Commit 648ba45fe988cbdac346fd7c73286c0d28eef913
1 parent
9c0883cb
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
api: added change password methods
Showing
4 changed files
with
91 additions
and
1 deletions
Show diff stats
lib/noosfero/api/api.rb
lib/noosfero/api/helpers.rb
| ... | ... | @@ -6,11 +6,18 @@ |
| 6 | 6 | DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] |
| 7 | 7 | |
| 8 | 8 | include SanitizeParams |
| 9 | + include Noosfero::Plugin::HotSpot | |
| 10 | + include ForgotPasswordHelper | |
| 9 | 11 | |
| 10 | 12 | def set_locale |
| 11 | 13 | I18n.locale = (params[:lang] || request.env['HTTP_ACCEPT_LANGUAGE'] || 'en') |
| 12 | 14 | end |
| 13 | - | |
| 15 | + | |
| 16 | + # FIXME this filter just loads @plugins | |
| 17 | + def init_noosfero_plugins | |
| 18 | + plugins | |
| 19 | + end | |
| 20 | + | |
| 14 | 21 | def current_user |
| 15 | 22 | private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s |
| 16 | 23 | @current_user ||= User.find_by_private_token(private_token) | ... | ... |
lib/noosfero/api/session.rb
| ... | ... | @@ -92,6 +92,45 @@ module Noosfero |
| 92 | 92 | render_api_error!(_('Token is invalid'), 412) |
| 93 | 93 | end |
| 94 | 94 | end |
| 95 | + | |
| 96 | + # Request a new password. | |
| 97 | + # | |
| 98 | + # Parameters: | |
| 99 | + # value (required) - Email or login | |
| 100 | + # Example Request: | |
| 101 | + # POST /forgot_password?value=some@mail.com | |
| 102 | + post "/forgot_password" do | |
| 103 | + requestors = fetch_requestors(params[:value]) | |
| 104 | + not_found! if requestors.blank? | |
| 105 | + | |
| 106 | + requestors.each do |requestor| | |
| 107 | + ChangePassword.create!(:requestor => requestor) | |
| 108 | + end | |
| 109 | + end | |
| 110 | + | |
| 111 | + params do | |
| 112 | + requires :code, type: String, desc: _("Forgot password code") | |
| 113 | + end | |
| 114 | + # Change password | |
| 115 | + # | |
| 116 | + # Parameters: | |
| 117 | + # code (required) - Change password code | |
| 118 | + # password (required) | |
| 119 | + # password_confirmation (required) | |
| 120 | + # Example Request: | |
| 121 | + # PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret | |
| 122 | + patch "/new_password" do | |
| 123 | + change_password = ChangePassword.find_by_code(params[:code]) | |
| 124 | + not_found! if change_password.nil? | |
| 125 | + | |
| 126 | + if change_password.update_attributes(:password => params[:password], :password_confirmation => params[:password_confirmation]) | |
| 127 | + change_password.finish | |
| 128 | + present change_password.requestor.user, :with => Entities::UserLogin | |
| 129 | + else | |
| 130 | + something_wrong! | |
| 131 | + end | |
| 132 | + end | |
| 133 | + | |
| 95 | 134 | end |
| 96 | 135 | end |
| 97 | 136 | end | ... | ... |
test/unit/api/session_test.rb
| ... | ... | @@ -117,4 +117,47 @@ class SessionTest < ActiveSupport::TestCase |
| 117 | 117 | assert_equal 412, last_response.status |
| 118 | 118 | end |
| 119 | 119 | |
| 120 | + should 'create task to change password by user login' do | |
| 121 | + user = create_user | |
| 122 | + params = {:value => user.login} | |
| 123 | + assert_difference 'ChangePassword.count' do | |
| 124 | + post "/api/v1/forgot_password?#{params.to_query}" | |
| 125 | + end | |
| 126 | + end | |
| 127 | + | |
| 128 | + should 'not create task to change password when user is not found' do | |
| 129 | + params = {:value => 'wronglogin'} | |
| 130 | + assert_no_difference 'ChangePassword.count' do | |
| 131 | + post "/api/v1/forgot_password?#{params.to_query}" | |
| 132 | + end | |
| 133 | + assert_equal 404, last_response.status | |
| 134 | + end | |
| 135 | + | |
| 136 | + should 'change user password and close task' do | |
| 137 | + user = create_user | |
| 138 | + task = ChangePassword.create!(:requestor => user.person) | |
| 139 | + params = {:code => task.code, :password => 'secret', :password_confirmation => 'secret'} | |
| 140 | + patch "/api/v1/new_password?#{params.to_query}" | |
| 141 | + assert_equal Task::Status::FINISHED, task.reload.status | |
| 142 | + assert user.reload.authenticated?('secret') | |
| 143 | + json = JSON.parse(last_response.body) | |
| 144 | + assert_equal user.id, json['id'] | |
| 145 | + end | |
| 146 | + | |
| 147 | + should 'do not change user password when password confirmation is wrong' do | |
| 148 | + user = create_user | |
| 149 | + task = ChangePassword.create!(:requestor => user.person) | |
| 150 | + params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'} | |
| 151 | + patch "/api/v1/new_password?#{params.to_query}" | |
| 152 | + assert_equal Task::Status::ACTIVE, task.reload.status | |
| 153 | + assert !user.reload.authenticated?('secret') | |
| 154 | + assert_equal 400, last_response.status | |
| 155 | + end | |
| 156 | + | |
| 157 | + should 'render not found when provide a wrong code on password change' do | |
| 158 | + params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'} | |
| 159 | + patch "/api/v1/new_password?#{params.to_query}" | |
| 160 | + assert_equal 404, last_response.status | |
| 161 | + end | |
| 162 | + | |
| 120 | 163 | end | ... | ... |