public function testResetPassword()
{
$userId = 1;
$timestamp = time();
$hash = Mailer::getPasswordResetHash($userId, $timestamp);
$this->get(Router::url(['controller' => 'Users', 'action' => 'resetPassword', $userId, $timestamp, $hash]));
$this->assertResponseOk();
}
/**
* Sends an email with a link that can be used in the next
* 24 hours to give the user access to the password-reset page
*
* @param int $userId
* @return boolean
*/
public static function sendPasswordResetEmail($userId)
{
$timestamp = time();
$hash = Mailer::getPasswordResetHash($userId, $timestamp);
$resetUrl = Router::url(['prefix' => false, 'controller' => 'Users', 'action' => 'resetPassword', $userId, $timestamp, $hash], true);
$email = new Email();
$usersTable = TableRegistry::get('Users');
$user = $usersTable->get($userId);
$email->template('reset_password')->subject('MACC website password reset')->to($user->email)->viewVars(compact('user', 'resetUrl'));
return $email->send();
}
public function resetPassword($userId = null, $timestamp = null, $hash = null)
{
if (!$userId || !$timestamp && !$hash) {
throw new NotFoundException('Incomplete URL for password-resetting. Did you leave out part of the URL when you copied and pasted it?');
}
if (time() - $timestamp > 60 * 60 * 24) {
throw new ForbiddenException('Sorry, that link has expired.');
}
$expectedHash = Mailer::getPasswordResetHash($userId, $timestamp);
if ($hash != $expectedHash) {
throw new ForbiddenException('Invalid security key');
}
$user = $this->Users->get($userId);
$email = $user->email;
if ($this->request->is(['post', 'put'])) {
$this->request->data['password'] = $this->request->data('new_password');
$user = $this->Users->patchEntity($user, $this->request->data(), ['fieldList' => ['password']]);
if ($this->Users->save($user)) {
$this->Flash->success('Your password has been updated.');
return $this->redirect(['action' => 'login']);
}
}
$this->request->data = [];
$this->set(['email' => $email, 'pageTitle' => 'Reset Password', 'user' => $this->Users->newEntity()]);
}
