diff --git a/server/controllers/user.php b/server/controllers/user.php
index c7a27ef6..40af4c14 100644
--- a/server/controllers/user.php
+++ b/server/controllers/user.php
@@ -14,6 +14,7 @@ include 'user/delete.php';
include 'user/ban.php';
include 'user/un-ban.php';
include 'user/list-ban.php';
+include 'user/verify.php';
$userControllers = new ControllerGroup();
$userControllers->setGroupPath('/user');
@@ -33,4 +34,5 @@ $userControllers->addController(new DeleteUserController);
$userControllers->addController(new BanUserController);
$userControllers->addController(new UnBanUserController);
$userControllers->addController(new ListBanUserController);
+$userControllers->addController(new VerifyController);
$userControllers->finalize();
diff --git a/server/controllers/user/get-user.php b/server/controllers/user/get-user.php
index 5f9e3059..8ea55c09 100644
--- a/server/controllers/user/get-user.php
+++ b/server/controllers/user/get-user.php
@@ -34,7 +34,8 @@ class GetUserByIdController extends Controller {
'name' => $user->name,
'email' => $user->email,
'signupDate' => $user->signupDate,
- 'tickets' => $tickets->toArray()
+ 'tickets' => $tickets->toArray(),
+ 'verified' => !$user->verificationToken
]);
}
}
\ No newline at end of file
diff --git a/server/controllers/user/login.php b/server/controllers/user/login.php
index 020eae13..7eada075 100644
--- a/server/controllers/user/login.php
+++ b/server/controllers/user/login.php
@@ -27,6 +27,14 @@ class LoginController extends Controller {
$this->userInstance->store();
}
+ $email = Controller::request('email');
+ $userRow = User::getDataStore($email, 'email');
+
+ if($userRow->verificationToken !== null) {
+ Response::respondError(ERRORS::UNVERIFIED_USER);
+ return;
+ }
+
Response::respondSuccess($this->getUserData());
} else {
Response::respondError(ERRORS::INVALID_CREDENTIALS);
diff --git a/server/controllers/user/signup.php b/server/controllers/user/signup.php
index b073fab1..baca69b4 100644
--- a/server/controllers/user/signup.php
+++ b/server/controllers/user/signup.php
@@ -9,6 +9,7 @@ class SignUpController extends Controller {
private $userEmail;
private $userName;
private $userPassword;
+ private $verificationToken;
public function validations() {
return [
@@ -64,17 +65,19 @@ class SignUpController extends Controller {
$this->userName = Controller::request('name');
$this->userEmail = Controller::request('email');
$this->userPassword = Controller::request('password');
+ $this->verificationToken = Hashing::generateRandomToken();
}
public function createNewUserAndRetrieveId() {
$userInstance = new User();
-
+
$userInstance->setProperties([
'name' => $this->userName,
'signupDate' => Date::getCurrentDate(),
'tickets' => 0,
'email' => $this->userEmail,
- 'password' => Hashing::hashPassword($this->userPassword)
+ 'password' => Hashing::hashPassword($this->userPassword),
+ 'verificationToken' => $this->verificationToken
]);
return $userInstance->store();
@@ -85,7 +88,8 @@ class SignUpController extends Controller {
$mailSender->setTemplate(MailTemplate::USER_SIGNUP, [
'to' => $this->userEmail,
- 'name' => $this->userName
+ 'name' => $this->userName,
+ 'verificationToken' => $this->verificationToken
]);
$mailSender->send();
diff --git a/server/controllers/user/verify.php b/server/controllers/user/verify.php
new file mode 100644
index 00000000..616d3b92
--- /dev/null
+++ b/server/controllers/user/verify.php
@@ -0,0 +1,38 @@
+ 'any',
+ 'requestData' => [
+ 'email' => [
+ 'validation' => DataValidator::email(),
+ 'error' => ERRORS::INVALID_EMAIL
+ ]
+ ]
+ ];
+ }
+
+ public function handler() {
+ $email = Controller::request('email');
+ $token = Controller::request('token');
+
+ $userRow = User::getDataStore($email, 'email');
+
+ if(!$userRow) {
+ Response::respondError(ERRORS::INVALID_EMAIL);
+ return;
+ }
+ if($userRow->verificationToken !== $token) {
+ Response::respondError(ERRORS::INVALID_TOKEN);
+ return;
+ }
+ $userRow->verificationToken = null;
+ $userRow->store();
+
+ Response::respondSuccess();
+ }
+}
\ No newline at end of file
diff --git a/server/data/ERRORS.php b/server/data/ERRORS.php
index d28286d5..2dbe9857 100644
--- a/server/data/ERRORS.php
+++ b/server/data/ERRORS.php
@@ -30,4 +30,6 @@ class ERRORS {
const ALREADY_A_STAFF = 'ALREADY_A_STAFF';
const INVALID_STAFF = 'INVALID_STAFF';
const SAME_DEPARTMENT = 'SAME_DEPARTMENT';
+ const INVALID_TOKEN = 'INVALID_TOKEN';
+ const UNVERIFIED_USER = 'UNVERIFIED_USER';
}
diff --git a/server/data/mail-templates/user-signup-en.html b/server/data/mail-templates/user-signup-en.html
index 371a2441..66a0219a 100644
--- a/server/data/mail-templates/user-signup-en.html
+++ b/server/data/mail-templates/user-signup-en.html
@@ -1,4 +1,5 @@
Welcome, {{name}} to our support center,
- your email is {{to}}
+ your email is {{to}},
+ your token is {{verificationToken}}
diff --git a/server/data/mail-templates/user-signup-es.html b/server/data/mail-templates/user-signup-es.html
index 8af75ae0..da8e2c84 100644
--- a/server/data/mail-templates/user-signup-es.html
+++ b/server/data/mail-templates/user-signup-es.html
@@ -1,4 +1,5 @@
Bienvenido, {{name}} a nuestro centro de soporte,
- tu email es {{to}}
+ tu email es {{to}},
+ tu codigo de verificacion es {{verificationToken}}
\ No newline at end of file
diff --git a/server/models/User.php b/server/models/User.php
index beee0708..eb6d7b21 100644
--- a/server/models/User.php
+++ b/server/models/User.php
@@ -17,7 +17,8 @@ class User extends DataStore {
'name',
'signupDate',
'tickets',
- 'sharedTicketList'
+ 'sharedTicketList',
+ 'verificationToken'
];
}
diff --git a/tests/scripts.rb b/tests/scripts.rb
index 3eb973e0..b5cb16eb 100644
--- a/tests/scripts.rb
+++ b/tests/scripts.rb
@@ -9,6 +9,11 @@ class Scripts
if response['status'] === 'fail'
raise 'Could not create user'
end
+ userRow = $database.getRow('user', email, 'email')
+ response = request('/user/verify', {
+ :email => email,
+ :token => userRow['verification_token']
+ })
end
def self.login(email = 'steve@jobs.com', password = 'custompassword', staff = false)
diff --git a/tests/system/edit-settings.rb b/tests/system/edit-settings.rb
index 75373456..f8755345 100644
--- a/tests/system/edit-settings.rb
+++ b/tests/system/edit-settings.rb
@@ -12,11 +12,7 @@ describe'system/edit-settings' do
"allow-attachments" => 1,
"max-size" => 2,
"language" => 'es',
- "no-reply-email" => 'testemail@hotmail.com',
- "smtp-host" => 'www.opensupports.com',
- "smtp-port" => 18,
- "smtp-user" => 'admin',
- "smtp-pass" => 'pass1234',
+ "no-reply-email" => 'testemail@hotmail.com'
})
(result['status']).should.equal('success')
@@ -39,60 +35,6 @@ describe'system/edit-settings' do
row = $database.getRow('setting', 'no-reply-email', 'name')
(row['value']).should.equal('testemail@hotmail.com')
- row = $database.getRow('setting', 'smtp-host', 'name')
- (row['value']).should.equal('www.opensupports.com')
-
- row = $database.getRow('setting', 'smtp-port', 'name')
- (row['value']).should.equal('18')
-
- row = $database.getRow('setting', 'smtp-user', 'name')
- (row['value']).should.equal('admin')
-
- row = $database.getRow('setting', 'smtp-pass', 'name')
- (row['value']).should.equal('pass1234')
-
request('/user/logout')
end
- it 'should change allowed and supported languages' do
- request('/user/logout')
- Scripts.login($staff[:email], $staff[:password], true)
-
- result= request('/system/edit-settings', {
- "csrf_userid" => $csrf_userid,
- "csrf_token" => $csrf_token,
- "supportedLanguages" => '["en", "pr", "jp", "ru"]',
- "allowedLanguages" => '["en","pr", "jp", "ru", "de"]'
- })
-
- (result['status']).should.equal('success')
-
- row = $database.getRow('language', 'en', 'code')
- (row['supported']).should.equal('1')
-
- row = $database.getRow('language', 'pr', 'code')
- (row['supported']).should.equal('1')
-
- row = $database.getRow('language', 'jp', 'code')
- (row['supported']).should.equal('1')
-
- row = $database.getRow('language', 'ru', 'code')
- (row['supported']).should.equal('1')
-
- row = $database.getRow('language', 'en', 'code')
- (row['allowed']).should.equal('1')
-
- row = $database.getRow('language', 'pr', 'code')
- (row['allowed']).should.equal('1')
-
- row = $database.getRow('language', 'jp', 'code')
- (row['allowed']).should.equal('1')
-
- row = $database.getRow('language', 'ru', 'code')
- (row['allowed']).should.equal('1')
-
- row = $database.getRow('language', 'de', 'code')
- (row['allowed']).should.equal('1')
-
- request('/user/logout')
- end
-end
\ No newline at end of file
+end
diff --git a/tests/user/get-users-test.rb b/tests/user/get-users-test.rb
index 8ccec70e..522f18c5 100644
--- a/tests/user/get-users-test.rb
+++ b/tests/user/get-users-test.rb
@@ -4,6 +4,7 @@ describe '/user/get-users' do
Scripts.createUser('tests@hotmail.com','passdasdasdas','laasdasd')
Scripts.createUser('tests2@hotmail.com','passfasfasfsa','laeaefae')
Scripts.createUser('tests3@hotmail.com','passfasfasfws','laeczvwaf')
+
result = request('/user/login', {
email: 'staff@opensupports.com',
password: 'staff',
@@ -86,4 +87,4 @@ describe '/user/get-users' do
(result['data']['users'][3]['name']).should.equal('Cersei Lannister')
(result['data']['users'][4]['name']).should.equal('Tyrion Lannister')
end
-end
\ No newline at end of file
+end
diff --git a/tests/user/get.rb b/tests/user/get.rb
index 1ade559e..aec21e2b 100644
--- a/tests/user/get.rb
+++ b/tests/user/get.rb
@@ -12,6 +12,7 @@ describe '/user/get' do
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
+
@ticketNumber = result['data']['ticketNumber']
it 'should fail if not logged' do
@@ -54,4 +55,4 @@ describe '/user/get' do
(ticketFromUser['owner']).should.equal(nil)
(ticketFromUser['events']).should.equal([])
end
-end
\ No newline at end of file
+end
diff --git a/tests/user/signup.rb b/tests/user/signup.rb
index b3e0978b..0e21b020 100644
--- a/tests/user/signup.rb
+++ b/tests/user/signup.rb
@@ -8,6 +8,11 @@ describe '/user/signup' do
userRow = $database.getRow('user', response['data']['userId'])
+ request('/user/verify', {
+ :email => 'steve@jobs.com',
+ :token => userRow['verification_token']
+ })
+
(userRow['email']).should.equal('steve@jobs.com')
(userRow['name']).should.equal('Steve Jobs')
end