/**
* Send a reset link to a given user.
*
* @return Response
* @TODO: Authenticate the csrf, which must match, from the session.
*/
public function postEmail(Container $p_dependencies)
{
$request = RequestWrapper::$request;
$error = null;
$message = null;
$account = null;
$email = $request->get('email');
$ninja_name = $request->get('ninja_name');
if (!$email && !$ninja_name) {
$error = 'You must specify either an email or a ninja name!';
} else {
if ($email) {
$account = Account::findByEmail($email);
}
if (!isset($account)) {
$account = Account::findByNinjaName($ninja_name);
}
if ($account === null || !$account->id()) {
$error = 'Sorry, unable to find a matching account!';
} else {
// PWR created with default nonce
$request = PasswordResetRequest::generate($account);
if ($this->sendEmail($request->nonce, $account)) {
$message = 'Your reset email was sent!';
} else {
$error = 'Sorry, there was a problem sending to your account! Please contact support.';
}
}
}
return new RedirectResponse('/password/?' . ($message ? 'message=' . rawurlencode($message) . '&' : '') . ($error ? 'error=' . rawurlencode($error) : ''));
}
/**
* Change account email and validate authenticity
*
* @return Response
*/
public function changeEmail()
{
// confirm_delete
$request = RequestWrapper::$request;
$player = Player::find(SessionFactory::getSession()->get('player_id'));
$self_info = $player->data();
$passW = $request->get('passw', null);
$username = $self_info['uname'];
$in_newEmail = trim($request->get('newemail'));
$in_confirmEmail = trim($request->get('confirmemail'));
$error = '';
$successMessage = '';
$verify = self::is_authentic($username, $passW);
if ($verify) {
if ($in_newEmail === $in_confirmEmail) {
$pos_account = Account::findByEmail($in_newEmail);
if ($pos_account === null) {
try {
$account = Account::findByChar($player);
$account->setActiveEmail($in_newEmail);
$account->save();
$successMessage = 'Your email has been updated.';
} catch (\InvalidArgumentException $e) {
$error = 'Your email must be a valid email address containing a domain name and no spaces.';
}
} else {
$error = 'The email you provided is already in use.';
}
} else {
$error = 'Your new emails did not match.';
}
} else {
$error = 'You did not provide the correct current password.';
}
$parts = ['error' => $error, 'successMessage' => $successMessage];
return $this->render($parts);
}
public function testFindAccountByEmailWithEmptyInput()
{
$account = Account::findByEmail(' ');
$this->assertNull($account);
}
public function testSuccessfulSignupResultsInNoConfirmation()
{
$uname = 'KnownGood';
$email = '*****@*****.**';
// Due to the nature of hotmail, hotmail emails are listed
// such that they will not be preconfirmed. This leaves an account needing confirmation.
RequestWrapper::inject(new Request(['key' => 'password1', 'cpass' => 'password1', 'send_email' => $email, 'send_name' => $uname]));
$controller = new SignupController();
$response = $controller->signup($this->m_dependencies);
$account = Account::findByEmail($email);
$player = Player::findByName($uname);
$this->assertNotNull($player);
$this->assertNotNull($account);
$query_relationship = 'SELECT count(*) FROM account_players WHERE _account_id = :id1 AND _player_id = :id2';
$account_unconfirmed = null;
if ($account && $player) {
$relationship_count = query_item($query_relationship, [':id1' => $account->id(), ':id2' => $player->id()]);
$account_unconfirmed = !$account->isConfirmed();
} else {
$relationship_count = 0;
}
$delete_player = 'DELETE FROM players WHERE player_id = :id';
$delete_account = 'DELETE FROM accounts WHERE account_id = :id';
$delete_relationship = 'DELETE FROM account_players WHERE _account_id = :id1 OR _player_id = :id2';
query($delete_player, [':id' => $player->id()]);
query($delete_account, [':id' => $account->id()]);
query($delete_relationship, [':id1' => $account->id(), ':id2' => $player->id()]);
$reflection = new \ReflectionProperty(get_class($response), 'data');
$reflection->setAccessible(true);
$response_data = $reflection->getValue($response);
$this->assertTrue($response_data['submit_successful'], 'Signup() returned error: ' . $response_data['error']);
$this->assertEquals($relationship_count, 1);
$this->assertTrue($account_unconfirmed);
}