public function testShouldRefuseMultipleRequestsInShortInterval() { $user_data = UserFactory::generateUser(); $r = new Request(array('email' => $user_data['email'])); $response = ResetController::apiCreate($r); try { ResetController::apiCreate($r); } catch (InvalidParameterException $expected) { $message = $expected->getMessage(); } $this->assertEquals('passwordResetMinWait', $message); // time travel $reset_sent_at = ApiUtils::GetStringTime(time() - PASSWORD_RESET_MIN_WAIT - 1); $user = UsersDAO::FindByEmail($user_data['email']); $user->setResetSentAt($reset_sent_at); UsersDAO::save($user); ResetController::apiCreate($r); }
public function testShouldRefuseExpiredReset() { $user_data = UserFactory::generateUser(); $r = new Request(array('email' => $user_data['email'])); $response = ResetController::apiCreate($r); $user_data['password_confirmation'] = $user_data['password']; $user_data['reset_token'] = $response['token']; // Time travel $reset_sent_at = ApiUtils::GetStringTime(time() - PASSWORD_RESET_TIMEOUT - 1); $user = UsersDAO::FindByEmail($user_data['email']); $user->setResetSentAt($reset_sent_at); UsersDAO::save($user); try { $r = new Request($user_data); $response = ResetController::apiUpdate($r); } catch (InvalidParameterException $expected) { $message = $expected->getMessage(); } $this->assertEquals('passwordResetResetExpired', $message); }
/** * Creates a reset operation, the first of two steps needed to reset a * password. The first step consist of sending an email to the user with * instructions to reset he's password, if and only if the email is valid. * @param Request $r * @return array * @throws InvalidParameterException */ public static function apiCreate(Request $r) { self::ValidateCreateRequest($r); $email = $r['email']; $token = ApiUtils::GetRandomString(); $reset_digest = hash('sha1', $token); $reset_sent_at = ApiUtils::GetStringTime(); $mail = new PHPMailer(); $mail->IsSMTP(); $mail->Host = OMEGAUP_EMAIL_SMTP_HOST; $mail->SMTPAuth = true; $mail->Password = OMEGAUP_EMAIL_SMTP_PASSWORD; $mail->From = OMEGAUP_EMAIL_SMTP_FROM; $mail->Port = 465; $mail->SMTPSecure = 'ssl'; $mail->Username = OMEGAUP_EMAIL_SMTP_FROM; $mail->FromName = OMEGAUP_EMAIL_SMTP_FROM; $mail->AddAddress($email); $mail->isHTML(true); $user = UsersDAO::FindByEmail($email); $user->setResetDigest($reset_digest); $user->setResetSentAt($reset_sent_at); UsersDAO::save($user); if (IS_TEST) { return array('status' => 'ok', 'token' => $token); } global $smarty; $mail->Subject = $smarty->getConfigVariable('wordsReset'); $link = OMEGAUP_URL . '/login/password/reset/?'; $link .= 'email=' . rawurlencode($email) . '&reset_token=' . $token; $message = $smarty->getConfigVariable('wordsResetMessage'); $mail->Body = str_replace('[link]', $link, $message); if (!$mail->Send()) { self::$log->error('Failed to send mail:' . $mail->ErrorInfo); $user->setResetDigest(null); $user->setResetSentAt(null); UsersDAO::save($user); } return array('status' => 'ok', 'message' => $smarty->getConfigVariable('passwordResetRequestSuccess')); }