Password reset

TrueSoft · May 7, 2017 · 12b0ba9 · 12b0ba9
1 parent 246a8da
commit 12b0ba9
Show file tree

Hide file tree

Showing 19 changed files with 151 additions and 142 deletions.
diff --git a/Gemfile b/Gemfile
@@ -8,4 +8,5 @@ group :development, :test do
   gem 'pg'
   gem 'simplecov'
   gem 'codeclimate-test-reporter', '~> 1.0.0'
+  gem 'letter_opener'
 end
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -58,6 +58,8 @@ GEM
       i18n (~> 0.7)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
+    addressable (2.5.0)
+      public_suffix (~> 2.0, >= 2.0.2)
     ancestry (2.2.2)
       activerecord (>= 3.0.0)
     ansi (1.5.0)
@@ -123,6 +125,10 @@ GEM
       activerecord
       kaminari-core (= 1.0.1)
     kaminari-core (1.0.1)
+    launchy (2.4.3)
+      addressable (~> 2.3)
+    letter_opener (1.4.1)
+      launchy (~> 2.2)
     loofah (2.0.3)
       nokogiri (>= 1.5.9)
     mail (2.6.4)
@@ -143,6 +149,7 @@ GEM
     nokogiri (1.7.0.1)
       mini_portile2 (~> 2.1.0)
     pg (0.20.0)
+    public_suffix (2.0.5)
     rack (2.0.1)
     rack-rewrite (1.5.1)
     rack-test (0.6.3)
@@ -216,6 +223,7 @@ PLATFORMS
 
 DEPENDENCIES
   codeclimate-test-reporter (~> 1.0.0)
+  letter_opener
   minitest-reporters
   pg
   rails-controller-testing

diff --git a/app/assets/stylesheets/spina/_login.sass b/app/assets/stylesheets/spina/_login.sass
@@ -22,6 +22,12 @@
     &:last-child
       animation-delay: .4s
 
+  .login-extra-links
+    animation-delay: .8s
+
+    .button
+      margin-right: 0
+
   img
     display: block
     margin: 0 auto 25px auto

diff --git a/app/controllers/spina/admin/password_resets_controller.rb b/app/controllers/spina/admin/password_resets_controller.rb
@@ -0,0 +1,49 @@
+module Spina
+  module Admin
+    class PasswordResetsController < AdminController
+      layout "spina/login"
+
+      skip_before_action :authorize_user
+
+      def new
+      end
+
+      def create
+        user = User.find_by(email: params[:email])
+
+        if user.present?
+          user.regenerate_password_reset_token
+          user.update_attributes!(password_reset_sent_at: Time.zone.now)
+          UserMailer.forgot_password(user).deliver_now
+          redirect_to admin_login_path, flash: {success: t('spina.forgot_password.instructions_sent')}
+        else
+          flash.now[:alert] = t('spina.forgot_password.unknown_user')
+          render :new
+        end
+      end
+
+      def edit
+        @user = User.find_by!(password_reset_token: params[:id])
+      end
+
+      def update
+        @user = User.find_by(password_reset_token: params[:id])
+
+        if @user.password_reset_sent_at < 2.hours.ago
+          redirect_to new_admin_password_reset_path, flash: {alert: t('spina.forgot_password.expired')}
+        elsif @user.update_attributes(user_params)
+          redirect_to admin_login_path, flash: {success: t('spina.forgot_password.success')}
+        else
+          render :edit
+        end
+      end
+
+      private
+
+        def user_params
+          params.require(:user).permit(:password, :password_confirmation)
+        end
+
+    end
+  end
+end
diff --git a/app/mailers/spina/user_mailer.rb b/app/mailers/spina/user_mailer.rb
@@ -0,0 +1,21 @@
+module Spina
+  class UserMailer < ActionMailer::Base
+    layout 'spina/mail'
+
+    def forgot_password(user)
+      @user = user
+
+      mail(
+        to: @user.email, 
+        from: current_account.email, 
+        subject: t('spina.forgot_password.mail_subject')
+      )
+    end
+
+    private
+
+      def current_account
+        Spina::Account.first
+      end
+  end
+end
diff --git a/app/models/spina/user.rb b/app/models/spina/user.rb
@@ -1,6 +1,7 @@
 module Spina
   class User < ApplicationRecord
     has_secure_password
+    has_secure_token :password_reset_token
 
     validates_presence_of :name, :email
     validates_presence_of :password, on: :create

diff --git a/app/views/layouts/spina/email.html.erb b/app/views/layouts/spina/email.html.erb
diff --git a/app/views/layouts/spina/mail.html.erb b/app/views/layouts/spina/mail.html.erb
@@ -0,0 +1 @@
+<%= yield %>
diff --git a/app/views/spina/admin/password_resets/edit.html.haml b/app/views/spina/admin/password_resets/edit.html.haml
@@ -0,0 +1,13 @@
+= form_for @user, url: spina.admin_password_reset_path(params[:id]), html: {id: "login_wrapper"} do |f|
+  = image_tag 'spina/admin/spina.png', class: 'animated fadeInDown'
+  - if @user.errors.any?
+    .failed-to-login.animated.fadeInDown
+      .icon.icon-cross
+      = @user.errors.full_messages.join('<br />').html_safe
+
+  .login-fields
+    = f.text_field :password, placeholder: Spina::User.human_attribute_name(:password), autofocus: true, class: "animated fadeInDown"
+
+    = f.text_field :password_confirmation, placeholder: Spina::User.human_attribute_name(:password_confirmation), class: "animated fadeInDown"
+
+  = f.button t('spina.forgot_password.save'), class: 'button button-primary animated fadeInDown'
diff --git a/app/views/spina/admin/password_resets/new.html.haml b/app/views/spina/admin/password_resets/new.html.haml
@@ -0,0 +1,13 @@
+= form_tag spina.admin_password_resets_path, method: :post, id: "login_wrapper" do
+  = image_tag 'spina/admin/spina.png'
+  - if flash[:alert].present?
+    .failed-to-login.animated.fadeInDown
+      .icon.icon-cross
+      = flash[:alert]
+
+  .login-fields
+    = text_field_tag :email, params[:email], placeholder: Spina::User.human_attribute_name(:email), autofocus: true
+
+  = button_tag t('spina.forgot_password.request'), class: 'button button-primary'
+
+  .login-extra-links= link_to t('spina.login'), spina.admin_login_path, class: 'button button-hollow button-block'
diff --git a/app/views/spina/admin/sessions/new.html.haml b/app/views/spina/admin/sessions/new.html.haml
@@ -9,4 +9,6 @@
     = text_field_tag :email, params[:email], placeholder: Spina::User.human_attribute_name(:email), autofocus: true, class: "animated fadeInDown"
     = password_field_tag :password, nil, placeholder: Spina::User.human_attribute_name(:password), class: "animated fadeInDown"
 
-  = button_tag t('spina.login'), class: 'button button-primary animated fadeInDown', data: {icon: '3'}
+  = button_tag t('spina.login'), class: 'button button-primary animated fadeInDown'
+
+  .login-extra-links.animated.fadeInDown= link_to t('spina.forgot_password.new'), spina.new_admin_password_reset_path, class: 'button button-hollow button-block'
diff --git a/app/views/spina/user_mailer/forgot_password.html.erb b/app/views/spina/user_mailer/forgot_password.html.erb
@@ -0,0 +1 @@
+You forgot your password dummy. Here's a link to setup a new one: <%= link_to 'Reset password', spina.edit_admin_password_reset_url(@user.password_reset_token) %>. It expires in 2 hours.
diff --git a/app/views/spina/user_mailer/forgot_password.txt.erb b/app/views/spina/user_mailer/forgot_password.txt.erb
@@ -0,0 +1 @@
+You forgot your password dummy. Here's a link to setup a new one: <%= spina.edit_admin_password_reset_url(@user.password_reset_token) %>. It expires in 2 hours.
diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -16,6 +16,15 @@ en:
     logout: Logout
     main_menu: Main menu
 
+    forgot_password:
+      new: Forgot password
+      request: Request new password
+      unknown_user: This user does not exist
+      save: Save new password
+      success: You can use your new password
+      mail_subject: Reset your password
+      expired: Your password reset token has expired
+
     modal:
       agree: "Yes, I'm sure"
       cancel: "No, cancel"

diff --git a/config/routes.rb b/config/routes.rb
@@ -19,6 +19,9 @@
     get "login" => "sessions#new"
     get "logout" => "sessions#destroy"
 
+    # Passwords
+    resources :password_resets
+
     # Media library
     get 'media_library' => 'photos#media_library', as: "media_library"
 

diff --git a/db/migrate/4_add_password_reset_token_to_spina_users.rb b/db/migrate/4_add_password_reset_token_to_spina_users.rb
@@ -0,0 +1,6 @@
+class AddPasswordResetTokenToSpinaUsers < ActiveRecord::Migration[5.0]
+  def change
+    add_column :spina_users, :password_reset_token, :string
+    add_column :spina_users, :password_reset_sent_at, :datetime
+  end
+end
diff --git a/test/dummy/config/environments/development.rb b/test/dummy/config/environments/development.rb
@@ -20,22 +20,11 @@
 
   # ActionMailer Config
 
-  config.action_mailer.default_url_options = { host: 'spina.dev' }
+  config.action_mailer.default_url_options = { host: 'dummy.dev' }
 
   # change to false to prevent email from being sent during development
   config.action_mailer.perform_deliveries = true
 
   config.action_mailer.raise_delivery_errors = true
-
-  # GMail configurations
-  config.action_mailer.delivery_method = :smtp
-  config.action_mailer.smtp_settings = {
-    address: "smtp.gmail.com",
-    port: 587,
-    domain: 'spina.dev',
-    user_name: ENV["TEST_GMAIL_USERNAME"],
-    password: ENV["TEST_GMAIL_PASSWORD"],
-    authentication: 'plain',
-    enable_starttls_auto: true
-  }
+  config.action_mailer.delivery_method = :letter_opener
 end
diff --git a/test/dummy/db/migrate/20170507153143_add_password_reset_token_to_spina_users.spina.rb b/test/dummy/db/migrate/20170507153143_add_password_reset_token_to_spina_users.spina.rb
@@ -0,0 +1,7 @@
+# This migration comes from spina (originally 4)
+class AddPasswordResetTokenToSpinaUsers < ActiveRecord::Migration[5.0]
+  def change
+    add_column :spina_users, :password_reset_token, :string
+    add_column :spina_users, :password_reset_sent_at, :datetime
+  end
+end
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		You forgot your password dummy. Here's a link to setup a new one: <%= link_to 'Reset password', spina.edit_admin_password_reset_url(@user.password_reset_token) %>. It expires in 2 hours.