From c02e32d8c4dab6113ef1327006c6c1a11b6493c4 Mon Sep 17 00:00:00 2001
From: wimo7083 <wimo7083@colorado.edu>
Date: Tue, 6 Nov 2018 00:39:28 -0700
Subject: [PATCH 1/4] initial work on password controller

---
 .../api/v1/users/passwords_controller.rb      | 32 +++++++++++++++++--
 app/models/user.rb                            | 24 +++++++++++++-
 .../reset_password_instructions.html.erb      |  2 +-
 config/environments/development.rb            |  2 +-
 config/routes.rb                              |  1 +
 5 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/app/controllers/api/v1/users/passwords_controller.rb b/app/controllers/api/v1/users/passwords_controller.rb
index 0eacf3a6..faa36162 100644
--- a/app/controllers/api/v1/users/passwords_controller.rb
+++ b/app/controllers/api/v1/users/passwords_controller.rb
@@ -7,16 +7,42 @@ class PasswordsController < ApiController
         #
         # @see http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable
         #
-        def reset
+        def forgot 
           user = User.find_by email: params[:email]
 
           raise 'Could not find a user with that email address' unless user.present?
-          user.send_reset_password_instructions
-
+          user.generate_password_token!
+          puts user.send_reset_password_instructions
+          puts user
           render json: { status: :ok }
         rescue StandardError => e
+          puts e.message
           render json: { errors: e.message }, status: :unprocessable_entity
         end
+
+        def reset
+          token = params[:reset_password_token].to_s
+          puts 'params'
+          puts token
+          puts params
+          user = User.with_reset_password_token(token)
+          puts 'here'
+          puts user.reset_password_token
+          begin
+            if user.present? && user.password_token_valid?
+              if user.reset_password!(params[:password])
+                render json: {status: 'ok'}, status: :ok
+              else
+                render json: {error: user.errors.full_messages}, status: :unprocessable_entity
+              end
+
+            else
+              render json: {error:  ['Link not valid or expired. Try generating a new link.']}, status: :not_found
+            end
+          rescue StandardError => e
+            puts e.message
+          end
+        end 
       end
     end
   end
diff --git a/app/models/user.rb b/app/models/user.rb
index 408002c7..cc3e355f 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -204,7 +204,28 @@ def role
     Role.find_by id: role_id
   end
 
-  private
+  def generate_password_token!
+    puts "*********** before"
+    puts self.reset_password_token
+    raw, enc = Devise.token_generator.generate(User, :reset_password_token)
+    self.reset_password_token = enc 
+    self.reset_password_sent_at = Time.now.utc
+    self.save(validate: false)
+    puts "*************************generated token"
+    return raw
+  end
+
+  def reset_password!(password)
+    self.reset_password_token = nil
+    self.encrypted_password = password
+    save!
+  end
+
+  def password_token_valid?
+    (self.reset_password_sent_at + 4.hours) > Time.now.utc
+  end
+
+ private
 
   def strip_zip_code
     zip.strip! if zip
@@ -217,4 +238,5 @@ def upcase_state
   def downcase_email
     email.downcase! if email
   end
+
 end
diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb
index 9fb387e8..18a0a906 100644
--- a/app/views/devise/mailer/reset_password_instructions.html.erb
+++ b/app/views/devise/mailer/reset_password_instructions.html.erb
@@ -3,6 +3,6 @@
 <p>Someone has requested a link to change your password. You can do this through the link below.</p>
 
 <p><%= link_to 'Change my password', "https://operationcode.org/reset_password?reset_password_token=#{@token}" %></p>
-
+<p><%= edit_user_password_url(:host=> "https://operationcode.org", :reset_password_token => @token) %></p>
 <p>If you didn't request this, please ignore this email.</p>
 <p>Your password won't change until you access the link above and create a new one.</p>
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 134572cd..8e7768d1 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -37,7 +37,7 @@
   # Raise an error on page load if there are pending migrations.
   config.active_record.migration_error = :page_load
 
-
+  config.action_mailer.default_url_options = { :host => 'localhost:3000' }
   # Raises error for missing translations
   # config.action_view.raise_on_missing_translations = true
 
diff --git a/config/routes.rb b/config/routes.rb
index 2a3e8193..4b75a2e9 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -56,6 +56,7 @@
       end
 
       namespace :users do
+        post '/passwords/forgot', to: 'passwords#forgot'
         post '/passwords/reset', to: 'passwords#reset'
       end
 

From c5db37720c54702962783fb8455065b02ff26469 Mon Sep 17 00:00:00 2001
From: wimo7083 <wimo7083@colorado.edu>
Date: Tue, 6 Nov 2018 01:03:05 -0700
Subject: [PATCH 2/4] fix linting

---
 .../api/v1/users/passwords_controller.rb      | 32 ++++++-------------
 app/models/user.rb                            | 16 ++++------
 .../reset_password_instructions.html.erb      |  1 -
 config/environments/development.rb            |  2 +-
 4 files changed, 17 insertions(+), 34 deletions(-)

diff --git a/app/controllers/api/v1/users/passwords_controller.rb b/app/controllers/api/v1/users/passwords_controller.rb
index faa36162..5a1ab0a6 100644
--- a/app/controllers/api/v1/users/passwords_controller.rb
+++ b/app/controllers/api/v1/users/passwords_controller.rb
@@ -7,42 +7,30 @@ class PasswordsController < ApiController
         #
         # @see http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable
         #
-        def forgot 
+        def forgot
           user = User.find_by email: params[:email]
-
           raise 'Could not find a user with that email address' unless user.present?
           user.generate_password_token!
-          puts user.send_reset_password_instructions
-          puts user
+          user.send_reset_password_instructions
           render json: { status: :ok }
         rescue StandardError => e
-          puts e.message
           render json: { errors: e.message }, status: :unprocessable_entity
         end
 
         def reset
           token = params[:reset_password_token].to_s
-          puts 'params'
-          puts token
-          puts params
           user = User.with_reset_password_token(token)
-          puts 'here'
-          puts user.reset_password_token
-          begin
-            if user.present? && user.password_token_valid?
-              if user.reset_password!(params[:password])
-                render json: {status: 'ok'}, status: :ok
-              else
-                render json: {error: user.errors.full_messages}, status: :unprocessable_entity
-              end
-
+          user.reset_password_token
+          if user.present? && user.password_token_valid?
+            if user.reset_password!(params[:password])
+              render json: { status: 'ok' }, status: :ok
             else
-              render json: {error:  ['Link not valid or expired. Try generating a new link.']}, status: :not_found
+              render json: { error: user.errors.full_messages }, status: :unprocessable_entity
             end
-          rescue StandardError => e
-            puts e.message
+          else
+            render json: { error: ['Link not valid or expired. Try generating a new link.'] }, status: :not_found
           end
-        end 
+        end
       end
     end
   end
diff --git a/app/models/user.rb b/app/models/user.rb
index cc3e355f..c577ed9c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -205,19 +205,16 @@ def role
   end
 
   def generate_password_token!
-    puts "*********** before"
-    puts self.reset_password_token
-    raw, enc = Devise.token_generator.generate(User, :reset_password_token)
-    self.reset_password_token = enc 
+    _raw, enc = Devise.token_generator.generate(User, :reset_password_token)
+    self.reset_password_token = enc
     self.reset_password_sent_at = Time.now.utc
     self.save(validate: false)
-    puts "*************************generated token"
-    return raw
   end
 
-  def reset_password!(password)
+  def reset_password!(new_password)
+    @password = new_password
+    self.encrypted_password = password_digest(@password) if @password.present?
     self.reset_password_token = nil
-    self.encrypted_password = password
     save!
   end
 
@@ -225,7 +222,7 @@ def password_token_valid?
     (self.reset_password_sent_at + 4.hours) > Time.now.utc
   end
 
- private
+  private
 
   def strip_zip_code
     zip.strip! if zip
@@ -238,5 +235,4 @@ def upcase_state
   def downcase_email
     email.downcase! if email
   end
-
 end
diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb
index 18a0a906..e36f57c2 100644
--- a/app/views/devise/mailer/reset_password_instructions.html.erb
+++ b/app/views/devise/mailer/reset_password_instructions.html.erb
@@ -3,6 +3,5 @@
 <p>Someone has requested a link to change your password. You can do this through the link below.</p>
 
 <p><%= link_to 'Change my password', "https://operationcode.org/reset_password?reset_password_token=#{@token}" %></p>
-<p><%= edit_user_password_url(:host=> "https://operationcode.org", :reset_password_token => @token) %></p>
 <p>If you didn't request this, please ignore this email.</p>
 <p>Your password won't change until you access the link above and create a new one.</p>
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 8e7768d1..5223b144 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -37,7 +37,7 @@
   # Raise an error on page load if there are pending migrations.
   config.active_record.migration_error = :page_load
 
-  config.action_mailer.default_url_options = { :host => 'localhost:3000' }
+  config.action_mailer.default_url_options = { host: 'localhost:3000' }
   # Raises error for missing translations
   # config.action_view.raise_on_missing_translations = true
 

From de98de0883c067cf035db885156b9c4f8720fd32 Mon Sep 17 00:00:00 2001
From: wimo7083 <wimo7083@colorado.edu>
Date: Tue, 6 Nov 2018 01:49:00 -0700
Subject: [PATCH 3/4] add route to update password

---
 app/controllers/api/v1/users/passwords_controller.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/app/controllers/api/v1/users/passwords_controller.rb b/app/controllers/api/v1/users/passwords_controller.rb
index 5a1ab0a6..da769eeb 100644
--- a/app/controllers/api/v1/users/passwords_controller.rb
+++ b/app/controllers/api/v1/users/passwords_controller.rb
@@ -31,6 +31,16 @@ def reset
             render json: { error: ['Link not valid or expired. Try generating a new link.'] }, status: :not_found
           end
         end
+
+        def update
+          render json: { error: 'Password not present' }, status: :unprocessable_entity unless params[:password].present
+
+          if current_user.reset_password(params[:password])
+            render json: { status: 'ok' }, status: :ok
+          else
+            render json: { errors: current_user.errors.full_messages }, status: :unprocessable_entity
+          end
+        end
       end
     end
   end

From 69dc506c9099c61b8ac98c6d5aa648a1bad5784f Mon Sep 17 00:00:00 2001
From: wimo7083 <wimo7083@colorado.edu>
Date: Tue, 6 Nov 2018 02:25:54 -0700
Subject: [PATCH 4/4] add route hook also

---
 config/routes.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/routes.rb b/config/routes.rb
index 4b75a2e9..67e9b0c3 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -58,6 +58,7 @@
       namespace :users do
         post '/passwords/forgot', to: 'passwords#forgot'
         post '/passwords/reset', to: 'passwords#reset'
+        put '/password/update', to: 'password#update'
       end
 
       namespace :airtable do