidator::email()->userEmail(),
'error' => ERRORS::INVALID_EMAIL
]
]

1
server/index.php
View File

@ -39,6 +39,7 @@ spl_autoload_register(function ($class) {
//Load custom validations
include_once 'libs/validations/dataStoreId.php';
include_once 'libs/validations/userEmail.php';
// LOAD CONTROLLERS
foreach (glob('controllers/*.php') as $controller) {

2
server/libs/validations/dataStoreId.php
View File

@ -30,7 +30,7 @@ class DataStoreId extends AbstractRule {
break;
}
return !($dataStore instanceof \NullDataStore);
return !$dataStore->isNull();
}
private function isDataStoreNameValid($dataStoreName) {

14
server/libs/validations/userEmail.php Normal file
View File

@ -0,0 +1,14 @@
<?php
namespace CustomValidations;
use Respect\Validation\Rules\AbstractRule;
class UserEmail extends AbstractRule {
public function validate($email) {
$user= \User::getUser($email, 'email');
return !$user->isNull();
}
}

25
tests/user/recover-password.rb
View File

@ -8,32 +8,45 @@ describe '/user/recover-password' do
password: @newRecoverPass
})
(result['status']).should.equal('fail');
(result['status']).should.equal('fail')
(result['message']).should.equal('Invalid email')
result = request('/user/recover-password', {
email: 'loginos4.com',
password: @newRecoverPass
})
(result['status']).should.equal('fail');
(result['status']).should.equal('fail')
(result['message']).should.equal('Invalid email')
end
it 'should fail if password is incorrect' do
result = request('/user/recover-password',{
result = request('/user/recover-password', {
email: @recoverEmail,
password: 'log'
})
(result['status']).should.equal('fail');
(result['status']).should.equal('fail')
long_text = ''
250.times {long_text << 'a'}
result = request('/user/recover-password',{
result = request('/user/recover-password', {
email: @recoverEmail,
password: long_text
})
(result['status']).should.equal('fail');
(result['status']).should.equal('fail')
end
it 'should fail if token is incorrect' do
result = request('/user/recover-password', {
email: @recoverEmail,
token: 'INVALID_TOKEN',
password: @newRecoverPass
})
(result['status']).should.equal('fail')
(result['message']).should.equal('You have no permission to access')
end
end

11
tests/user/send-recover-password.rb
View File

@ -9,14 +9,21 @@ describe '/user/send-recover-password' do
email: 'login@os4com'
})
(result['status']).should.equal('fail');
(result['status']).should.equal('fail')
result = request('/user/send-recover-password', {
email: 'loginos4.com'
})
(result['status']).should.equal('fail');
(result['status']).should.equal('fail')
result = request('/user/send-recover-password', {
email: 'invalid@invalid.com'
})
(result['status']).should.equal('fail')
end
it 'should success if email is correct' do
result = request('/user/send-recover-password', {
email: @recoverEmail