public function testIsValidGuid()
{
$this->assertTrue(ForgotPassword::isValidGuid(String::UUID()), 'Valid input was not handled correctly.');
$this->assertFalse(ForgotPassword::isValidGuid(null), 'Invalid input was not handled correctly.');
$this->assertFalse(ForgotPassword::isValidGuid(-1), 'Invalid input was not handled correctly.');
$this->assertFalse(ForgotPassword::isValidGuid(1), 'Invalid input was not handled correctly.');
$this->assertFalse(ForgotPassword::isValidGuid('sdafrgsg'), 'Invalid input was not handled correctly.');
$this->assertFalse(ForgotPassword::isValidGuid(array()), 'Invalid input was not handled correctly.');
}
/**
* Generate or complete a forgot password request.
*
* @param string $guid The id of the request, may be null.
*/
public function forgotPassword($guid = null)
{
if ($guid != null) {
if (!ForgotPassword::isValidGuid($guid)) {
$guid = null;
}
}
$this->set('createRequest', $guid == null);
if ($this->request->is('post')) {
try {
if ($guid == null) {
$data = $this->Member->createForgotPassword($this->request->data);
if ($data != false) {
$this->_sendEmail($data['email'], 'Password Reset Request', 'forgot_password', array('id' => $data['id']));
return $this->redirect(array('controller' => 'pages', 'action' => 'forgot_password_sent'));
} else {
return $this->redirect(array('controller' => 'pages', 'action' => 'home'));
}
} else {
if ($this->Member->completeForgotPassword($guid, $this->request->data)) {
$this->Session->setFlash('Password successfully set.');
return $this->redirect(array('controller' => 'members', 'action' => 'login'));
} else {
$this->Session->setFlash('Unable to set password');
return $this->redirect(array('controller' => 'pages', 'action' => 'forgot_password_error'));
}
}
} catch (InvalidStatusException $e) {
return $this->redirect(array('controller' => 'pages', 'action' => 'home'));
}
}
}
/**
* Complete a forgot password request
*
* @param string $guid The id of the forgot password request.
* @param array $data Array of data containing the user submitted e-mail.
* @return bool True if password was changed, false otherwise.
*/
public function completeForgotPassword($guid, $data)
{
if (!ForgotPassword::isValidGuid($guid)) {
return false;
}
// Need some extra validation
$forgotPasswordModel = ClassRegistry::init('ForgotPassword');
if (!isset($data) || !is_array($data)) {
return false;
}
if ((isset($data['ForgotPassword']) && isset($data['ForgotPassword']['email']) && isset($data['ForgotPassword']['new_password']) && isset($data['ForgotPassword']['new_password_confirm'])) == false) {
return false;
}
$forgotPasswordModel->set($data);
if ($forgotPasswordModel->validates()) {
$emailAddress = Hash::get($data, 'ForgotPassword.email');
$memberInfo = $this->find('first', array('conditions' => array('Member.email' => $emailAddress), 'fields' => array('Member.member_id')));
if ($memberInfo) {
$memberId = $this->getIdForMember($memberInfo);
if ($memberId > 0 && $forgotPasswordModel->isEntryValid($guid, $memberId)) {
$username = $this->getUsernameForMember($memberId);
if ($username) {
$password = Hash::get($data, 'ForgotPassword.new_password');
$dataSource = $this->getDataSource();
$dataSource->begin();
if ($this->__setPassword($username, $password, true) && $forgotPasswordModel->expireEntry($guid)) {
$dataSource->commit();
return true;
}
$dataSource->rollback();
return false;
}
}
}
}
return false;
}
