From 8b8ac11b9745af467835a2b92213ed70fcfccd39 Mon Sep 17 00:00:00 2001 From: AntonyAntonio Date: Wed, 20 Jul 2016 01:38:34 -0300 Subject: [PATCH 1/6] (Guillermo) recover password --- server/controllers/user.php | 2 + server/controllers/user/recoverpassword.php | 51 +++++++++++++++++++++ server/models/RecoverPassword.php | 15 ++++++ 3 files changed, 68 insertions(+) create mode 100644 server/controllers/user/recoverpassword.php create mode 100644 server/models/RecoverPassword.php diff --git a/server/controllers/user.php b/server/controllers/user.php index 7ad1054c..5eb5694e 100644 --- a/server/controllers/user.php +++ b/server/controllers/user.php @@ -2,6 +2,7 @@ include 'user/login.php'; include 'user/signup.php'; include 'user/logout.php'; +include 'user/recoverpassword.php'; $userControllers = new ControllerGroup(); $userControllers->setGroupPath('/user'); @@ -9,5 +10,6 @@ $userControllers->setGroupPath('/user'); $userControllers->addController(new LoginController); $userControllers->addController(new SignUpController); $userControllers->addController(new LogoutController); +$userControllers->addController(new RecoverPasswordController); $userControllers->finalize(); diff --git a/server/controllers/user/recoverpassword.php b/server/controllers/user/recoverpassword.php new file mode 100644 index 00000000..ffcc915b --- /dev/null +++ b/server/controllers/user/recoverpassword.php @@ -0,0 +1,51 @@ + 'any', + 'requestData' => [] + ]; + } + + public function handler() { + $this->email = Controller::request('email'); + $this->token = Controller::request('token'); + $this->password = Controller::request('password'); + + if($this->email && $this->token === null ) { + $this->token = Hashing::generateRandomToken(); + + $this->recoverPassword = new RecoverPassword(); + + $this->recoverPassword->setProperties(array( + 'email' => $this->email, + 'token' => $this->token + )); + + $this->recoverPassword->store(); + Response::respondSuccess($this->token); + /*mandar mail con token*/ + + } else if ($this->email && $this->token) { + if($this->recoverPassword->token === $this->token){ + /*borrar base de datos */ + $changePassword = User::getDataStore($this->email, 'email'); + + $changePassword->password = $this->password; + + Response::respondSuccess($changePassword->password); + } + + } else { + Response::respondError(ERRORS::INVALID_CREDENTIALS); + } + } +} \ No newline at end of file diff --git a/server/models/RecoverPassword.php b/server/models/RecoverPassword.php new file mode 100644 index 00000000..1cf15f1b --- /dev/null +++ b/server/models/RecoverPassword.php @@ -0,0 +1,15 @@ + Date: Wed, 20 Jul 2016 18:38:20 -0300 Subject: [PATCH 2/6] Ivan - Add local storage class [skip ci] --- server/controllers/user.php | 2 ++ server/controllers/user/recoverpassword.php | 36 ++++++------------- .../controllers/user/sendrecoverpassword.php | 35 ++++++++++++++++++ 3 files changed, 48 insertions(+), 25 deletions(-) create mode 100644 server/controllers/user/sendrecoverpassword.php diff --git a/server/controllers/user.php b/server/controllers/user.php index 5eb5694e..af0e15ef 100644 --- a/server/controllers/user.php +++ b/server/controllers/user.php @@ -3,6 +3,7 @@ include 'user/login.php'; include 'user/signup.php'; include 'user/logout.php'; include 'user/recoverpassword.php'; +include 'user/sendrecoverpassword.php'; $userControllers = new ControllerGroup(); $userControllers->setGroupPath('/user'); @@ -10,6 +11,7 @@ $userControllers->setGroupPath('/user'); $userControllers->addController(new LoginController); $userControllers->addController(new SignUpController); $userControllers->addController(new LogoutController); +$userControllers->addController(new SendRecoverPasswordController); $userControllers->addController(new RecoverPasswordController); $userControllers->finalize(); diff --git a/server/controllers/user/recoverpassword.php b/server/controllers/user/recoverpassword.php index ffcc915b..47511abb 100644 --- a/server/controllers/user/recoverpassword.php +++ b/server/controllers/user/recoverpassword.php @@ -15,37 +15,23 @@ class RecoverPasswordController extends Controller { ]; } - public function handler() { - $this->email = Controller::request('email'); - $this->token = Controller::request('token'); - $this->password = Controller::request('password'); + public function handler(){ + $this->email = Controller::request('email'); + $this->token = Controller::request('token'); + $this->password = Controller::request('password'); + if ($this->email && $this->token) { + $this->recoverPassword = RecoverPassword::getDatastore($this->token, 'token'); - if($this->email && $this->token === null ) { - $this->token = Hashing::generateRandomToken(); - - $this->recoverPassword = new RecoverPassword(); - - $this->recoverPassword->setProperties(array( - 'email' => $this->email, - 'token' => $this->token - )); - - $this->recoverPassword->store(); - Response::respondSuccess($this->token); - /*mandar mail con token*/ - - } else if ($this->email && $this->token) { - if($this->recoverPassword->token === $this->token){ - /*borrar base de datos */ + if($this->recoverPassword){ + // TODO: borar item en base de datos $changePassword = User::getDataStore($this->email, 'email'); $changePassword->password = $this->password; - Response::respondSuccess($changePassword->password); + Response::respondSuccess('password changed'); } - - } else { - Response::respondError(ERRORS::INVALID_CREDENTIALS); + }else { + Response::respondError(ERRORS::NO_PERMISSION); } } } \ No newline at end of file diff --git a/server/controllers/user/sendrecoverpassword.php b/server/controllers/user/sendrecoverpassword.php new file mode 100644 index 00000000..db5973aa --- /dev/null +++ b/server/controllers/user/sendrecoverpassword.php @@ -0,0 +1,35 @@ + 'any', + 'requestData' => [] + ]; + } + + public function handler() { + $this->email = Controller::request('email'); + + if($this->email) { + $this->token = Hashing::generateRandomToken(); + + $recoverPassword = new RecoverPassword(); + + $recoverPassword->setProperties(array( + 'email' => $this->email, + 'token' => $this->token + )); + + $recoverPassword->store(); + Response::respondSuccess(); + //TODO: mandar mail con token + + } + } +} \ No newline at end of file From 9d378d07e58228e52b43a16576035f0150599ee9 Mon Sep 17 00:00:00 2001 From: Ivan Diaz Date: Wed, 20 Jul 2016 20:39:36 -0300 Subject: [PATCH 3/6] Ivan - Add local storage class [skip ci] --- server/controllers/ticket/create.php | 5 +- server/controllers/user/recoverpassword.php | 48 ++++++++++++++----- .../controllers/user/sendrecoverpassword.php | 37 +++++++------- server/models/DataStore.php | 4 ++ server/models/ERRORS.php | 2 + tests/init.rb | 2 + tests/user/recoverpassword.rb | 39 +++++++++++++++ tests/user/sendrecoverpassword.rb | 27 +++++++++++ 8 files changed, 130 insertions(+), 34 deletions(-) create mode 100644 tests/user/recoverpassword.rb create mode 100644 tests/user/sendrecoverpassword.rb diff --git a/server/controllers/ticket/create.php b/server/controllers/ticket/create.php index 1b8bd8c7..7aeaa6e9 100644 --- a/server/controllers/ticket/create.php +++ b/server/controllers/ticket/create.php @@ -1,6 +1,5 @@ false, 'closed' => false )); - + //TODO: Add logged user as author $ticket->setAuthor(User::getUser(1)); $ticket->store(); } -} \ No newline at end of file +} diff --git a/server/controllers/user/recoverpassword.php b/server/controllers/user/recoverpassword.php index 47511abb..8e264d94 100644 --- a/server/controllers/user/recoverpassword.php +++ b/server/controllers/user/recoverpassword.php @@ -1,4 +1,5 @@ 'any', - 'requestData' => [] + 'requestData' => [ + 'email' => [ + 'validation' => DataValidator::email() , + 'error' => ERRORS::INVALID_EMAIL + ], + 'password' => [ + 'validation' => DataValidator::length(5, 200), + 'error' => ERRORS::INVALID_PASSWORD + ] + ] ]; } public function handler(){ - $this->email = Controller::request('email'); - $this->token = Controller::request('token'); - $this->password = Controller::request('password'); + $this->requestData(); + $this->changePassword(); + } + + public function requestData(){ + $this->email = Controller::request('email'); + $this->token = Controller::request('token'); + $this->password = Controller::request('password'); + } + public function changePassword(){ if ($this->email && $this->token) { $this->recoverPassword = RecoverPassword::getDatastore($this->token, 'token'); - if($this->recoverPassword){ - // TODO: borar item en base de datos - $changePassword = User::getDataStore($this->email, 'email'); + if($this->recoverPassword) { + $user = User::getDataStore($this->email, 'email'); - $changePassword->password = $this->password; + if ($user) { + $this->recoverPassword->trash(); - Response::respondSuccess('password changed'); + $user->setProperties([ + 'password' => Hashing::hashPassword($this->password) + ]); + + $user->store(); + Response::respondSuccess('password changed'); + return; + } } - }else { - Response::respondError(ERRORS::NO_PERMISSION); } + + Response::respondError(ERRORS::NO_PERMISSION); } -} \ No newline at end of file +} diff --git a/server/controllers/user/sendrecoverpassword.php b/server/controllers/user/sendrecoverpassword.php index db5973aa..46a7c8ba 100644 --- a/server/controllers/user/sendrecoverpassword.php +++ b/server/controllers/user/sendrecoverpassword.php @@ -1,35 +1,34 @@ 'any', - 'requestData' => [] + 'requestData' => [ + 'email' => [ + 'validation' => DataValidator::email(), + 'error' => ERRORS::INVALID_EMAIL + ] + ] ]; } public function handler() { - $this->email = Controller::request('email'); + $email = Controller::request('email'); - if($this->email) { - $this->token = Hashing::generateRandomToken(); + $token = Hashing::generateRandomToken(); - $recoverPassword = new RecoverPassword(); + $recoverPassword = new RecoverPassword(); + $recoverPassword->setProperties(array( + 'email' => $email, + 'token' => $token + )); + $recoverPassword->store(); - $recoverPassword->setProperties(array( - 'email' => $this->email, - 'token' => $this->token - )); - - $recoverPassword->store(); - Response::respondSuccess(); - //TODO: mandar mail con token - - } + Response::respondSuccess(); + //TODO: mandar mail con token } -} \ No newline at end of file +} diff --git a/server/models/DataStore.php b/server/models/DataStore.php index b316ad84..7a782707 100644 --- a/server/models/DataStore.php +++ b/server/models/DataStore.php @@ -72,4 +72,8 @@ abstract class DataStore { return ($validProp) ? $propToValidate : 'id'; } + + public function trash() { + RedBean::trash($this->_bean); + } } diff --git a/server/models/ERRORS.php b/server/models/ERRORS.php index a8dbe39c..33c431fa 100644 --- a/server/models/ERRORS.php +++ b/server/models/ERRORS.php @@ -3,6 +3,8 @@ class ERRORS { const INVALID_CREDENTIALS = 'User or password is not defined'; const SESSION_EXISTS = 'User is already logged in'; const NO_PERMISSION = 'You have no permission to access'; + const INVALID_EMAIL = 'Invalid email'; const INVALID_TITLE = 'Invalid title'; const INVALID_CONTENT = 'Invalid content'; + const INVALID_PASSWORD = 'Invalid password'; } diff --git a/tests/init.rb b/tests/init.rb index 76eea472..464b6615 100644 --- a/tests/init.rb +++ b/tests/init.rb @@ -10,4 +10,6 @@ require './scripts.rb' # TESTS require './user/signup.rb' require './user/login.rb' +require './user/sendrecoverpassword.rb' +require './user/recoverpassword.rb' #require './ticket/create.rb' diff --git a/tests/user/recoverpassword.rb b/tests/user/recoverpassword.rb new file mode 100644 index 00000000..f689daa2 --- /dev/null +++ b/tests/user/recoverpassword.rb @@ -0,0 +1,39 @@ +describe '/user/recoverpassword' do + @recoverEmail = 'recover@os4.com' + @newRecoverPass = 'newrecover' + + it 'should fail if email is incorrect' do + result = request('/user/recoverpassword', { + email: 'login@os4com', + password: @newRecoverPass + }) + + (result['status']).should.equal('fail'); + + result = request('/user/recoverpassword', { + email: 'loginos4.com', + password: @newRecoverPass + }) + + (result['status']).should.equal('fail'); + end + + it 'should fail if password is incorrect' do + result = request('/user/recoverpassword',{ + email: @recoverEmail, + password: 'log' + }) + + (result['status']).should.equal('fail'); + + long_text = '' + 250.times {long_text << 'a'} + + result = request('/user/recoverpassword',{ + email: @recoverEmail, + password: long_text + }) + + (result['status']).should.equal('fail'); + end +end diff --git a/tests/user/sendrecoverpassword.rb b/tests/user/sendrecoverpassword.rb new file mode 100644 index 00000000..6ec63697 --- /dev/null +++ b/tests/user/sendrecoverpassword.rb @@ -0,0 +1,27 @@ +describe '/user/sendrecoverpassword' do + @recoverEmail = 'recover@os4.com' + @recoverPass = 'recover' + + Scripts.createUser(@recoverEmail, @recoverPass) + + it 'should fail if email is incorrect' do + result = request('/user/sendrecoverpassword', { + email: 'login@os4com' + }) + + (result['status']).should.equal('fail'); + + result = request('/user/sendrecoverpassword', { + email: 'loginos4.com' + }) + + (result['status']).should.equal('fail'); + end + it 'should success if email is correct' do + result = request('/user/sendrecoverpassword', { + email: @recoverEmail + }) + + (result['status']).should.equal('success') + end +end From dc3df30ef66eb7c53731bdf8392a9dd3c664271a Mon Sep 17 00:00:00 2001 From: AntonyAntonio Date: Fri, 22 Jul 2016 04:44:55 -0300 Subject: [PATCH 4/6] (Guillermo) recover password --- server/controllers/user.php | 4 +-- server/controllers/user/recoverpassword.php | 27 ++++++++----------- .../controllers/user/sendrecoverpassword.php | 2 +- tests/init.rb | 4 +-- tests/user/recoverpassword.rb | 10 +++---- tests/user/sendrecoverpassword.rb | 8 +++--- 6 files changed, 25 insertions(+), 30 deletions(-) diff --git a/server/controllers/user.php b/server/controllers/user.php index af0e15ef..f096bb08 100644 --- a/server/controllers/user.php +++ b/server/controllers/user.php @@ -2,8 +2,8 @@ include 'user/login.php'; include 'user/signup.php'; include 'user/logout.php'; -include 'user/recoverpassword.php'; -include 'user/sendrecoverpassword.php'; +include 'user/recover-password.php'; +include 'user/send-recover-password.php'; $userControllers = new ControllerGroup(); $userControllers->setGroupPath('/user'); diff --git a/server/controllers/user/recoverpassword.php b/server/controllers/user/recoverpassword.php index 8e264d94..519968c8 100644 --- a/server/controllers/user/recoverpassword.php +++ b/server/controllers/user/recoverpassword.php @@ -2,12 +2,11 @@ use Respect\Validation\Validator as DataValidator; class RecoverPasswordController extends Controller { - const PATH = '/recoverpassword'; + const PATH = '/recover-password'; private $email; private $token; private $password; - private $recoverPassword; public function validations() { return [ @@ -36,24 +35,20 @@ class RecoverPasswordController extends Controller { $this->password = Controller::request('password'); } public function changePassword(){ - if ($this->email && $this->token) { - $this->recoverPassword = RecoverPassword::getDatastore($this->token, 'token'); + $recoverPassword = RecoverPassword::getDatastore($this->token, 'token'); + $user = User::getDataStore($this->email, 'email'); - if($this->recoverPassword) { - $user = User::getDataStore($this->email, 'email'); + if($recoverPassword && $user) { + $recoverPassword->trash(); - if ($user) { - $this->recoverPassword->trash(); + $user->setProperties([ + 'password' => Hashing::hashPassword($this->password) + ]); - $user->setProperties([ - 'password' => Hashing::hashPassword($this->password) - ]); + $user->store(); + Response::respondSuccess('password changed'); + return; - $user->store(); - Response::respondSuccess('password changed'); - return; - } - } } Response::respondError(ERRORS::NO_PERMISSION); diff --git a/server/controllers/user/sendrecoverpassword.php b/server/controllers/user/sendrecoverpassword.php index 46a7c8ba..e8355f74 100644 --- a/server/controllers/user/sendrecoverpassword.php +++ b/server/controllers/user/sendrecoverpassword.php @@ -2,7 +2,7 @@ use Respect\Validation\Validator as DataValidator; class SendRecoverPasswordController extends Controller { - const PATH = '/sendrecoverpassword'; + const PATH = '/send-recover-password'; public function validations() { return [ diff --git a/tests/init.rb b/tests/init.rb index 464b6615..9a3a25e6 100644 --- a/tests/init.rb +++ b/tests/init.rb @@ -10,6 +10,6 @@ require './scripts.rb' # TESTS require './user/signup.rb' require './user/login.rb' -require './user/sendrecoverpassword.rb' -require './user/recoverpassword.rb' +require './user/send-recover-password.rb' +require './user/recover-password.rb' #require './ticket/create.rb' diff --git a/tests/user/recoverpassword.rb b/tests/user/recoverpassword.rb index f689daa2..7b00949f 100644 --- a/tests/user/recoverpassword.rb +++ b/tests/user/recoverpassword.rb @@ -1,16 +1,16 @@ -describe '/user/recoverpassword' do +describe '/user/recover-password' do @recoverEmail = 'recover@os4.com' @newRecoverPass = 'newrecover' it 'should fail if email is incorrect' do - result = request('/user/recoverpassword', { + result = request('/user/recover-password', { email: 'login@os4com', password: @newRecoverPass }) (result['status']).should.equal('fail'); - result = request('/user/recoverpassword', { + result = request('/user/recover-password', { email: 'loginos4.com', password: @newRecoverPass }) @@ -19,7 +19,7 @@ describe '/user/recoverpassword' do end it 'should fail if password is incorrect' do - result = request('/user/recoverpassword',{ + result = request('/user/recover-password',{ email: @recoverEmail, password: 'log' }) @@ -29,7 +29,7 @@ describe '/user/recoverpassword' do long_text = '' 250.times {long_text << 'a'} - result = request('/user/recoverpassword',{ + result = request('/user/recover-password',{ email: @recoverEmail, password: long_text }) diff --git a/tests/user/sendrecoverpassword.rb b/tests/user/sendrecoverpassword.rb index 6ec63697..4295fd49 100644 --- a/tests/user/sendrecoverpassword.rb +++ b/tests/user/sendrecoverpassword.rb @@ -1,24 +1,24 @@ -describe '/user/sendrecoverpassword' do +describe '/user/send-recover-password' do @recoverEmail = 'recover@os4.com' @recoverPass = 'recover' Scripts.createUser(@recoverEmail, @recoverPass) it 'should fail if email is incorrect' do - result = request('/user/sendrecoverpassword', { + result = request('/user/send-recover-password', { email: 'login@os4com' }) (result['status']).should.equal('fail'); - result = request('/user/sendrecoverpassword', { + result = request('/user/send-recover-password', { email: 'loginos4.com' }) (result['status']).should.equal('fail'); end it 'should success if email is correct' do - result = request('/user/sendrecoverpassword', { + result = request('/user/send-recover-password', { email: @recoverEmail }) From 7497bd0d6c4cb2d94fb70600da377f478a2ca870 Mon Sep 17 00:00:00 2001 From: AntonyAntonio Date: Mon, 25 Jul 2016 14:36:29 -0300 Subject: [PATCH 5/6] guillermo - code review changes again [skip ci] --- .../user/{recoverpassword.php => recover-password.php} | 0 .../user/{sendrecoverpassword.php => send-recover-password.php} | 0 server/models/ERRORS.php | 2 ++ 3 files changed, 2 insertions(+) rename server/controllers/user/{recoverpassword.php => recover-password.php} (100%) rename server/controllers/user/{sendrecoverpassword.php => send-recover-password.php} (100%) diff --git a/server/controllers/user/recoverpassword.php b/server/controllers/user/recover-password.php similarity index 100% rename from server/controllers/user/recoverpassword.php rename to server/controllers/user/recover-password.php diff --git a/server/controllers/user/sendrecoverpassword.php b/server/controllers/user/send-recover-password.php similarity index 100% rename from server/controllers/user/sendrecoverpassword.php rename to server/controllers/user/send-recover-password.php diff --git a/server/models/ERRORS.php b/server/models/ERRORS.php index a8dbe39c..44f8893c 100644 --- a/server/models/ERRORS.php +++ b/server/models/ERRORS.php @@ -5,4 +5,6 @@ class ERRORS { const NO_PERMISSION = 'You have no permission to access'; const INVALID_TITLE = 'Invalid title'; const INVALID_CONTENT = 'Invalid content'; + const INVALID_EMAIL = 'Invalid email'; + const INVALID_PASSWORD = 'Invalid password'; } From 74f9d048244be8e46d3c1f79b6b55521108258b8 Mon Sep 17 00:00:00 2001 From: AntonyAntonio Date: Mon, 25 Jul 2016 17:26:14 -0300 Subject: [PATCH 6/6] guillermo - code review changes again [skip ci] --- server/models/ERRORS.php | 1 + tests/user/{recoverpassword.rb => recover-password.rb} | 0 tests/user/{sendrecoverpassword.rb => send-recover-password.rb} | 0 3 files changed, 1 insertion(+) rename tests/user/{recoverpassword.rb => recover-password.rb} (100%) rename tests/user/{sendrecoverpassword.rb => send-recover-password.rb} (100%) diff --git a/server/models/ERRORS.php b/server/models/ERRORS.php index 44f8893c..4c3017ce 100644 --- a/server/models/ERRORS.php +++ b/server/models/ERRORS.php @@ -7,4 +7,5 @@ class ERRORS { const INVALID_CONTENT = 'Invalid content'; const INVALID_EMAIL = 'Invalid email'; const INVALID_PASSWORD = 'Invalid password'; + const INVALID_NAME = 'Invalid name'; } diff --git a/tests/user/recoverpassword.rb b/tests/user/recover-password.rb similarity index 100% rename from tests/user/recoverpassword.rb rename to tests/user/recover-password.rb diff --git a/tests/user/sendrecoverpassword.rb b/tests/user/send-recover-password.rb similarity index 100% rename from tests/user/sendrecoverpassword.rb rename to tests/user/send-recover-password.rb