/**
* Send a reset link to a given user.
*
* @return Response
* @TODO: Authenticate the csrf, which must match, from the session.
*/
public function postEmail(Container $p_dependencies)
{
$request = RequestWrapper::$request;
$error = null;
$message = null;
$account = null;
$email = $request->get('email');
$ninja_name = $request->get('ninja_name');
if (!$email && !$ninja_name) {
$error = 'You must specify either an email or a ninja name!';
} else {
if ($email) {
$account = Account::findByEmail($email);
}
if (!isset($account)) {
$account = Account::findByNinjaName($ninja_name);
}
if ($account === null || !$account->id()) {
$error = 'Sorry, unable to find a matching account!';
} else {
// PWR created with default nonce
$request = PasswordResetRequest::generate($account);
if ($this->sendEmail($request->nonce, $account)) {
$message = 'Your reset email was sent!';
} else {
$error = 'Sorry, there was a problem sending to your account! Please contact support.';
}
}
}
return new RedirectResponse('/password/?' . ($message ? 'message=' . rawurlencode($message) . '&' : '') . ($error ? 'error=' . rawurlencode($error) : ''));
}
public function testPostResetWithInvalidatedTokenYeildsError()
{
$token = '34838383838';
PasswordResetRequest::generate($this->account, $token);
$request = Request::create('/resetpassword.php');
$request->setMethod('POST');
$request->request->set('token', $token);
$password = '******';
$request->request->set('new_password', $password);
$request->request->set('password_confirmation', $password);
$request->request->set('email', $this->account->getActiveEmail());
// Invalidate the token
PasswordResetRequest::where('_account_id', '=', $this->account->id())->update(['used' => true]);
// Now run the controller method to reset!
$controller = new PasswordController();
$response = $controller->postReset($request);
$this->assertTrue(stripos($response->getTargetUrl(), url('Token was invalid')) !== false, 'Url was [' . $response->getTargetUrl() . '] instead of expected not long enough password error url.');
// Password should be changed.
$this->assertFalse($this->checkTestPasswordMatches($password), 'Password should not have been changed on a rejection!');
}
public function testPerformingAResetInvalidatesUsedRequest()
{
$account_id = TestAccountCreateAndDestroy::account_id();
$account = AccountFactory::findById($account_id);
PasswordResetRequest::generate($account, $this->nonce = '77warkwark', false);
PasswordResetRequest::reset($account, 'new_pass34532');
$req = PasswordResetRequest::match($this->nonce);
$this->assertEmpty($req);
// Request shouldn't match because it should already be used.
}
