diff --git a/.gitignore b/.gitignore index a7c2603..12dea17 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ spec/fixtures/vcr_cassettes spec/dummy/db/development.sqlite3 spec/dummy/log/development.log spec/dummy/log/test.log +spec/dummy/tmp diff --git a/Gemfile b/Gemfile index 0307388..dfdde6a 100644 --- a/Gemfile +++ b/Gemfile @@ -8,6 +8,7 @@ gem 'sqlite3', '~> 1.3' group :development do gem 'pry' gem 'pry-byebug' + gem 'sass-rails' end group :test do diff --git a/app/controllers/stormpath/rails/passwords_controller.rb b/app/controllers/stormpath/rails/passwords_controller.rb index b178eab..2c4e311 100644 --- a/app/controllers/stormpath/rails/passwords_controller.rb +++ b/app/controllers/stormpath/rails/passwords_controller.rb @@ -17,7 +17,7 @@ def forgot end def forgot_change - result = verify_email_token params[:sptoken] + result = verify_password_token params[:sptoken] if result.success? @account_url = result.account_url diff --git a/lib/stormpath/rails/authentication.rb b/lib/stormpath/rails/authentication.rb index 6289acc..2f8ca81 100644 --- a/lib/stormpath/rails/authentication.rb +++ b/lib/stormpath/rails/authentication.rb @@ -19,6 +19,10 @@ def verify_email_token(token) Client.verify_email_token(token) end + def verify_password_token(token) + Client.verify_password_token(token) + end + def create_omniauth_user(provider, access_token) Client.create_omniauth_user(provider, access_token) end diff --git a/lib/stormpath/rails/client.rb b/lib/stormpath/rails/client.rb index 72519bc..ab9996a 100644 --- a/lib/stormpath/rails/client.rb +++ b/lib/stormpath/rails/client.rb @@ -45,6 +45,16 @@ def self.verify_email_token(token) AccountStatus.new(result) end + def self.verify_password_token(token) + begin + result = application.password_reset_tokens.get(token).account + rescue Stormpath::Error => error + result = error.message + end + + AccountStatus.new(result) + end + def self.handle_id_site_callback(url) response = application.handle_id_site_callback(url) client.accounts.get response.account_href @@ -73,11 +83,11 @@ def self.update_password(account, password) AccountStatus.new(result) end - + def self.create_omniauth_user(provider, access_token) request = Stormpath::Provider::AccountRequest.new(provider, :access_token, access_token) application.get_provider_account(request) - end + end def self.application self.client.applications.get Stormpath::Rails.config.application.href @@ -91,7 +101,7 @@ def self.client_options if Stormpath::Rails.config.api_key.file_location_provided? Hash.new.tap { |options| options[:api_key_file_location] = Stormpath::Rails.config.api_key.file } else - Hash.new.tap do |options| + Hash.new.tap do |options| options[:api_key] = {} options[:api_key][:id] = Stormpath::Rails.config.api_key.id options[:api_key][:secret] = Stormpath::Rails.config.api_key.secret diff --git a/spec/controllers/passwords_controller_spec.rb b/spec/controllers/passwords_controller_spec.rb index 1c8f520..eebb231 100644 --- a/spec/controllers/passwords_controller_spec.rb +++ b/spec/controllers/passwords_controller_spec.rb @@ -31,7 +31,7 @@ end describe "POST #forgot_send" do - let(:account_success) { double(Stormpath::Rails::AccountStatus, success?: true, account_url: 'xyz') } + let(:account_success) { double(Stormpath::Rails::AccountStatus, success?: true, account_url: 'xyz') } before do create_test_account @@ -76,7 +76,7 @@ context "valid token" do it "renders form for password change" do - allow(controller).to receive(:verify_email_token).and_return(account_success) + allow(controller).to receive(:verify_password_token).and_return(account_success) get :forgot_change expect(response).to be_success @@ -86,7 +86,7 @@ context "invalid token" do it "renders form for password change" do - allow(controller).to receive(:verify_email_token).and_return(account_failed) + allow(controller).to receive(:verify_password_token).and_return(account_failed) get :forgot_change expect(response).to be_success @@ -101,7 +101,7 @@ let(:different_passwords) { { password: { original: 'Somepass123', repeated: 'Somepass' } } } let(:invalid_passwords) { { password: { original: 'invalid', repeated: 'invalid' } } } let(:account_success) { double(Stormpath::Rails::AccountStatus, success?: true, account_url: 'xyz') } - + after do delete_test_account end diff --git a/spec/dummy/db/migrate/20150617130646_create_rails_dummy_users.rb b/spec/dummy/db/migrate/20150617130646_create_stormpath_rails_users.rb similarity index 100% rename from spec/dummy/db/migrate/20150617130646_create_rails_dummy_users.rb rename to spec/dummy/db/migrate/20150617130646_create_stormpath_rails_users.rb diff --git a/spec/dummy/db/schema.rb b/spec/dummy/db/schema.rb index d10a148..875d642 100644 --- a/spec/dummy/db/schema.rb +++ b/spec/dummy/db/schema.rb @@ -16,6 +16,7 @@ create_table "users", force: :cascade do |t| t.datetime "created_at", null: false t.datetime "updated_at", null: false + t.string "username", null: false t.string "email", null: false t.string "given_name", null: false t.string "surname", null: false diff --git a/spec/requests/password_reset_spec.rb b/spec/requests/password_reset_spec.rb new file mode 100644 index 0000000..3575cb3 --- /dev/null +++ b/spec/requests/password_reset_spec.rb @@ -0,0 +1,33 @@ +require 'spec_helper' + +describe 'Password reset', type: :request do + let(:application) { Stormpath::Rails::Client.application } + + let(:account) { application.accounts.create(account_info) } + + let(:password_reset_token) { application.password_reset_tokens.create(email: account.email).token } + + let(:account_info) do + { + email: 'test@example.com', + givenName: 'Ruby SDK', + password: 'P@$$w0rd', + surname: 'SDK', + username: 'rubysdk' + } + end + + it 'should be able to validate token' do + get "/forgot/change?sptoken=#{password_reset_token}" + + expect(response).to be_success + expect(response.body).to include("Change Your Password") + end + + it 'should be decline invalid token' do + get "/forgot/change?sptoken=123" + + expect(response).to be_success + expect(response.body).to include("Password Reset Failed") + end +end