PasswordController tests & functionality #129

jadjoubran · jadjoubran · commit 2d353fd19b47 · 2016-04-18T01:47:55.000+03:00
diff --git a/angular/app/components/reset-password/reset-password.component.html b/angular/app/components/reset-password/reset-password.component.html
@@ -1,8 +1,8 @@
 <div class="ResetPassword-loader" layout="row" layout-align="center center">
-    <md-progress-circular md-mode="indeterminate" ng-if="!vm.isValidCode"></md-progress-circular>
+    <md-progress-circular md-mode="indeterminate" ng-if="!vm.isValidToken"></md-progress-circular>
 </div>
 
-<form ng-submit="vm.submit()" ng-show="vm.isValidCode">
+<form ng-submit="vm.submit()" ng-show="vm.isValidToken">
     <div>
         <md-input-container>
             <label>Password</label>
diff --git a/angular/app/components/reset-password/reset-password.component.js b/angular/app/components/reset-password/reset-password.component.js
@@ -10,31 +10,31 @@ class ResetPasswordController {
     $onInit(){
         this.password = '';
         this.password_confirmation = '';
-        this.isValidCode = false;
+        this.isValidToken = false;
 
-        this.validateCode();
+        this.verifyToken();
     }
 
-    validateCode() {
+    verifyToken() {
         let email = this.$state.params.email;
-        let code = this.$state.params.code;
+        let token = this.$state.params.token;
 
-        this.API.all('auth/reset').get('check', {
-            email, code
+        this.API.all('auth/password').get('verify', {
+            email, token
         }).then(() => {
-            this.isValidCode = true;
+            this.isValidToken = true;
         });
     }
 
     reset() {
         let data = {
             email: this.$state.params.email,
-            code: this.$state.params.code,
+            token: this.$state.params.token,
             password: this.password,
             password_confirmation: this.password_confirmation
         };
 
-        this.API.all('auth/reset').post(data).then(() => {
+        this.API.all('auth/password/reset').post(data).then(() => {
             this.ToastService.show('Password successfully changed');
             this.$state.go('app.login');
         });
diff --git a/angular/config/routes.config.js b/angular/config/routes.config.js
@@ -54,7 +54,7 @@ export function RoutesConfig($stateProvider, $urlRouterProvider) {
             }
         })
         .state('app.reset_password', {
-            url: '/reset-password/:email/:code',
+            url: '/reset-password/:email/:token',
             views: {
                 'main@': {
                     templateUrl: getView('reset-password')
diff --git a/app/Http/Controllers/Auth/PasswordResetController.php b/app/Http/Controllers/Auth/PasswordResetController.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use Mail;
+use App\User;
+use App\PasswordReset;
+use Illuminate\Http\Request;
+use App\Http\Controllers\Controller;
+
+class PasswordResetController extends Controller
+{
+    public function sendResetLinkEmail(Request $request)
+    {
+        $this->validate($request, [
+            'email' => 'required|email|exists:users,email',
+        ]);
+
+        $email = $request->email;
+        $reset = PasswordReset::create([
+            'email' => $email,
+            'token' => str_random(10)
+        ]);
+
+        $token = $reset->token;
+
+        Mail::send('auth.reset_link', compact('email', 'token'), function ($mail) use ($email) {
+            $mail->to($email)
+            ->subject('Password reset link');
+        });
+
+        return response()->success(true);
+    }
+
+    public function verify(Request $request)
+    {
+        $this->validate($request, [
+            'email' => 'required|email',
+            'token' => 'required',
+        ]);
+
+        $check = PasswordReset::whereEmail($request->email)
+        ->whereToken($request->token)
+        ->first();
+
+        if (!$check) {
+            return response()->error('Email does not exist', 422);
+        }
+        return response()->success(true);
+    }
+
+    public function reset(Request $request)
+    {
+        $this->validate($request, [
+            'email'    => 'required|email',
+            'token'    => "required|exists:password_resets,token,email,{$request->email}",
+            'password' => 'required|min:8|confirmed',
+        ]);
+
+        $user = User::whereEmail($request->email)->firstOrFail();
+        $user->password = bcrypt($request->password);
+        $user->save();
+
+        return response()->success(true);
+    }
+}
diff --git a/app/Http/routes.php b/app/Http/routes.php
@@ -22,10 +22,15 @@
 //public API routes
 $api->group(['middleware' => ['api']], function ($api) {
 
+    // Authentication Routes...
     $api->post('auth/login', 'Auth\AuthController@login');
-
     $api->post('auth/register', 'Auth\AuthController@register');
 
+    // Password Reset Routes...
+    $api->post('auth/password/email', 'Auth\PasswordResetController@sendResetLinkEmail');
+    $api->post('auth/password/verify', 'Auth\PasswordResetController@verify');
+    $api->post('auth/password/reset', 'Auth\PasswordResetController@reset');
+
 });
 
 //protected API routes with JWT (must be logged in)
diff --git a/app/PasswordReset.php b/app/PasswordReset.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace App;
+
+use Illuminate\Database\Eloquent\Model;
+
+class PasswordReset extends Model
+{
+
+    protected $fillable = ['email', 'token'];
+
+    public function setUpdatedAtAttribute($value)
+    {
+        // to disable updated_at
+    }
+}
diff --git a/database/factories/ModelFactory.php b/database/factories/ModelFactory.php
@@ -13,9 +13,16 @@
 
 $factory->define(App\User::class, function (Faker\Generator $faker) {
     return [
-        'name' => $faker->name,
-        'email' => $faker->email,
+        'name'  => $faker->name,
+        'email' => $faker->safeEmail,
         //use bcrypt('password') if you want to assert for a specific password, but it might slow down your tests
         'password' => str_random(10),
     ];
 });
+
+$factory->define(App\PasswordReset::class, function (Faker\Generator $faker) {
+    return [
+        'email'  => $faker->safeEmail,
+        'token' => str_random(10),
+    ];
+});
diff --git a/resources/views/auth/reset_link.blade.php b/resources/views/auth/reset_link.blade.php
@@ -0,0 +1,3 @@
+Your reset password link:
+
+http://localhost:8000/reset-password/{{$email}}/{{$token}}
diff --git a/tests/PasswordResetTest.php b/tests/PasswordResetTest.php
@@ -0,0 +1,102 @@
+<?php
+
+use App\PasswordReset;
+use Illuminate\Foundation\Testing\DatabaseTransactions;
+
+class PasswordResetTest extends TestCase
+{
+    use DatabaseTransactions;
+
+    public function testSendEmailWithTokenForResetPassword()
+    {
+        $user = factory(App\User::class)->create();
+
+        $this->checkEmailContent([
+            'title'   => 'Password reset link',
+            'email'   => $user->email,
+            'content' => 'reset password link', //contains
+        ]);
+
+        $this->post('/api/auth/password/email', ['email' => $user->email])
+        ->seeApiSuccess();
+    }
+
+    public function testVerifyTokenSuccessfully()
+    {
+        $reset = factory(PasswordReset::class)->create();
+
+        $this->post('/api/auth/password/verify', [
+            'email' => $reset->email,
+            'token' => $reset->token,
+            ])
+            ->seeApiSuccess();
+    }
+
+    public function testVerifyTokenUnsuccessfully()
+    {
+        $reset = factory(PasswordReset::class)->create();
+
+        $this->post('/api/auth/password/verify', [
+            'email' => $reset->email,
+            'token' => str_random(10),
+            ])
+            ->seeValidationError();
+    }
+
+
+    public function testResetPasswordWithTokenSuccessfully()
+    {
+        $user = factory(App\User::class)->create();
+        $reset = factory(PasswordReset::class)->create([
+            'email' => $user->email,
+        ]);
+
+        $newPassword = str_random(10);
+
+        $this->post('/api/auth/password/reset', [
+            'email'                 => $reset->email,
+            'token'                 => $reset->token,
+            'password'              => $newPassword,
+            'password_confirmation' => $newPassword,
+        ])
+        ->seeApiSuccess();
+
+        $user = App\User::whereEmail($reset->email)->firstOrFail();
+        $this->assertTrue(Hash::check($newPassword, $user->password));
+    }
+
+    public function testResetPasswordWithTokenUnsuccessfully()
+    {
+        $user = factory(App\User::class)->create();
+        $reset = factory(PasswordReset::class)->create([
+            'email' => $user->email,
+        ]);
+
+        $newPassword = str_random(10);
+
+        $this->post('/api/auth/password/reset', [
+            'email'                 => $reset->email,
+            'token'                 => str_random(10),
+            'password'              => $newPassword,
+            'password_confirmation' => $newPassword,
+        ])
+        ->seeApiError(422);
+    }
+
+    private function checkEmailContent($checks)
+    {
+        $mock = Mockery::mock($this->app['mailer']->getSwiftMailer());
+        $this->app['mailer']->setSwiftMailer($mock);
+
+        $mock->shouldReceive('send')
+        ->withArgs([Mockery::on(function ($message) use ($checks) {
+
+                $this->assertEquals($checks['title'], $message->getSubject());
+                $this->assertSame([$checks['email'] => null], $message->getTo());
+                $this->assertContains($checks['content'], $message->getBody());
+
+                return true;
+            }), Mockery::any()])
+            ->once();
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ export function RoutesConfig($stateProvider, $urlRouterProvider) {`
`54`	`54`	`}`
`55`	`55`	`})`
`56`	`56`	`.state('app.reset_password', {`
`57`		`- url: '/reset-password/:email/:code',`
	`57`	`+ url: '/reset-password/:email/:token',`
`58`	`58`	`views: {`
`59`	`59`	`'main@': {`
`60`	`60`	`templateUrl: getView('reset-password')`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Your reset password link:`
	`2`	`+`
	`3`	`+http://localhost:8000/reset-password/{{$email}}/{{$token}}`