/**
* Send a reset link to a given user.
*
* @param Request $request
* @return RedirectResponse
* @TODO: Authenticate the csrf, which must match, from the session.
*/
public function postEmail(Request $request)
{
$error = null;
$message = null;
$account = null;
$email = $request->get('email');
$ninja_name = $request->get('ninja_name');
if (!$email && !$ninja_name) {
$error = 'You must specify either an email or a ninja name!';
} else {
if ($email) {
$account = AccountFactory::findByEmail($email);
}
if (!isset($account)) {
$account = AccountFactory::findByNinjaName($ninja_name);
}
if ($account === null || !$account->id()) {
$error = 'Sorry, unable to find a matching account!';
} else {
// PWR created with default nonce
$request = PasswordResetRequest::generate($account);
if ($this->sendEmail($request->nonce, $account)) {
$message = 'Your reset email was sent!';
} else {
$error = 'Sorry, there was a problem sending to your account! Please contact support.';
}
}
}
return new RedirectResponse('/resetpassword.php?' . ($message ? 'message=' . url($message) . '&' : '') . ($error ? 'error=' . url($error) : ''));
}
public function testPostEmailCanGetAnAccountUsingANinjaName()
{
$req = Request::create('/resetpassword.php');
$req->setMethod('POST');
$char = TestAccountCreateAndDestroy::char();
$ninja_name = $char->name();
$req->query->set('ninja_name', $ninja_name);
$account = AccountFactory::findByNinjaName($ninja_name);
$controller = new PasswordController();
$controller->postEmail($req);
// Check for a matching request for the appropriate account.
$req = PasswordResetRequest::where('_account_id', '=', $account->id())->first();
$this->assertNotEmpty($req, 'Fail: Unable to find a matching password reset request.');
}
