Download as
Browse Code »

Commit 648ba45fe988cbdac346fd7c73286c0d28eef913

Authored by Victor Costa
1 parent 9c0883cb
Exists in theme-brasil-digital-from-staging and in 9 other branches angular_poc, api-article-archived, backup-7-jan-2016, captcha_serpro_plugin, login-captcha, production, resend_confirmation_email, staging, staging_rails3

api: added change password methods

Showing 4 changed files with 91 additions and 1 deletions   Show diff stats
lib/noosfero/api/api.rb
  Diff comments   View file @648ba45
@@ -29,6 +29,7 @@ module Noosfero @@ -29,6 +29,7 @@ module Noosfero
29 before { setup_multitenancy } 29 before { setup_multitenancy }
30 before { detect_stuff_by_domain } 30 before { detect_stuff_by_domain }
31 before { filter_disabled_plugins_endpoints } 31 before { filter_disabled_plugins_endpoints }
  32 + before { init_noosfero_plugins }
32 after { set_session_cookie } 33 after { set_session_cookie }
33 34
34 version 'v1' 35 version 'v1'
lib/noosfero/api/helpers.rb
  Diff comments   View file @648ba45
@@ -6,11 +6,18 @@ @@ -6,11 +6,18 @@
6 DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] 6 DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type]
7 7
8 include SanitizeParams 8 include SanitizeParams
  9 + include Noosfero::Plugin::HotSpot
  10 + include ForgotPasswordHelper
9 11
10 def set_locale 12 def set_locale
11 I18n.locale = (params[:lang] || request.env['HTTP_ACCEPT_LANGUAGE'] || 'en') 13 I18n.locale = (params[:lang] || request.env['HTTP_ACCEPT_LANGUAGE'] || 'en')
12 end 14 end
13 - 15 +
  16 + # FIXME this filter just loads @plugins
  17 + def init_noosfero_plugins
  18 + plugins
  19 + end
  20 +
14 def current_user 21 def current_user
15 private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s 22 private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
16 @current_user ||= User.find_by_private_token(private_token) 23 @current_user ||= User.find_by_private_token(private_token)
lib/noosfero/api/session.rb
  Diff comments   View file @648ba45
@@ -92,6 +92,45 @@ module Noosfero @@ -92,6 +92,45 @@ module Noosfero
92 render_api_error!(_('Token is invalid'), 412) 92 render_api_error!(_('Token is invalid'), 412)
93 end 93 end
94 end 94 end
  95 +
  96 + # Request a new password.
  97 + #
  98 + # Parameters:
  99 + # value (required) - Email or login
  100 + # Example Request:
  101 + # POST /forgot_password?value=some@mail.com
  102 + post "/forgot_password" do
  103 + requestors = fetch_requestors(params[:value])
  104 + not_found! if requestors.blank?
  105 +
  106 + requestors.each do |requestor|
  107 + ChangePassword.create!(:requestor => requestor)
  108 + end
  109 + end
  110 +
  111 + params do
  112 + requires :code, type: String, desc: _("Forgot password code")
  113 + end
  114 + # Change password
  115 + #
  116 + # Parameters:
  117 + # code (required) - Change password code
  118 + # password (required)
  119 + # password_confirmation (required)
  120 + # Example Request:
  121 + # PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret
  122 + patch "/new_password" do
  123 + change_password = ChangePassword.find_by_code(params[:code])
  124 + not_found! if change_password.nil?
  125 +
  126 + if change_password.update_attributes(:password => params[:password], :password_confirmation => params[:password_confirmation])
  127 + change_password.finish
  128 + present change_password.requestor.user, :with => Entities::UserLogin
  129 + else
  130 + something_wrong!
  131 + end
  132 + end
  133 +
95 end 134 end
96 end 135 end
97 end 136 end
test/unit/api/session_test.rb
  Diff comments   View file @648ba45
@@ -117,4 +117,47 @@ class SessionTest < ActiveSupport::TestCase @@ -117,4 +117,47 @@ class SessionTest < ActiveSupport::TestCase
117 assert_equal 412, last_response.status 117 assert_equal 412, last_response.status
118 end 118 end
119 119
  120 + should 'create task to change password by user login' do
  121 + user = create_user
  122 + params = {:value => user.login}
  123 + assert_difference 'ChangePassword.count' do
  124 + post "/api/v1/forgot_password?#{params.to_query}"
  125 + end
  126 + end
  127 +
  128 + should 'not create task to change password when user is not found' do
  129 + params = {:value => 'wronglogin'}
  130 + assert_no_difference 'ChangePassword.count' do
  131 + post "/api/v1/forgot_password?#{params.to_query}"
  132 + end
  133 + assert_equal 404, last_response.status
  134 + end
  135 +
  136 + should 'change user password and close task' do
  137 + user = create_user
  138 + task = ChangePassword.create!(:requestor => user.person)
  139 + params = {:code => task.code, :password => 'secret', :password_confirmation => 'secret'}
  140 + patch "/api/v1/new_password?#{params.to_query}"
  141 + assert_equal Task::Status::FINISHED, task.reload.status
  142 + assert user.reload.authenticated?('secret')
  143 + json = JSON.parse(last_response.body)
  144 + assert_equal user.id, json['id']
  145 + end
  146 +
  147 + should 'do not change user password when password confirmation is wrong' do
  148 + user = create_user
  149 + task = ChangePassword.create!(:requestor => user.person)
  150 + params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'}
  151 + patch "/api/v1/new_password?#{params.to_query}"
  152 + assert_equal Task::Status::ACTIVE, task.reload.status
  153 + assert !user.reload.authenticated?('secret')
  154 + assert_equal 400, last_response.status
  155 + end
  156 +
  157 + should 'render not found when provide a wrong code on password change' do
  158 + params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'}
  159 + patch "/api/v1/new_password?#{params.to_query}"
  160 + assert_equal 404, last_response.status
  161 + end
  162 +
120 end 163 end