Merged in Recover-Password (pull request #24)

Recover password
2025-04-08 18:35:06 +02:00 · 2016-07-25 17:29:37 -03:00 · 2016-07-25 17:29:37 -03:00 · b335d5e2bf
commit b335d5e2bf
parent 63813f2425 74f9d04824
10 changed files with 186 additions and 6 deletions
--- a/server/controllers/ticket/create.php
+++ b/server/controllers/ticket/create.php
@ -1,6 +1,5 @@
 <?php
 use RedBeanPHP\Facade as RedBean;
-
 use Respect\Validation\Validator as DataValidator;

 class CreateController extends Controller {
@ -54,10 +53,10 @@ class CreateController extends Controller {
            'unread' => false,
            'closed' => false
        ));
-        
+
        //TODO: Add logged user as author
        $ticket->setAuthor(User::getUser(1));

        $ticket->store();
    }
-}
+}
--- a/server/controllers/user.php
+++ b/server/controllers/user.php
@ -2,6 +2,8 @@
 include 'user/login.php';
 include 'user/signup.php';
 include 'user/logout.php';
+include 'user/recover-password.php';
+include 'user/send-recover-password.php';

 $userControllers = new ControllerGroup();
 $userControllers->setGroupPath('/user');
@ -9,5 +11,7 @@ $userControllers->setGroupPath('/user');
 $userControllers->addController(new LoginController);
 $userControllers->addController(new SignUpController);
 $userControllers->addController(new LogoutController);
+$userControllers->addController(new SendRecoverPasswordController);
+$userControllers->addController(new RecoverPasswordController);

 $userControllers->finalize();
--- a/server/controllers/user/recover-password.php
+++ b/server/controllers/user/recover-password.php
@ -0,0 +1,56 @@
+<?php
+use Respect\Validation\Validator as DataValidator;
+
+class RecoverPasswordController extends Controller {
+    const PATH = '/recover-password';
+
+    private $email;
+    private $token;
+    private $password;
+
+    public function validations() {
+        return [
+            'permission' => 'any',
+            'requestData' => [
+                'email' => [
+                    'validation' => DataValidator::email() ,
+                    'error' => ERRORS::INVALID_EMAIL
+                ],
+                'password' => [
+                    'validation' => DataValidator::length(5, 200),
+                    'error' => ERRORS::INVALID_PASSWORD
+                ]
+            ]
+        ];
+    }
+
+    public function handler(){
+        $this->requestData();
+        $this->changePassword();
+    }
+
+    public function requestData(){
+        $this->email = Controller::request('email');
+        $this->token = Controller::request('token');
+        $this->password = Controller::request('password');
+    }
+    public function changePassword(){
+        $recoverPassword = RecoverPassword::getDatastore($this->token, 'token');
+        $user = User::getDataStore($this->email, 'email');
+
+        if($recoverPassword && $user) {
+            $recoverPassword->trash();
+
+            $user->setProperties([
+                'password' => Hashing::hashPassword($this->password)
+            ]);
+
+            $user->store();
+            Response::respondSuccess('password changed');
+            return;
+
+        }
+
+        Response::respondError(ERRORS::NO_PERMISSION);
+    }
+}
--- a/server/controllers/user/send-recover-password.php
+++ b/server/controllers/user/send-recover-password.php
@ -0,0 +1,34 @@
+<?php
+use Respect\Validation\Validator as DataValidator;
+
+class SendRecoverPasswordController extends Controller {
+    const PATH = '/send-recover-password';
+
+    public function validations() {
+        return [
+            'permission' => 'any',
+            'requestData' => [
+                'email' => [
+                    'validation' => DataValidator::email(),
+                    'error' => ERRORS::INVALID_EMAIL
+                ]
+            ]
+        ];
+    }
+
+    public function handler() {
+        $email = Controller::request('email');
+
+        $token = Hashing::generateRandomToken();
+
+        $recoverPassword = new RecoverPassword();
+        $recoverPassword->setProperties(array(
+            'email' => $email,
+            'token' => $token
+        ));
+        $recoverPassword->store();
+
+        Response::respondSuccess();
+        //TODO:  mandar  mail con token
+    }
+}
--- a/server/models/DataStore.php
+++ b/server/models/DataStore.php
@ -72,4 +72,8 @@ abstract class DataStore {

        return ($validProp) ? $propToValidate : 'id';
    }
+
+    public function trash() {
+        RedBean::trash($this->_bean);
+    }
 }
--- a/server/models/ERRORS.php
+++ b/server/models/ERRORS.php
@ -3,9 +3,9 @@ class ERRORS {
    const INVALID_CREDENTIALS = 'User or password is not defined';
    const SESSION_EXISTS = 'User is already logged in';
    const NO_PERMISSION = 'You have no permission to access';
-    const INVALID_NAME = 'Invalid name';
-    const INVALID_EMAIL = 'Invalid email';
-    const INVALID_PASSWORD = 'Invalid password';
    const INVALID_TITLE = 'Invalid title';
    const INVALID_CONTENT = 'Invalid content';
+    const INVALID_EMAIL = 'Invalid email';
+    const INVALID_PASSWORD = 'Invalid password';
+    const INVALID_NAME = 'Invalid name';
 }
--- a/server/models/RecoverPassword.php
+++ b/server/models/RecoverPassword.php
@ -0,0 +1,15 @@
+<?php
+class RecoverPassword extends DataStore {
+    const TABLE = 'recoverpassword';
+    
+    public static function getProps() {
+        return array (
+            'email',
+            'token'
+        );
+    }
+    
+    public function getDefaultProps() {
+        return array();
+    }
+}
--- a/tests/init.rb
+++ b/tests/init.rb
@ -10,4 +10,6 @@ require './scripts.rb'
 # TESTS
 require './user/signup.rb'
 require './user/login.rb'
+require './user/send-recover-password.rb'
+require './user/recover-password.rb'
 #require './ticket/create.rb'
--- a/tests/user/recover-password.rb
+++ b/tests/user/recover-password.rb
@ -0,0 +1,39 @@
+describe '/user/recover-password' do
+    @recoverEmail = 'recover@os4.com'
+    @newRecoverPass = 'newrecover'
+
+    it 'should fail if email is incorrect' do
+        result = request('/user/recover-password', {
+            email: 'login@os4com',
+            password: @newRecoverPass
+        })
+
+        (result['status']).should.equal('fail');
+
+        result = request('/user/recover-password', {
+            email: 'loginos4.com',
+            password: @newRecoverPass
+        })
+
+        (result['status']).should.equal('fail');
+    end
+
+    it 'should fail if password is incorrect' do
+        result = request('/user/recover-password',{
+            email: @recoverEmail,
+            password: 'log'
+        })
+
+        (result['status']).should.equal('fail');
+
+        long_text = ''
+        250.times {long_text << 'a'}
+
+        result = request('/user/recover-password',{
+            email: @recoverEmail,
+            password: long_text
+        })
+
+        (result['status']).should.equal('fail');
+    end
+end
--- a/tests/user/send-recover-password.rb
+++ b/tests/user/send-recover-password.rb
@ -0,0 +1,27 @@
+describe '/user/send-recover-password' do
+    @recoverEmail = 'recover@os4.com'
+    @recoverPass = 'recover'
+
+    Scripts.createUser(@recoverEmail, @recoverPass)
+
+    it 'should fail if email is incorrect' do
+        result = request('/user/send-recover-password', {
+            email: 'login@os4com'
+        })
+
+        (result['status']).should.equal('fail');
+
+        result = request('/user/send-recover-password', {
+            email: 'loginos4.com'
+        })
+
+        (result['status']).should.equal('fail');
+    end
+    it 'should success if email is correct' do
+        result = request('/user/send-recover-password', {
+            email: @recoverEmail
+        })
+
+        (result['status']).should.equal('success')
+    end
+end