diff --git a/server/controllers/user.php b/server/controllers/user.php
index f096bb08..be42a986 100644
--- a/server/controllers/user.php
+++ b/server/controllers/user.php
@@ -4,6 +4,8 @@ include 'user/signup.php';
include 'user/logout.php';
include 'user/recover-password.php';
include 'user/send-recover-password.php';
+include 'user/edit-password.php';
+include 'user/edit-email.php';
$userControllers = new ControllerGroup();
$userControllers->setGroupPath('/user');
@@ -13,5 +15,7 @@ $userControllers->addController(new SignUpController);
$userControllers->addController(new LogoutController);
$userControllers->addController(new SendRecoverPasswordController);
$userControllers->addController(new RecoverPasswordController);
+$userControllers->addController(new EditPassword);
+$userControllers->addController(new EditEmail);
$userControllers->finalize();
diff --git a/server/controllers/user/edit-email.php b/server/controllers/user/edit-email.php
new file mode 100644
index 00000000..5a81ac60
--- /dev/null
+++ b/server/controllers/user/edit-email.php
@@ -0,0 +1,36 @@
+ 'user',
+ 'requestData' => [
+ 'newEmail' => [
+ 'validation' => DataValidator::email(),
+ 'error' => ERRORS::INVALID_EMAIL
+ ]
+ ]
+ ];
+ }
+
+ public function handler() {
+ $newEmail = Controller::request('newEmail');
+ $user = Controller::getLoggedUser();
+ $oldEmail = $user->email;
+ $user->email = $newEmail;
+ $user->store();
+
+ $mailSender = new MailSender();
+ $mailSender->setTemplate('USER_EDIT_EMAIL', [
+ 'to'=>$oldEmail,
+ 'newemail'=>$user->email,
+ 'name'=>$user->name
+ ]);
+ $mailSender->send();
+
+ Response::respondSuccess();
+ }
+}
\ No newline at end of file
diff --git a/server/controllers/user/edit-password.php b/server/controllers/user/edit-password.php
new file mode 100644
index 00000000..de4ef6db
--- /dev/null
+++ b/server/controllers/user/edit-password.php
@@ -0,0 +1,40 @@
+ 'user',
+ 'requestData' => [
+ 'newPassword' => [
+ 'validation' => DataValidator::length(5, 200),
+ 'error' => ERRORS::INVALID_PASSWORD
+ ]
+ ]
+ ];
+ }
+
+ public function handler() {
+ $oldPassword = Controller::request('oldPassword');
+ $newPassword = Controller::request('newPassword');
+ $user = Controller::getLoggedUser() ;
+
+ if (Hashing::verifyPassword($oldPassword, $user->password)) {
+ $user->password = Hashing::hashPassword($newPassword);
+ $user->store();
+
+ $mailSender = new MailSender();
+ $mailSender->setTemplate('USER_EDIT_PASSWORD', [
+ 'to'=>$user->email,
+ 'name'=>$user->name
+ ]);
+ $mailSender->send();
+
+ Response::respondSuccess();
+ } else{
+ Response::respondError(ERRORS::INVALID_OLD_PASSWORD);
+ }
+ }
+}
\ No newline at end of file
diff --git a/server/data/ERRORS.php b/server/data/ERRORS.php
index ec446f90..1ade6895 100644
--- a/server/data/ERRORS.php
+++ b/server/data/ERRORS.php
@@ -12,4 +12,5 @@ class ERRORS {
const INVALID_DEPARTMENT = 'Invalid department';
const INVALID_TICKET = 'Invalid ticket';
const INIT_SETTINGS_DONE = 'Settings already initialized';
+ const INVALID_OLD_PASSWORD = 'Invalid old password';
}
diff --git a/server/data/InitialMails.php b/server/data/InitialMails.php
index cadfa401..87ba71a6 100644
--- a/server/data/InitialMails.php
+++ b/server/data/InitialMails.php
@@ -12,6 +12,26 @@ class InitialMails {
'subject' => 'Registrado {{to}} - OpenSupports',
'body' => file_get_contents('data/mail-templates/user-signup-es.html')
]
+ ],
+ 'USER_EDIT_PASSWORD' => [
+ 'en' => [
+ 'subject' => 'Password edited - OpenSupports',
+ 'body' => file_get_contents('data/mail-templates/user-edit-password-en.html')
+ ],
+ 'es' => [
+ 'subject' => 'ContraseƱa a sido cambiada - OpenSupports',
+ 'body' => file_get_contents('data/mail-templates/user-edit-password-es.html')
+ ]
+ ],
+ 'USER_EDIT_EMAIL' => [
+ 'en' => [
+ 'subject' => 'Email edited - OpenSupports',
+ 'body' => file_get_contents('data/mail-templates/user-edit-email-en.html')
+ ],
+ 'es' => [
+ 'subject' => 'Tu correo electronico a sido cambiada - OpenSupports',
+ 'body' => file_get_contents('data/mail-templates/user-edit-email-es.html')
+ ]
]
];
}
diff --git a/server/data/mail-templates/user-edit-email-en.html b/server/data/mail-templates/user-edit-email-en.html
new file mode 100644
index 00000000..9dd691b2
--- /dev/null
+++ b/server/data/mail-templates/user-edit-email-en.html
@@ -0,0 +1,3 @@
+
+ Hi {{name}} , OpenSupports' team wanna tell you that you email has been changed to {{newemail}}
+
\ No newline at end of file
diff --git a/server/data/mail-templates/user-edit-email-es.html b/server/data/mail-templates/user-edit-email-es.html
new file mode 100644
index 00000000..a1deeb87
--- /dev/null
+++ b/server/data/mail-templates/user-edit-email-es.html
@@ -0,0 +1,3 @@
+
+ Hola {{name}} el equipo de OpenSupports te informa que tu correo electronico ha sido cambiado a {{newemail}}
+
\ No newline at end of file
diff --git a/server/data/mail-templates/user-edit-password-en.html b/server/data/mail-templates/user-edit-password-en.html
new file mode 100644
index 00000000..4a238cb6
--- /dev/null
+++ b/server/data/mail-templates/user-edit-password-en.html
@@ -0,0 +1,3 @@
+
+ Hello {{name}} , OpenSupports' team wanna tell you that your password has been changed
+
\ No newline at end of file
diff --git a/server/data/mail-templates/user-edit-password-es.html b/server/data/mail-templates/user-edit-password-es.html
new file mode 100644
index 00000000..0cf28d4d
--- /dev/null
+++ b/server/data/mail-templates/user-edit-password-es.html
@@ -0,0 +1,3 @@
+
+ Hola , {{name}} el equipo de OpenSupports te informa que tu contraseƱa ha sido cambiada
+
\ No newline at end of file
diff --git a/server/data/mail-templates/user-signup-es.html b/server/data/mail-templates/user-signup-es.html
index 0f633383..8af75ae0 100644
--- a/server/data/mail-templates/user-signup-es.html
+++ b/server/data/mail-templates/user-signup-es.html
@@ -1,4 +1,4 @@
Bienvenido, {{name}} a nuestro centro de soporte,
- su email es {{to}}
+ tu email es {{to}}
\ No newline at end of file
diff --git a/server/libs/MailSender.php b/server/libs/MailSender.php
index a2d5017d..eeb3e3e0 100644
--- a/server/libs/MailSender.php
+++ b/server/libs/MailSender.php
@@ -7,9 +7,9 @@ class MailSender {
$this->mailOptions['from'] = Setting::getSetting('no-reply-email')->value;
$this->mailOptions['smtp-host'] = Setting::getSetting('smtp-host')->value;
- $this->mailOptions['smtp-port'] = Setting::getSetting('smtp-host')->value;
- $this->mailOptions['smtp-user'] = Setting::getSetting('smtp-host')->value;
- $this->mailOptions['smtp-pass'] = Setting::getSetting('smtp-host')->value;
+ $this->mailOptions['smtp-port'] = Setting::getSetting('smtp-port')->value;
+ $this->mailOptions['smtp-user'] = Setting::getSetting('smtp-user')->value;
+ $this->mailOptions['smtp-pass'] = Setting::getSetting('smtp-pass')->value;
}
public function setTemplate($type, $config) {
diff --git a/tests/init.rb b/tests/init.rb
index 9c471f2e..eef9d99f 100644
--- a/tests/init.rb
+++ b/tests/init.rb
@@ -14,5 +14,7 @@ require './user/signup.rb'
require './user/login.rb'
require './user/send-recover-password.rb'
require './user/recover-password.rb'
+require './user/edit-password.rb'
+require './user/edit-email.rb'
require './ticket/create.rb'
require './ticket/comment.rb'
diff --git a/tests/ticket/comment.rb b/tests/ticket/comment.rb
index 76454bc4..eff1cbd9 100644
--- a/tests/ticket/comment.rb
+++ b/tests/ticket/comment.rb
@@ -63,7 +63,7 @@ describe '/ticket/comment/' do
comment = $database.getRow('comment', '1', 'id')
(comment['content']).should.equal('some comment content')
(comment['ticket_id']).should.equal('1')
- (comment['author_id']).should.equal('1')
+ (comment['author_id']).should.equal($csrf_userid)
end
it 'should fail if user is not the author nor owner' do
@@ -84,4 +84,4 @@ describe '/ticket/comment/' do
#it 'should add comment if logged as ticket owner' do
#end
-end
\ No newline at end of file
+end
diff --git a/tests/ticket/create.rb b/tests/ticket/create.rb
index 79c52032..e9209969 100644
--- a/tests/ticket/create.rb
+++ b/tests/ticket/create.rb
@@ -1,8 +1,9 @@
describe '/ticket/create' do
request('/user/logout')
+ Scripts.createUser('jonhsnow@os4.com','jonhpass','Jonh Snow')
result = request('/user/login', {
- email: 'steve@jobs.com',
- password: 'custom'
+ email: 'jonhsnow@os4.com',
+ password: 'jonhpass'
})
$csrf_userid = result['data']['userId']
@@ -106,9 +107,9 @@ describe '/ticket/create' do
(ticket['unread']).should.equal('0')
(ticket['closed']).should.equal('0')
(ticket['department_id']).should.equal('1')
- (ticket['author_id']).should.equal('1')
+ (ticket['author_id']).should.equal($csrf_userid)
ticket_user_relation = $database.getRow('ticket_user','1','ticket_id')
- (ticket_user_relation['user_id']).should.equal('1')
+ (ticket_user_relation['user_id']).should.equal($csrf_userid)
end
-end
\ No newline at end of file
+end
diff --git a/tests/user/edit-email.rb b/tests/user/edit-email.rb
new file mode 100644
index 00000000..63e4b1d4
--- /dev/null
+++ b/tests/user/edit-email.rb
@@ -0,0 +1,39 @@
+describe '/user/edit-email' do
+
+ request('/user/logout')
+ result = request('/user/login', {
+ email: 'steve@jobs.com',
+ password: 'newpassword'
+ })
+
+ $csrf_userid = result['data']['userId']
+ $csrf_token = result['data']['token']
+
+
+ it 'should fail if new email is incorrect' do
+ result = request('/user/edit-email', {
+ newEmail: 'newemail@jobscom',
+ csrf_userid: $csrf_userid,
+ csrf_token: $csrf_token
+ })
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('Invalid email')
+
+ result = request('/user/edit-email', {
+ newEmail: 'newemailjobs.com',
+ csrf_userid: $csrf_userid,
+ csrf_token: $csrf_token
+ })
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('Invalid email')
+ end
+
+ it 'should change email' do
+ result = request('/user/edit-email', {
+ newEmail: 'newemail@jobs.com',
+ csrf_userid: $csrf_userid,
+ csrf_token: $csrf_token
+ })
+ (result['status']).should.equal('success')
+ end
+end
diff --git a/tests/user/edit-password.rb b/tests/user/edit-password.rb
new file mode 100644
index 00000000..88aeb72e
--- /dev/null
+++ b/tests/user/edit-password.rb
@@ -0,0 +1,56 @@
+describe '/user/edit-password' do
+
+ request('/user/logout')
+ result = request('/user/login', {
+ email: 'steve@jobs.com',
+ password: 'custom'
+ })
+
+ $csrf_userid = result['data']['userId']
+ $csrf_token = result['data']['token']
+
+
+ it 'should fail if new password is incorrect' do
+ result = request('/user/edit-password', {
+ oldPassword: 'custom',
+ newPassword: 'np',
+ csrf_userid: $csrf_userid,
+ csrf_token: $csrf_token
+ })
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('Invalid password')
+
+ long_text = ''
+ 250.times {long_text << 'a'}
+
+ result = request('/user/edit-password', {
+ oldPassword: 'custom',
+ newPassword: long_text,
+ csrf_userid: $csrf_userid,
+ csrf_token: $csrf_token
+ })
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('Invalid password')
+ end
+
+ it 'should fail if old password is not same than old password ' do
+ result = request('/user/edit-password',{
+ oldPassword: 'falsepassword',
+ newPassword: 'newpassword',
+ csrf_userid: $csrf_userid,
+ csrf_token: $csrf_token
+ })
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('Invalid old password')
+ end
+
+ it 'should change password' do
+ result = request('/user/edit-password',{
+ oldPassword: 'custom',
+ newPassword: 'newpassword',
+ csrf_userid: $csrf_userid,
+ csrf_token: $csrf_token
+ })
+ (result['status']).should.equal('success')
+ end
+end