/** * Send a reset link to a given user. * * @param Request $request * @return RedirectResponse * @TODO: Authenticate the csrf, which must match, from the session. */ public function postEmail(Request $request) { $error = null; $message = null; $account = null; $email = $request->get('email'); $ninja_name = $request->get('ninja_name'); if (!$email && !$ninja_name) { $error = 'You must specify either an email or a ninja name!'; } else { if ($email) { $account = AccountFactory::findByEmail($email); } if (!isset($account)) { $account = AccountFactory::findByNinjaName($ninja_name); } if ($account === null || !$account->id()) { $error = 'Sorry, unable to find a matching account!'; } else { // PWR created with default nonce $request = PasswordResetRequest::generate($account); if ($this->sendEmail($request->nonce, $account)) { $message = 'Your reset email was sent!'; } else { $error = 'Sorry, there was a problem sending to your account! Please contact support.'; } } } return new RedirectResponse('/resetpassword.php?' . ($message ? 'message=' . url($message) . '&' : '') . ($error ? 'error=' . url($error) : '')); }
public function testPostEmailCanGetAnAccountUsingANinjaName() { $req = Request::create('/resetpassword.php'); $req->setMethod('POST'); $char = TestAccountCreateAndDestroy::char(); $ninja_name = $char->name(); $req->query->set('ninja_name', $ninja_name); $account = AccountFactory::findByNinjaName($ninja_name); $controller = new PasswordController(); $controller->postEmail($req); // Check for a matching request for the appropriate account. $req = PasswordResetRequest::where('_account_id', '=', $account->id())->first(); $this->assertNotEmpty($req, 'Fail: Unable to find a matching password reset request.'); }