/**
* @inheritdoc
* @throws \yii\base\InvalidParamException
*/
public function init()
{
parent::init();
if ($this->token == null) {
throw new \RuntimeException('Token should be passed to config');
}
if ($this->token->getIsExpired() || $this->token->user === null) {
throw new InvalidParamException('Invalid token');
}
}
/**
* Resets user's password.
*
* @return bool
*/
public function resetPassword()
{
if ($this->validate()) {
$this->token->user->resetPassword($this->password);
$this->token->delete();
\Yii::$app->session->setFlash('user.recovery_finished');
return true;
}
return false;
}
/**
* Resets user's password.
*
* @param Token $token
* @return bool
*/
public function resetPassword(\dektrium\user\models\Token $token)
{
if (!$this->validate() || $token->user === null) {
return false;
}
if ($token->user->resetPassword($this->password)) {
\Yii::$app->session->setFlash('success', \Yii::t('foruser', 'Your password has been changed successfully.'));
$token->delete();
} else {
\Yii::$app->session->setFlash('danger', \Yii::t('foruser', 'An error occurred and your password has not been changed. Please try again later.'));
}
return true;
}
public static function getAuthTokenByUserId($user_id)
{
if (!$user_id) {
return false;
}
$token = BaseToken::findOne(['user_id' => $user_id, 'type' => self::TYPE_AUTH]);
if (!$token) {
$token = \Yii::createObject(['class' => BaseToken::className(), 'user_id' => $user_id, 'type' => self::TYPE_AUTH]);
} else {
$token->created_at = time();
$token->code = \Yii::$app->security->generateRandomString();
}
$token->save();
return $token->code;
}
/**
* Creates new confirmation token and sends it to the user.
*
* @return bool
*/
public function resend()
{
if (!$this->validate()) {
return false;
}
$user = $this->finder->findUserByEmail($this->email);
if ($user instanceof User && !$user->isConfirmed) {
/** @var Token $token */
$token = \Yii::createObject(['class' => Token::className(), 'user_id' => $user->id, 'type' => Token::TYPE_CONFIRMATION]);
$token->save(false);
$this->mailer->sendConfirmationMessage($user, $token);
}
\Yii::$app->session->setFlash('info', \Yii::t('user', 'A message has been sent to your email address. It contains a confirmation link that you must click to complete registration.'));
return true;
}
public function testRegister()
{
$this->model = new RegistrationForm();
$this->model->setAttributes(['email' => '*****@*****.**', 'username' => 'foobar', 'password' => 'foobar']);
/** @var User $user */
verify($this->model->register())->true();
$user = User::findOne(['email' => '*****@*****.**']);
verify('$user is instance of User', $user instanceof User)->true();
verify('email is valid', $user->email)->equals($this->model->email);
verify('username is valid', $user->username)->equals($this->model->username);
verify('password is valid', Password::validate($this->model->password, $user->password_hash))->true();
$token = Token::findOne(['user_id' => $user->id, 'type' => Token::TYPE_CONFIRMATION]);
verify($token)->notNull();
$mock = $this->getMock(RegistrationForm::className(), ['validate']);
$mock->expects($this->once())->method('validate')->will($this->returnValue(false));
verify($mock->register())->false();
}
/**
* @inheritdoc
*/
public function register()
{
if ($this->getIsNewRecord() == false) {
throw new \RuntimeException('Calling "' . __CLASS__ . '::' . __METHOD__ . '" on existing user');
}
$this->confirmed_at = $this->module->enableConfirmation ? null : time();
$this->password = $this->module->enableGeneratingPassword ? Password::generate(self::PASSWORD_MIN_LENGTH) : $this->password;
$this->trigger(self::BEFORE_REGISTER);
if (!$this->save()) {
return false;
}
if ($this->module->enableConfirmation) {
/** @var Token $token */
$token = Yii::createObject(['class' => Token::className(), 'type' => Token::TYPE_CONFIRMATION]);
$token->link('user', $this);
}
if ($this->module->enableConfirmation || $this->module->enableGeneratingPassword) {
$this->mailer->sendWelcomeMessage($this, isset($token) ? $token : null);
}
$this->trigger(self::AFTER_REGISTER);
return true;
}
/**
* This method is used to register new user account. If Module::enableConfirmation is set true, this method
* will generate new confirmation token and use mailer to send it to the user. Otherwise it will log the user in.
* If Module::enableGeneratingPassword is set true, this method will generate new 8-char password. After saving user
* to database, this method uses mailer component to send credentials (username and password) to user via email.
*
* @return bool
*/
public function register()
{
if ($this->getIsNewRecord() == false) {
throw new \RuntimeException('Calling "' . __CLASS__ . '::' . __METHOD__ . '" on existing user');
}
if ($this->module->enableConfirmation == false) {
$this->confirmed_at = time();
}
if ($this->module->enableGeneratingPassword) {
$this->password = Password::generate(8);
}
$this->trigger(self::USER_REGISTER_INIT);
if ($this->save()) {
$this->trigger(self::USER_REGISTER_DONE);
if ($this->module->enableConfirmation) {
$token = \Yii::createObject(['class' => Token::className(), 'type' => Token::TYPE_CONFIRMATION]);
$token->link('user', $this);
$this->mailer->sendConfirmationMessage($this, $token);
} else {
\Yii::$app->user->login($this);
}
if ($this->module->enableGeneratingPassword) {
$this->mailer->sendWelcomeMessage($this);
}
\Yii::$app->session->setFlash('info', $this->getFlashMessage());
\Yii::getLogger()->log('User has been registered', Logger::LEVEL_INFO);
return true;
}
\Yii::getLogger()->log('An error occurred while registering user account', Logger::LEVEL_ERROR);
return false;
}
/**
* Sends a confirmation message to both old and new email addresses with link to confirm changing of email.
*
* @throws \yii\base\InvalidConfigException
*/
protected function secureEmailChange()
{
$this->defaultEmailChange();
/** @var Token $token */
$token = Yii::createObject(['class' => Token::className(), 'user_id' => $this->user->id, 'type' => Token::TYPE_CONFIRM_OLD_EMAIL]);
$token->save(false);
$this->mailer->sendReconfirmationMessage($this->user, $token);
// unset flags if they exist
$this->user->flags &= ~User::NEW_EMAIL_CONFIRMED;
$this->user->flags &= ~User::OLD_EMAIL_CONFIRMED;
$this->user->save(false);
Yii::$app->session->setFlash('info', Yii::t('user', 'We have sent confirmation links to both old and new email addresses. You must click both links to complete your request'));
}
$I->wantTo('ensure that password recovery works');
$page = RecoveryPage::openBy($I);
$I->amGoingTo('try to request recovery token for unconfirmed account');
$user = $I->getFixture('user')->getModel('unconfirmed');
$page->recover($user->email);
$I->see('You need to confirm your email address');
$I->amGoingTo('try to request recovery token');
$user = $I->getFixture('user')->getModel('user');
$page->recover($user->email);
$I->see('You will receive an email with instructions on how to reset your password in a few minutes.');
$user = $I->grabRecord(User::className(), ['email' => $user->email]);
$token = $I->grabRecord(Token::className(), ['user_id' => $user->id, 'type' => Token::TYPE_RECOVERY]);
$I->seeInEmail(Html::encode($token->getUrl()));
$I->seeInEmailRecipients($user->email);
$I->amGoingTo('reset password with invalid token');
$user = $I->getFixture('user')->getModel('user_with_expired_recovery_token');
$token = $I->grabRecord(Token::className(), ['user_id' => $user->id, 'type' => Token::TYPE_RECOVERY]);
$I->amOnPage(Url::toRoute(['/user/recovery/reset', 'id' => $user->id, 'code' => $token->code]));
$I->see('Recovery link is invalid or out-of-date. Please try requesting a new one.');
$I->amGoingTo('reset password');
$user = $I->getFixture('user')->getModel('user_with_recovery_token');
$token = $I->grabRecord(Token::className(), ['user_id' => $user->id, 'type' => Token::TYPE_RECOVERY]);
$I->amOnPage(Url::toRoute(['/user/recovery/reset', 'id' => $user->id, 'code' => $token->code]));
$I->fillField('#recovery-form-password', 'newpass');
$I->click('Finish');
$I->see('Your password has been changed successfully.');
$page = LoginPage::openBy($I);
$page->login($user->email, 'qwerty');
$I->see('Invalid login or password');
$page->login($user->email, 'newpass');
$I->dontSee('Invalid login or password');
use yii\helpers\Html;
$I = new FunctionalTester($scenario);
$I->wantTo('ensure that account settings page work');
$page = LoginPage::openBy($I);
$user = $I->getFixture('user')->getModel('user');
$page->login($user->username, 'qwerty');
$page = SettingsPage::openBy($I);
$I->amGoingTo('check that current password is required and must be valid');
$page->update($user->email, $user->username, 'wrong');
$I->see('Current password is not valid');
$I->amGoingTo('check that email is changing properly');
$page->update('*****@*****.**', $user->username, 'qwerty');
$I->seeRecord(User::className(), ['email' => $user->email, 'unconfirmed_email' => '*****@*****.**']);
$I->see('Confirmation message has been sent to your new email address');
$user = $I->grabRecord(User::className(), ['id' => $user->id]);
$token = $I->grabRecord(Token::className(), ['user_id' => $user->id, 'type' => Token::TYPE_CONFIRM_NEW_EMAIL]);
$I->seeInEmail(Html::encode($token->getUrl()));
$I->seeInEmailRecipients($user->unconfirmed_email);
Yii::$app->user->logout();
$I->amGoingTo('log in using new email address before clicking the confirmation link');
$page = LoginPage::openBy($I);
$page->login('*****@*****.**', 'qwerty');
$I->see('Invalid login or password');
$I->amGoingTo('log in using new email address after clicking the confirmation link');
$user->attemptEmailChange($token->code);
$page->login('*****@*****.**', 'qwerty');
$I->see('Logout');
$I->seeRecord(User::className(), ['id' => 1, 'email' => '*****@*****.**', 'unconfirmed_email' => null]);
$I->amGoingTo('reset email changing process');
$page = SettingsPage::openBy($I);
$page->update('*****@*****.**', $user->username, 'qwerty');
/**
* This method is used to register new user account. If Module::enableConfirmation is set true, this method
* will generate new confirmation token and use mailer to send it to the user.
*
* @return bool
*/
public function register()
{
if ($this->getIsNewRecord() == false) {
throw new \RuntimeException('Calling "' . __CLASS__ . '::' . __METHOD__ . '" on existing user');
}
$transaction = $this->getDb()->beginTransaction();
try {
$this->confirmed_at = $this->module->enableConfirmation ? null : time();
$this->password = $this->module->enableGeneratingPassword ? Password::generate(8) : $this->password;
$this->trigger(self::BEFORE_REGISTER);
if (!$this->save()) {
$transaction->rollBack();
return false;
}
if ($this->module->enableConfirmation) {
/** @var Token $token */
$token = \Yii::createObject(['class' => Token::className(), 'type' => Token::TYPE_CONFIRMATION]);
$token->link('user', $this);
}
$this->mailer->sendWelcomeMessage($this, isset($token) ? $token : null);
$this->trigger(self::AFTER_REGISTER);
$transaction->commit();
return true;
} catch (\Exception $e) {
$transaction->rollBack();
\Yii::warning($e->getMessage());
return false;
}
}
/**
* Tests resetting of password.
*/
public function testPasswordReset()
{
$form = Yii::createObject(['class' => RecoveryForm::className(), 'scenario' => 'reset']);
$this->specify('password is required', function () use($form) {
$form->setAttributes(['password' => '']);
verify($form->validate())->false();
verify($form->getErrors('password'))->contains('Password cannot be blank.');
});
$user = Yii::createObject(User::className());
$umock = test::double($user, ['resetPassword' => true]);
$token = Yii::createObject(Token::className());
$tmock = test::double($token, ['delete' => true, 'getUser' => $user]);
$this->specify('return false if validation fails', function () use($form) {
$token = Yii::createObject(Token::className());
$mock = test::double($form, ['validate' => false]);
verify($form->resetPassword($token))->false();
$mock->verifyInvoked('validate');
test::double($form, ['validate' => true]);
});
$this->specify('return false if token is invalid', function () use($form) {
$token = Yii::createObject(Token::className());
$tmock = test::double($token, ['getUser' => null]);
verify($form->resetPassword($token))->false();
$tmock->verifyInvoked('getUser');
});
$this->specify('method sets correct flash message', function () use($form) {
$user = Yii::createObject(User::className());
$umock = test::double($user, ['resetPassword' => true]);
$token = Yii::createObject(Token::className());
$tmock = test::double($token, ['delete' => true, 'getUser' => $user]);
verify($form->resetPassword($token))->true();
verify(\Yii::$app->session->getFlash('success'))->equals('Your password has been changed successfully.');
$umock->verifyInvoked('resetPassword');
$tmock->verifyInvoked('delete');
test::double($user, ['resetPassword' => false]);
verify($form->resetPassword($token))->true();
verify(\Yii::$app->session->getFlash('danger'))->equals('An error occurred and your password has not been changed. Please try again later.');
});
}
/**
* @return \yii\db\ActiveQuery
*/
public function getTokens()
{
return $this->hasMany(\dektrium\user\models\Token::className(), ['user_id' => 'id']);
}
/**
* @return \yii\db\ActiveQuery
*/
public function getTokens()
{
return $this->hasMany(Token::className(), ['user_id' => 'id']);
}