Merge pull request #1176 from dukeofsussex/password_reset

Fixes #1174, #1175 and #1177

include/email.js

@@ -33,7 +33,7 @@ module.exports = function EmailServiceModule(pb) {
      */
     function EmailService(options) {
         if (options) {
-            this.site = pb.SiteService.getCurrentSite(options.site) || pb.SiteService.GLOBAL_SITE;
+            this.site = pb.SiteService.getCurrentSite(options.site);
             this.onlyThisSite = options.onlyThisSite || false;
         }
     }

include/security/authentication/index.js

@@ -92,9 +92,10 @@ module.exports = function AuthenticationModule(pb) {
             return cb(new Error("FormAuthentication: The postObj parameter must be an object: "+postObj), null);
         }
 
-        //call the parent function
-        var userDocument = pb.DocumentCreator.create('user', postObj);
-        FormAuthentication.super_.prototype.authenticate.apply(this, [userDocument, cb]);
+        if (postObj.password) {
+            postObj.password = pb.security.encrypt(postObj.password);
+        }
+        FormAuthentication.super_.prototype.authenticate.apply(this, [postObj, cb]);
     };
 
     /**

include/service/entities/password_reset_service.js

@@ -96,15 +96,15 @@ module.exports = function(pb) {
             }
 
             //attempt to retrieve any existing reset
-            self.getSingle({where: {userId: userObj.id}}, function(err, passwordResetObj) {
+            self.getSingle({where: {userId: userObj[pb.DAO.getIdField()].toString()}}, function(err, passwordResetObj) {
                 if (util.isError(err)) {
                     return cb(err);
                 }
 
                 //need to know if we should create the DTO or not
                 var created = !passwordResetObj;
                 if (created) {
-                    passwordResetObj = {userId: userObj.id};
+                    passwordResetObj = {userId: userObj[pb.DAO.getIdField()].toString()};
                 }
 
                 //now persist it back

include/service/entities/user_service.js

@@ -302,7 +302,7 @@ module.exports = function(pb) {
                 var options = {
                     to: user.email,
                     replacements: {
-                        'verification_url': pb.SiteService.getHostWithProtocol(siteInfo.hostname) + '/actions/user/verify_email?email=' + user.email + '&code=' + user.verification_code,
+                        'verification_url': pb.SiteService.getHostWithProtocol(siteInfo.hostname) + '/actions/user/verify_email?email=' + user.email + '&code=' + user.verificationCode,
                         'first_name': user.first_name,
                         'last_name': user.last_name
                     }
@@ -334,10 +334,10 @@ module.exports = function(pb) {
         cb = cb || util.cb;
 
         pb.log.warn('UserService: sendPasswordResetEmail is deprecated. Use PasswordResetService.sendPasswordResetEmail');
-
         var ctx = {
             emailService: new pb.EmailService({site: self.context.site}),
-            siteService: new pb.SiteService()
+            siteService: new pb.SiteService(),
+            site: self.context.site
         };
         var passwordResetService = new pb.PasswordResetService(ctx);
         passwordResetService.sendPasswordResetEmail(user, passwordReset, cb);

plugins/pencilblue/controllers/actions/admin/users/send_password_reset.js

@@ -49,7 +49,7 @@ module.exports = function(pb) {
              * @property dao
              * @type {DAO}
              */
-            self.dao = new DAO();
+            self.dao = new pb.SiteQueryService(self.getServiceContext());
 
             cb(err, true);
         };
@@ -79,10 +79,13 @@ module.exports = function(pb) {
                 }
 
                 if(!passwordReset) {
-                    passwordReset = pb.DocumentCreator.create('password_reset', {user_id: user[pb.DAO.getIdField()].toString()});
+                    passwordReset = {
+                        userId: user[pb.DAO.getIdField()].toString(),
+                        object_type: 'password_reset'
+                    };
                 }
 
-                passwordReset.verification_code = util.uniqueId();
+                passwordReset.verificationCode = util.uniqueId();
 
                 self.dao.save(passwordReset, function(err, result) {
                     if(util.isError(err)) {

plugins/pencilblue/controllers/actions/forgot_password.js

@@ -43,7 +43,9 @@ module.exports = function ForgotPasswordControllerModule(pb) {
         var ctx = this.getServiceContext();
         ctx.userService = this.userService;
         ctx.siteService = new SiteService(this.getServiceContext());
-        ctx.emailService = new EmailService(this.getServiceContext());
+
+        // Use the global email settings in a multisite environment
+        ctx.emailService = new EmailService(util.union(this.getServiceContext(), {onlyThisSite: false}));
 
         /**
          * @property passwordResetService

plugins/pencilblue/controllers/actions/setup.js

@@ -111,6 +111,7 @@ module.exports = function SetupActionControllerModule(pb) {
 
         //set the access level (role)
         post.admin = pb.SecurityService.ACCESS_ADMINISTRATOR;
+        post.locale = self.ls.language;
 
         //get call home allowance
         var callHome = 1 == post.call_home;
@@ -119,10 +120,8 @@ module.exports = function SetupActionControllerModule(pb) {
         //do setup events
         var tasks = [
             function(callback) {
-                var userDocument = pb.DocumentCreator.create('user', post);
-
-                var dao = new pb.SiteQueryService({site: pb.SiteService.GLOBAL_SITE});
-                dao.save(userDocument, callback);
+                var userService = new pb.UserService({site: pb.SiteService.GLOBAL_SITE});
+                userService.add(post, callback);
             },
             function(callback) {
                 pb.settings.set('active_theme',

plugins/pencilblue/controllers/actions/user/resend_verification.js

@@ -78,7 +78,7 @@ module.exports = function ResendVerificationModule(pb) {
                     return self.formError(self.ls.g('users.NOT_REGISTERED'), '/user/sign_up', cb);
                 }
 
-                user.verification_code = util.uniqueId();
+                user.verificationCode = util.uniqueId();
 
                 self.dao.save(user, function(err, result) {
                     if(util.isError(result)) {

plugins/pencilblue/controllers/actions/user/reset_password.js

@@ -79,7 +79,7 @@ module.exports = function (pb) {
                 if (!data.user) {
                     self.formError(self.ls.g('users.INVALID_VERIFICATION'), '/user/login', cb);
                 }
-                self.passwordResetService.getSingle({where: {userId: data.user.id + '', verificationCode: self.query.code}}, callback);
+                self.passwordResetService.getSingle({where: {userId: data.user[pb.DAO.getIdField()].toString(), verificationCode: self.query.code}}, callback);
             }],
             deletePasswordReset: ['user', 'passwordReset', function(callback, data) {
 

plugins/pencilblue/controllers/actions/user/sign_up.js

@@ -104,6 +104,8 @@ module.exports = function (pb) {
                 post.verification_code = util.uniqueId();
             }
 
+            // This is the reason why usernames are tranformed to lowercase when signing up
+            // TODO: Change sign-up behaviour in 1.0
             var user = pb.DocumentCreator.create(collection, post);
 
             self.validateUniques(user, function(err, results) {

plugins/pencilblue/controllers/actions/user/verify_email.js

@@ -49,7 +49,7 @@ module.exports = function VerifyEmailModule(pb) {
                     return;
                 }
 
-                if(unverifiedUser.verification_code !== get.code) {
+                if(unverifiedUser.verificationCode !== get.code) {
                     self.formError(self.ls.g('users.INVALID_VERIFICATION'), '/user/resend_verification', cb);
                     return;
                 }

plugins/wp_import/services/wp_xml_parse.js

@@ -46,6 +46,12 @@ module.exports = function WPXMLParseServiceModule(pb) {
          * @type {SiteQueryService}
          */
         this.siteQueryService = new pb.SiteQueryService({site: this.site, onlyThisSite: true});
+
+        /**
+         * @property service
+         * @type {UserService}
+         */
+        this.service = new pb.UserService({site: this.site, onlyThisSite: true});
     }
 
     /**
@@ -198,8 +204,7 @@ module.exports = function WPXMLParseServiceModule(pb) {
                     users[index].admin = pb.SecurityService.ACCESS_WRITER;
                     users[index].password = generatedPassword;
 
-                    var newUser = pb.DocumentCreator.create('user', users[index]);
-                    self.siteQueryService.save(newUser, function(err, result) {
+                    self.service.add(users[index], function(err, result) {
                         if (util.isError(err)) {
                             return callback(err);
                         }
@@ -208,7 +213,7 @@ module.exports = function WPXMLParseServiceModule(pb) {
                         delete users[index].password;
                         users[index].generatedPassword = generatedPassword;
                         users[index][pb.DAO.getIdField()] = result[pb.DAO.getIdField()];
-                        callback(null, newUser);
+                        callback(null, users[index]);
                     });
                 });
             };