[API] reseting password with validation #12391
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
arti0090
commented
Mar 1, 2021
arti0090
commented
| Q | A |
|---|---|
| Branch? | master |
| Bug fix? | no |
| New feature? | yes |
| BC breaks? | no |
| Deprecations? | no |
| License | MIT |
arti0090
changed the title
|
I have intentionally left comments with some changes (that tested on apiplatform v2.6) that will work when endpoint will be PATCH /request-reset-password/{token} At the moment it does not work. We first need support for that version. There should be also no issue with removing these comments as my last commit is pushed 2149e87 |
5 tasks
AdamKasp
reviewed
Mar 3, 2021
AdamKasp
reviewed
Mar 3, 2021
src/Sylius/Bundle/ApiBundle/Resources/config/api_resources/Customer.xml
Outdated
Show resolved
Hide resolved
lchrusciel
reviewed
Mar 3, 2021
src/Sylius/Bundle/ApiBundle/CommandHandler/ResetPasswordHandler.php
Outdated
Show resolved
Hide resolved
src/Sylius/Bundle/ApiBundle/DataProvider/ResetPasswordCustomerDataProvider.php
Outdated
Show resolved
Hide resolved
src/Sylius/Bundle/ApiBundle/spec/CommandHandler/RequestResetPasswordTokenHandlerSpec.php
Outdated
Show resolved
Hide resolved
arti0090
force-pushed
the
api-resetting-password-part-2
branch
2 times, most recently
from
bb0a61d
to
50384fb
Compare
arti0090
force-pushed
the
api-resetting-password-part-2
branch
from
50384fb
to
c0a15e0
Compare
lchrusciel
reviewed
Mar 3, 2021
src/Sylius/Bundle/ApiBundle/DataProvider/ResetPasswordItemDataProvider.php
Show resolved
Hide resolved
AdamKasp
approved these changes
Mar 4, 2021
src/Sylius/Bundle/ApiBundle/Resources/config/api_resources/ResetPassword.xml
Outdated
Show resolved
Hide resolved
Co-authored-by: Adam Kasperczak <adamkasperczak123@gmail.com>
lchrusciel
approved these changes
Mar 4, 2021
| use Webmozart\Assert\Assert; | ||
|
|
||
| /** @experimental */ | ||
| final class ConfirmResetPasswordValidator extends ConstraintValidator |
| $userRepository->findOneBy(['passwordResetToken' => 'TOKEN'])->willReturn($shopUser); | ||
| $metadata->getParameter('resetting')->willReturn(['token' => ['ttl' => 'P5D']]); | ||
|
|
||
| $shopUser->isPasswordRequestNonExpired(Argument::that(function(\DateInterval $dateInterval ) { |
There was a problem hiding this comment.
Suggested change
| $shopUser->isPasswordRequestNonExpired(Argument::that(function(\DateInterval $dateInterval ) { | |
| $shopUser->isPasswordRequestNonExpired(Argument::that(function(\DateInterval $dateInterval) { |
Same below
GSadee
approved these changes
Mar 4, 2021
| /** | ||
| * @When /^I follow link on (my) email to reset my password$/ | ||
| */ | ||
| public function iFollowLinkOnMyEmailToResetPassword(UserInterface $user): void |
There was a problem hiding this comment.
Suggested change
| public function iFollowLinkOnMyEmailToResetPassword(UserInterface $user): void | |
| public function iFollowLinkOnMyEmailToResetPassword(ShopUserInterface $user): void |
?
Comment on lines
+33
to
+41
| public function getResetPasswordToken(): string | ||
| { | ||
| return $this->resetPasswordToken; | ||
| } | ||
|
|
||
| public function setResetPasswordToken(string $token): void | ||
| { | ||
| $this->resetPasswordToken = $token; | ||
| } |
There was a problem hiding this comment.
Are these methods needed as $resetPasswordToken has public access?
| } | ||
|
|
||
| if ($command->getResetPasswordToken() !== $user->getPasswordResetToken()) { | ||
| throw new \InvalidArgumentException('Password reset token do not match.'); |
There was a problem hiding this comment.
Suggested change
| throw new \InvalidArgumentException('Password reset token do not match.'); | |
| throw new \InvalidArgumentException('Password reset token does not match.'); |
| throw new \InvalidArgumentException('Password reset token do not match.'); | ||
| } | ||
|
|
||
| $user->setPlainPassword($command->newPassword); |
There was a problem hiding this comment.
Do you check somewhere the new password with the password confirmation?
| <attribute name="messenger">input</attribute> | ||
|
|
||
| <collectionOperations> | ||
| <collectionOperation name="shop_password_reset_request"> |
There was a problem hiding this comment.
Suggested change
| <collectionOperation name="shop_password_reset_request"> | |
| <collectionOperation name="shop_request_reset_password"> |
| </collectionOperations> | ||
|
|
||
| <itemOperations> | ||
| <itemOperation name="shop_password_reset"> |
There was a problem hiding this comment.
Suggested change
| <itemOperation name="shop_password_reset"> | |
| <itemOperation name="shop_reset_password"> |
| <attribute name="groups">shop:reset_password:update</attribute> | ||
| </attribute> | ||
| <attribute name="openapi_context"> | ||
| <attribute name="summary">Password reset</attribute> |
There was a problem hiding this comment.
Suggested change
| <attribute name="summary">Password reset</attribute> | |
| <attribute name="summary">Resets password</attribute> |
to be consistent with other endpoints
| <attribute name="groups">shop:reset_password:create</attribute> | ||
| </attribute> | ||
| <attribute name="openapi_context"> | ||
| <attribute name="summary">Request password reset</attribute> |
There was a problem hiding this comment.
Suggested change
| <attribute name="summary">Request password reset</attribute> | |
| <attribute name="summary">Requests password reset</attribute> |
|
Thank you, @arti0090! 🎉 |
GSadee
added a commit
that referenced
this pull request
Mar 4, 2021
…ord PR (arti0090) This PR was merged into the 1.10-dev branch. Discussion ---------- | Q | A | --------------- | ----- | Branch? | master | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | License | MIT Continuation of #12391 Commits ------- 08adcf3 add missing specs and make fixes to reset password PR
GSadee
added a commit
that referenced
this pull request
Mar 5, 2021
This PR was merged into the 1.10-dev branch. Discussion ---------- | Q | A | --------------- | ----- | Branch? | master | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Related tickets | | License | MIT Continuation of #12391 <!-- - Bug fixes must be submitted against the 1.7 or 1.8 branch (the lowest possible) - Features and deprecations must be submitted against the master branch - Make sure that the correct base branch is set To be sure you are not breaking any Backward Compatibilities, check the documentation: https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html --> Commits ------- 2fdd995 [API] Adjust reset password requests
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.