stormpath · DamirSvrtan · Apr 11, 2016 · Apr 11, 2016 · Apr 11, 2016 · Apr 11, 2016
diff --git a/.gitignore b/.gitignore
@@ -11,3 +11,4 @@ spec/fixtures/vcr_cassettes
 spec/dummy/db/development.sqlite3
 spec/dummy/log/development.log
 spec/dummy/log/test.log
+spec/dummy/tmp
diff --git a/Gemfile b/Gemfile
@@ -8,6 +8,7 @@ gem 'sqlite3', '~> 1.3'
 group :development do
   gem 'pry'
   gem 'pry-byebug'
+  gem 'sass-rails'
 end
 
 group :test do

diff --git a/app/controllers/stormpath/rails/passwords_controller.rb b/app/controllers/stormpath/rails/passwords_controller.rb
@@ -17,7 +17,7 @@ def forgot
   end
 
   def forgot_change
-    result = verify_email_token params[:sptoken]
+    result = verify_password_token params[:sptoken]
 
     if result.success?
       @account_url = result.account_url

diff --git a/lib/stormpath/rails/authentication.rb b/lib/stormpath/rails/authentication.rb
@@ -19,6 +19,10 @@ def verify_email_token(token)
         Client.verify_email_token(token)
       end
 
+      def verify_password_token(token)
+        Client.verify_password_token(token)
+      end
+
       def create_omniauth_user(provider, access_token)
         Client.create_omniauth_user(provider, access_token)
       end

diff --git a/lib/stormpath/rails/client.rb b/lib/stormpath/rails/client.rb
@@ -45,6 +45,16 @@ def self.verify_email_token(token)
         AccountStatus.new(result)
       end
 
+      def self.verify_password_token(token)
+        begin
+          result = application.password_reset_tokens.get(token).account
+        rescue Stormpath::Error => error
+          result = error.message
+        end
+
+        AccountStatus.new(result)
+      end
+
       def self.handle_id_site_callback(url)
         response = application.handle_id_site_callback(url)
         client.accounts.get response.account_href
@@ -73,11 +83,11 @@ def self.update_password(account, password)
 
         AccountStatus.new(result)
       end
-      
+
       def self.create_omniauth_user(provider, access_token)
         request = Stormpath::Provider::AccountRequest.new(provider, :access_token, access_token)
         application.get_provider_account(request)
-      end 
+      end
 
       def self.application
         self.client.applications.get Stormpath::Rails.config.application.href
@@ -91,7 +101,7 @@ def self.client_options
         if Stormpath::Rails.config.api_key.file_location_provided?
           Hash.new.tap { |options| options[:api_key_file_location] = Stormpath::Rails.config.api_key.file }
         else
-          Hash.new.tap do |options| 
+          Hash.new.tap do |options|
             options[:api_key] = {}
             options[:api_key][:id] = Stormpath::Rails.config.api_key.id
             options[:api_key][:secret] = Stormpath::Rails.config.api_key.secret

diff --git a/spec/controllers/passwords_controller_spec.rb b/spec/controllers/passwords_controller_spec.rb
@@ -31,7 +31,7 @@
   end
 
   describe "POST #forgot_send" do
-    let(:account_success) { double(Stormpath::Rails::AccountStatus, success?: true, account_url: 'xyz') }  
+    let(:account_success) { double(Stormpath::Rails::AccountStatus, success?: true, account_url: 'xyz') }
 
     before do
       create_test_account
@@ -76,7 +76,7 @@
 
     context "valid token" do
       it "renders form for password change" do
-        allow(controller).to receive(:verify_email_token).and_return(account_success)
+        allow(controller).to receive(:verify_password_token).and_return(account_success)
         get :forgot_change
 
         expect(response).to be_success
@@ -86,7 +86,7 @@
 
     context "invalid token" do
       it "renders form for password change" do
-        allow(controller).to receive(:verify_email_token).and_return(account_failed)
+        allow(controller).to receive(:verify_password_token).and_return(account_failed)
         get :forgot_change
 
         expect(response).to be_success
@@ -101,7 +101,7 @@
     let(:different_passwords) { { password: { original: 'Somepass123', repeated: 'Somepass' } } }
     let(:invalid_passwords)   { { password: { original: 'invalid', repeated: 'invalid' } } }
     let(:account_success) { double(Stormpath::Rails::AccountStatus, success?: true, account_url: 'xyz') }
-    
+
     after do
       delete_test_account
     end

diff --git a/...0150617130646_create_rails_dummy_users.rb → ...617130646_create_stormpath_rails_users.rb b/...0150617130646_create_rails_dummy_users.rb → ...617130646_create_stormpath_rails_users.rb
diff --git a/spec/dummy/db/schema.rb b/spec/dummy/db/schema.rb
@@ -16,6 +16,7 @@
   create_table "users", force: :cascade do |t|
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.string   "username",   null: false
     t.string   "email",      null: false
     t.string   "given_name", null: false
     t.string   "surname",    null: false

diff --git a/spec/requests/password_reset_spec.rb b/spec/requests/password_reset_spec.rb
@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+describe 'Password reset', type: :request do
+  let(:application) { Stormpath::Rails::Client.application }
+
+  let(:account) { application.accounts.create(account_info) }
+
+  let(:password_reset_token) { application.password_reset_tokens.create(email: account.email).token }
+
+  let(:account_info) do
+    {
+      email: 'test@example.com',
+      givenName: 'Ruby SDK',
+      password: 'P@$$w0rd',
+      surname: 'SDK',
+      username: 'rubysdk'
+    }
+  end
+
+  it 'should be able to validate token' do
+    get "/forgot/change?sptoken=#{password_reset_token}"
+
+    expect(response).to be_success
+    expect(response.body).to include("Change Your Password")
+  end
+
+  it 'should be decline invalid token' do
+    get "/forgot/change?sptoken=123"
+
+    expect(response).to be_success
+    expect(response.body).to include("Password Reset Failed")
+  end
+end