public function testSave()
{
$user = $this->user('testUser');
$form = new PasswordResetForm($user);
$password = '******';
$form->password = $password;
$form->confirm = $form->password;
$form->save();
$user->refresh();
$this->assertTrue(PasswordUtil::validatePassword($password, $user->password));
$this->assertEquals(0, PasswordReset::model()->countByAttributes(array('userId' => $user->id)));
}
public function testSave()
{
$user = $this->user('testUser');
$form = new PasswordResetForm($user);
$password = '******';
$form->password = $password;
$form->confirm = $form->password;
$form->save();
$user->refresh();
$this->assertTrue(PasswordUtil::validatePassword($password, $user->password));
$this->assertEquals(0, PasswordReset::model()->countByAttributes(array('userId' => $user->id)));
// Test validation as well, as a "bonus", since there needn't be any
// fixture loading for it, and it thus saves a few seconds when running
// the test:
$form = new PasswordResetForm($user);
$passwords = array(false => array('n#6', 'ninininini'), true => array('D83*@)1', 'this that and the next thing'));
foreach ($passwords as $good => $passes) {
foreach ($passes as $pass) {
$form->password = $pass;
$form->confirm = $pass;
$this->assertEquals($good, $form->validate(array('password')));
}
}
}
/**
* Reset a user's password via a really basic email verification process
*
* @param type $id ID/key of the password recovery record
*/
public function actionResetPassword($id = null)
{
if (!Yii::app()->user->isGuest) {
$this->redirect(array('/profile/changePassword', 'id' => Yii::app()->user->id));
}
$this->layout = '//layouts/login';
$scenario = 'new';
$title = Yii::t('app', 'Reset Password');
$this->pageTitle = $title;
$message = Yii::t('app', 'Enter the email address associated with your user account to request a new password and username reminder.');
$request = new PasswordReset();
$resetForm = null;
if (isset($_POST['PasswordReset'])) {
// Submitting a password reset request
$request->setAttributes($_POST['PasswordReset']);
if ($request->save()) {
$request->setScenario('afterSave');
if (!$request->validate(array('email'))) {
// Create a new model. It is done this way (adding the
// validation error to a new model) so that there is a trail
// of reset request attempts that can be counted to determine
// if the user has made too many.
$oldRequest = $request;
$request = new $request();
$request->setAttributes($oldRequest->getAttributes(array('email')), false);
$request->addErrors($oldRequest->getErrors());
} else {
// A user with the corresponding email was found. Attempt to
// send the email and whatever happens, don't display the
// form again.
$scenario = 'message';
$mail = new EmailDeliveryBehavior();
$mail->credId = Credentials::model()->getDefaultUserAccount(Credentials::$sysUseId['systemNotificationEmail'], 'email');
// Compose the message & headers
$message = Yii::t('users', "You have requested to reset the password for user {user} in {appName}.", array('{user}' => $request->user->alias, '{appName}' => Yii::app()->settings->appName));
$message .= ' ' . Yii::t('users', "To finish resetting your password, please open the following link: ");
$message .= "<br /><br />" . $this->createAbsoluteUrl('/site/resetPassword') . '?' . http_build_query(array('id' => $request->id));
$message .= "<br /><br />" . Yii::t('users', "If you did not make this request, please disregard this email.");
$recipients = array('to' => array(array('', $request->email)));
// Send the email
$status = $mail->deliverEmail($recipients, Yii::app()->settings->appName . " password reset", $message);
// Set the response message accordingly.
if ($status['code'] == 200) {
$title = Yii::t('users', 'Almost Done!');
$message = Yii::t('users', 'Check your email at {email} for ' . 'further instructions to finish resetting your password.', array('{email}' => $request->email));
} else {
$title = Yii::t('users', 'Could not send email.');
$message = Yii::t('users', 'Sending of the password reset verification email failed with message: {message}', array('{message}' => $status['message']));
}
}
} else {
if ($request->limitReached) {
$scenario = 'message';
$message = Yii::t('app', 'You have made too many requests to reset passwords. ' . 'Please wait one hour before trying again.');
}
}
} else {
if ($id !== null) {
// User might have arrived here through the link in a reset email.
$scenario = 'apply';
$request = PasswordReset::model()->findByPk($id);
if ($request instanceof PasswordReset && !$request->isExpired) {
// Reset request record exists.
$user = $request->user;
if ($user instanceof User) {
// ...and is valid (points to an existing user)
//
// Default message: the password entry form (initial request)
$message = Yii::t('users', 'Enter a new password for user "{user}" ({name}):', array('{user}' => $user->alias, '{name}' => CHtml::encode($user->firstName . ' ' . $user->lastName)));
$resetForm = new PasswordResetForm($user);
if (isset($_POST['PasswordResetForm'])) {
// Handle the form submission:
$resetForm->setAttributes($_POST['PasswordResetForm']);
if ($resetForm->save()) {
// Done, success.
$scenario = 'message';
$title = Yii::t('users', 'Password Has Been Reset');
$message = Yii::t('users', 'You should now have access ' . 'as "{user}" with the new password specified.', array('{user}' => $user->alias));
}
}
} else {
// Invalid request record; it does not correspond to an
// existing user, i.e. it's an "attempt" (entering an email
// address to see if that sticks).
$scenario = 'message';
$title = Yii::t('users', 'Access Denied');
$message = Yii::t('users', 'Invalid reset key.');
}
} else {
$scenario = 'message';
$title = Yii::t('users', 'Access Denied');
if ($request->isExpired) {
$message = Yii::t('users', 'The password reset link has expired.');
} else {
$message = Yii::t('users', 'Invalid reset link.');
}
}
}
}
$this->render('resetPassword', compact('scenario', 'title', 'message', 'request', 'resetForm'));
}
/**
* Alows a user to reset their password if they initiated a forgot password request
* @param string $id
*/
public function actionResetPassword($id = NULL)
{
$this->layout = '//layouts/main';
$this->setPageTitle(Yii::t('ciims.controllers.Site', '{{app_name}} | {{label}}', array('{{app_name}}' => Cii::getConfig('name', Yii::app()->name), '{{label}}' => Yii::t('ciims.controllers.Site', 'Reset Your password'))));
$model = new PasswordResetForm();
$model->reset_key = $id;
if (!$model->validateResetKey()) {
throw new CHttpException(403, Yii::t('ciims.controllers.Site', 'The password reset key provided is invalid'));
}
if (Cii::get($_POST, 'PasswordResetForm', false)) {
$model->attributes = $_POST['PasswordResetForm'];
if ($model->save()) {
Yii::app()->user->setFlash('success', Yii::t('ciims.controllers.Site', 'Your password has been reset, and you may now login with your new password'));
$this->redirect($this->createUrl('site/login'));
}
}
$this->render('resetpassword', array('model' => $model));
}
/**
* Allows the user to change their password if provided with a valid activation ID
* @param string $id The activation ID that was emailed to the user
*/
public function actionResetPassword($id = NULL)
{
if ($id == NULL) {
throw new CHttpException(400, 'Missing Password Reset ID');
}
$user = User::model()->findByAttributes(array('activation_key' => $id));
if ($user == NULL) {
throw new CHttpException(400, 'The password reset id you supplied is invalid');
}
$form = new PasswordResetForm();
if (isset($_POST['PasswordResetForm'])) {
$form->attributes = array('user' => $user, 'password' => $_POST['PasswordResetForm']['password'], 'password_repeat' => $_POST['PasswordResetForm']['password_repeat']);
if ($form->save()) {
$this->render('resetpasswordsuccess');
Yii::app()->end();
}
}
$this->render('resetpassword', array('passwordresetform' => $form, 'id' => $id));
}
