Download as
Browse Code »

Commit 96ba5c755103bb3da6a1170e785a22ec211040b1

Authored by Victor Costa
2 parents 32d9d2f3 648ba45f
Exists in theme-brasil-digital-from-staging and in 9 other branches angular_poc, api-article-archived, backup-7-jan-2016, captcha_serpro_plugin, login-captcha, production, resend_confirmation_email, staging, staging_rails3

Merge branch 'api' into production 

Conflicts:
	lib/noosfero/api/helpers.rb
Showing 4 changed files with 90 additions and 0 deletions   Show diff stats
lib/noosfero/api/api.rb
  Diff comments   View file @96ba5c7
@@ -31,6 +31,7 @@ module Noosfero @@ -31,6 +31,7 @@ module Noosfero
31 before { setup_multitenancy } 31 before { setup_multitenancy }
32 before { detect_stuff_by_domain } 32 before { detect_stuff_by_domain }
33 before { filter_disabled_plugins_endpoints } 33 before { filter_disabled_plugins_endpoints }
  34 + before { init_noosfero_plugins }
34 after { set_session_cookie } 35 after { set_session_cookie }
35 36
36 version 'v1' 37 version 'v1'
lib/noosfero/api/helpers.rb
  Diff comments   View file @96ba5c7
@@ -6,11 +6,18 @@ @@ -6,11 +6,18 @@
6 DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] 6 DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type]
7 7
8 include SanitizeParams 8 include SanitizeParams
  9 + include Noosfero::Plugin::HotSpot
  10 + include ForgotPasswordHelper
9 11
10 def set_locale 12 def set_locale
11 I18n.locale = (params[:lang] || request.env['HTTP_ACCEPT_LANGUAGE'] || 'en') 13 I18n.locale = (params[:lang] || request.env['HTTP_ACCEPT_LANGUAGE'] || 'en')
12 end 14 end
13 15
  16 + # FIXME this filter just loads @plugins
  17 + def init_noosfero_plugins
  18 + plugins
  19 + end
  20 +
14 def current_user 21 def current_user
15 private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s 22 private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
16 @current_user ||= User.find_by_private_token(private_token) 23 @current_user ||= User.find_by_private_token(private_token)
lib/noosfero/api/session.rb
  Diff comments   View file @96ba5c7
@@ -91,6 +91,45 @@ module Noosfero @@ -91,6 +91,45 @@ module Noosfero
91 render_api_error!(_('Token is invalid'), 412) 91 render_api_error!(_('Token is invalid'), 412)
92 end 92 end
93 end 93 end
  94 +
  95 + # Request a new password.
  96 + #
  97 + # Parameters:
  98 + # value (required) - Email or login
  99 + # Example Request:
  100 + # POST /forgot_password?value=some@mail.com
  101 + post "/forgot_password" do
  102 + requestors = fetch_requestors(params[:value])
  103 + not_found! if requestors.blank?
  104 +
  105 + requestors.each do |requestor|
  106 + ChangePassword.create!(:requestor => requestor)
  107 + end
  108 + end
  109 +
  110 + params do
  111 + requires :code, type: String, desc: _("Forgot password code")
  112 + end
  113 + # Change password
  114 + #
  115 + # Parameters:
  116 + # code (required) - Change password code
  117 + # password (required)
  118 + # password_confirmation (required)
  119 + # Example Request:
  120 + # PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret
  121 + patch "/new_password" do
  122 + change_password = ChangePassword.find_by_code(params[:code])
  123 + not_found! if change_password.nil?
  124 +
  125 + if change_password.update_attributes(:password => params[:password], :password_confirmation => params[:password_confirmation])
  126 + change_password.finish
  127 + present change_password.requestor.user, :with => Entities::UserLogin
  128 + else
  129 + something_wrong!
  130 + end
  131 + end
  132 +
94 end 133 end
95 end 134 end
96 end 135 end
test/unit/api/session_test.rb
  Diff comments   View file @96ba5c7
@@ -118,4 +118,47 @@ class SessionTest < ActiveSupport::TestCase @@ -118,4 +118,47 @@ class SessionTest < ActiveSupport::TestCase
118 assert_equal 412, last_response.status 118 assert_equal 412, last_response.status
119 end 119 end
120 120
  121 + should 'create task to change password by user login' do
  122 + user = create_user
  123 + params = {:value => user.login}
  124 + assert_difference 'ChangePassword.count' do
  125 + post "/api/v1/forgot_password?#{params.to_query}"
  126 + end
  127 + end
  128 +
  129 + should 'not create task to change password when user is not found' do
  130 + params = {:value => 'wronglogin'}
  131 + assert_no_difference 'ChangePassword.count' do
  132 + post "/api/v1/forgot_password?#{params.to_query}"
  133 + end
  134 + assert_equal 404, last_response.status
  135 + end
  136 +
  137 + should 'change user password and close task' do
  138 + user = create_user
  139 + task = ChangePassword.create!(:requestor => user.person)
  140 + params = {:code => task.code, :password => 'secret', :password_confirmation => 'secret'}
  141 + patch "/api/v1/new_password?#{params.to_query}"
  142 + assert_equal Task::Status::FINISHED, task.reload.status
  143 + assert user.reload.authenticated?('secret')
  144 + json = JSON.parse(last_response.body)
  145 + assert_equal user.id, json['id']
  146 + end
  147 +
  148 + should 'do not change user password when password confirmation is wrong' do
  149 + user = create_user
  150 + task = ChangePassword.create!(:requestor => user.person)
  151 + params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'}
  152 + patch "/api/v1/new_password?#{params.to_query}"
  153 + assert_equal Task::Status::ACTIVE, task.reload.status
  154 + assert !user.reload.authenticated?('secret')
  155 + assert_equal 400, last_response.status
  156 + end
  157 +
  158 + should 'render not found when provide a wrong code on password change' do
  159 + params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'}
  160 + patch "/api/v1/new_password?#{params.to_query}"
  161 + assert_equal 404, last_response.status
  162 + end
  163 +
121 end 164 end