public function testResetPassword()
{
$userId = 1;
$timestamp = time();
$hash = Mailer::getPasswordResetHash($userId, $timestamp);
$this->get(Router::url(['controller' => 'Users', 'action' => 'resetPassword', $userId, $timestamp, $hash]));
$this->assertResponseOk();
}
/**
* Sends an email with a link that can be used in the next
* 24 hours to give the user access to the password-reset page
*
* @param int $userId
* @return boolean
*/
public static function sendPasswordResetEmail($userId)
{
$timestamp = time();
$hash = Mailer::getPasswordResetHash($userId, $timestamp);
$resetUrl = Router::url(['prefix' => false, 'controller' => 'Users', 'action' => 'resetPassword', $userId, $timestamp, $hash], true);
$email = new Email();
$usersTable = TableRegistry::get('Users');
$user = $usersTable->get($userId);
$email->template('reset_password')->subject('MACC website password reset')->to($user->email)->viewVars(compact('user', 'resetUrl'));
return $email->send();
}
/**
* Add method
*
* @return \App\Controller\Response
*/
public function add()
{
$user = $this->Users->newEntity();
if ($this->request->is('post') || $this->request->is('put')) {
$this->request->data['password'] = $this->request->data['new_password'];
if (empty($this->request->data['client_communities'][0]['id'])) {
$this->request->data['client_communities'] = [];
}
// Ignore ClientCommunity if user is not a client
if ($this->request->data['role'] != 'client') {
unset($this->request->data['client_communities']);
}
$user = $this->Users->patchEntity($user, $this->request->data);
$errors = $user->errors();
if (empty($errors) && $this->Users->save($user)) {
$Mailer = new Mailer();
$result = $Mailer->sendNewAccountEmail($user, $this->request->data['new_password']);
if ($result) {
$this->Flash->success('User account created and login credentials emailed');
return $this->redirect(['prefix' => 'admin', 'action' => 'index']);
} else {
$this->Users->delete($user);
$msg = 'There was an error emailing this user with their login info. No new account was created.';
$msg .= ' Please try again or contact an administrator for assistance.';
$this->Flash->error($msg);
}
} else {
$msg = 'There was an error creating this user\'s account.';
$msg .= ' Please try again or contact an administrator for assistance.';
$this->Flash->error($msg);
}
} else {
$this->request->data['all_communities'] = false;
}
$this->prepareForm($user);
$this->set(['titleForLayout' => 'Add User']);
$this->render('/Admin/Users/form');
}
/**
* Creates respondent records and sends invitation emails
*
* @param int $communityId Community ID
* @param string $respondentType Respondent / survey type
* @param int $surveyId Survey ID
* @return void
*/
public function sendInvitations($communityId, $respondentType, $surveyId)
{
$respondentsTable = TableRegistry::get('Respondents');
$this->approvedRespondents = $respondentsTable->getApprovedList($surveyId);
$this->unaddressedUnapprovedRespondents = $respondentsTable->getUnaddressedUnapprovedList($surveyId);
$this->communityId = $communityId;
$this->respondentType = $respondentType;
$this->surveyId = $surveyId;
$this->setInvitees();
$this->cleanInvitees();
$this->removeApproved();
foreach ($this->invitees as $i => $invitee) {
if ($this->isUnapproved($invitee['email'])) {
$this->approveInvitee($invitee);
continue;
}
$this->createRespondent($invitee);
}
$Mailer = new Mailer();
$success = $Mailer->sendInvitations(['surveyId' => $this->surveyId, 'communityId' => $this->communityId, 'senderEmail' => $this->Auth->user('email'), 'senderName' => $this->Auth->user('name'), 'recipients' => $this->recipients]);
if ($success) {
$this->successEmails = array_merge($this->successEmails, $this->recipients);
} else {
$this->errorEmails = array_merge($this->errorEmails, $this->recipients);
}
$this->setInvitationFlashMessages();
$this->request->data = [];
}
/**
* Remind function
*
* @param string $surveyType Survey type
* @return \App\Controller\Response|\Cake\Network\Response|null
* @throws NotFoundException
* @throws ForbiddenException
*/
public function remind($surveyType)
{
$clientId = $this->getClientId();
if (!$clientId) {
return $this->chooseClientToImpersonate();
}
$communitiesTable = TableRegistry::get('Communities');
$communityId = $communitiesTable->getClientCommunityId($clientId);
if (!$communityId) {
throw new NotFoundException('Your account is not currently assigned to a community');
}
$surveysTable = TableRegistry::get('Surveys');
$surveyId = $surveysTable->getSurveyId($communityId, $surveyType);
$survey = $surveysTable->get($surveyId);
if (!$survey->active) {
throw new ForbiddenException('Reminders cannot currently be sent out: Questionnaire is inactive');
}
if ($this->request->is('post')) {
$Mailer = new Mailer();
$sender = $this->Auth->user();
if ($Mailer->sendReminders($surveyId, $sender)) {
$this->Flash->success('Reminder email successfully sent');
return $this->redirect(['prefix' => 'client', 'controller' => 'Communities', 'action' => 'index']);
}
$msg = 'There was an error sending reminder emails.';
$adminEmail = Configure::read('admin_email');
$msg .= ' Email <a href="mailto:' . $adminEmail . '">' . $adminEmail . '</a> for assistance.';
$this->Flash->error($msg);
// Redirect so that hitting refresh won't re-send POST request
return $this->redirect(['prefix' => 'client', 'controller' => 'Surveys', 'action' => 'remind', $survey->type]);
}
$respondentsTable = TableRegistry::get('Respondents');
$unresponsive = $respondentsTable->getUnresponsive($surveyId);
$this->set(['community' => $communitiesTable->get($communityId), 'survey' => $survey, 'titleForLayout' => 'Send Reminders to Community ' . ucwords($survey->type) . 's', 'unresponsive' => $unresponsive, 'unresponsiveCount' => count($unresponsive)]);
}
/**
* Add client method
*
* @param int $communityId Community ID
* @return \Cake\Network\Response|null
*/
public function addClient($communityId)
{
$community = $this->Communities->get($communityId);
$usersTable = TableRegistry::get('Users');
if ($this->request->is('post')) {
$client = $usersTable->newEntity($this->request->data());
$client->role = 'client';
$client->client_communities = [$this->Communities->get($communityId)];
$client->password = $this->request->data('unhashed_password');
$errors = $client->errors();
if (empty($errors) && $usersTable->save($client)) {
$Mailer = new Mailer();
$result = $Mailer->sendNewAccountEmail($client, $this->request->data('unhashed_password'));
if ($result) {
$msg = 'Client account created for ' . $client->name . ' and login instructions emailed';
$this->Flash->success($msg);
return $this->redirect(['action' => 'clients', $communityId]);
} else {
$msg = 'There was an error emailing account login info to ' . $client->name . '.';
$msg .= ' No new account was created. Please contact an administrator for assistance.';
$retval[] = $msg;
$usersTable->delete($client);
}
} else {
$msg = 'There was an error saving that client.';
$msg .= ' Please try again or contact an administrator for assistance.';
$this->Flash->error($msg);
}
} else {
$client = $usersTable->newEntity();
$client->unhashed_password = $usersTable->generatePassword();
}
$this->set(['client' => $client, 'communityId' => $communityId, 'communityName' => $community->name, 'salutations' => $usersTable->getSalutations(), 'role' => 'client', 'titleForLayout' => 'Add a New Client for ' . $community->name]);
}
public function resetPassword($userId = null, $timestamp = null, $hash = null)
{
if (!$userId || !$timestamp && !$hash) {
throw new NotFoundException('Incomplete URL for password-resetting. Did you leave out part of the URL when you copied and pasted it?');
}
if (time() - $timestamp > 60 * 60 * 24) {
throw new ForbiddenException('Sorry, that link has expired.');
}
$expectedHash = Mailer::getPasswordResetHash($userId, $timestamp);
if ($hash != $expectedHash) {
throw new ForbiddenException('Invalid security key');
}
$user = $this->Users->get($userId);
$email = $user->email;
if ($this->request->is(['post', 'put'])) {
$this->request->data['password'] = $this->request->data('new_password');
$user = $this->Users->patchEntity($user, $this->request->data(), ['fieldList' => ['password']]);
if ($this->Users->save($user)) {
$this->Flash->success('Your password has been updated.');
return $this->redirect(['action' => 'login']);
}
}
$this->request->data = [];
$this->set(['email' => $email, 'pageTitle' => 'Reset Password', 'user' => $this->Users->newEntity()]);
}
/**
* Method for /admin/surveys/remind
*
* @param int $surveyId Survey ID
* @return \Cake\Network\Response|null
*/
public function remind($surveyId)
{
$surveysTable = TableRegistry::get('Surveys');
$survey = $surveysTable->get($surveyId);
if (!$survey->active) {
throw new ForbiddenException('Reminders cannot currently be sent out: Questionnaire is inactive');
}
$communitiesTable = TableRegistry::get('Communities');
$community = $communitiesTable->get($survey->community_id);
if ($this->request->is('post')) {
$Mailer = new Mailer();
$sender = $this->Auth->user();
if ($Mailer->sendReminders($surveyId, $sender)) {
$this->Flash->success('Reminder email successfully sent');
return $this->redirect(['prefix' => 'admin', 'controller' => 'Surveys', 'action' => 'view', $community->id, $survey->type]);
}
$msg = 'There was an error sending reminder emails.';
$adminEmail = Configure::read('admin_email');
$msg .= ' Email <a href="mailto:' . $adminEmail . '">' . $adminEmail . '</a> for assistance.';
$this->Flash->error($msg);
// Redirect so that hitting refresh won't re-send POST request
return $this->redirect(['prefix' => 'admin', 'controller' => 'Surveys', 'action' => 'remind', $survey->id]);
}
$respondentsTable = TableRegistry::get('Respondents');
$unresponsive = $respondentsTable->getUnresponsive($surveyId);
$this->set(['community' => $community, 'survey' => $survey, 'titleForLayout' => $community->name . ': Remind Community ' . ucwords($survey->type) . 's', 'unresponsive' => $unresponsive, 'unresponsiveCount' => count($unresponsive)]);
$this->prepareAdminHeader();
$this->render('..' . DS . '..' . DS . 'Client' . DS . 'Surveys' . DS . 'remind');
}
/**
* Allows the user to enter their email address and get a link to reset their password
*
* @return void
*/
public function forgotPassword()
{
$user = $this->Users->newEntity();
if ($this->request->is('post')) {
$email = $this->request->data('email');
$email = strtolower(trim($email));
$adminEmail = Configure::read('admin_email');
if (empty($email)) {
$msg = 'Please enter the email address you registered with to have your password reset. ' . "Email <a href=\"mailto:{$adminEmail}\">{$adminEmail}</a> for assistance.";
$this->Flash->error($msg);
} else {
$userId = $this->Users->getIdWithEmail($email);
if ($userId) {
$Mailer = new Mailer();
if ($Mailer->sendPasswordResetEmail($userId)) {
$msg = 'Success! You should be shortly receiving an email with a link to reset your password.';
$this->Flash->success($msg);
$this->request->data = [];
} else {
$msg = 'There was an error sending your password-resetting email. ' . "Please try again, or email <a href=\"mailto:{$adminEmail}\">{$adminEmail}</a> for assistance.";
$this->Flash->error($msg);
}
} else {
$msg = "We couldn't find an account registered with the email address <strong>{$email}</strong>. " . 'Please make sure you spelled it correctly, and email ' . "<a href=\"mailto:{$adminEmail}\">{$adminEmail}</a> if you need assistance.";
$this->Flash->error($msg);
}
}
}
$this->set(['titleForLayout' => 'Forgot Password', 'user' => $user]);
}
