public function testShouldRefuseMultipleRequestsInShortInterval()
{
$user_data = UserFactory::generateUser();
$r = new Request(array('email' => $user_data['email']));
$response = ResetController::apiCreate($r);
try {
ResetController::apiCreate($r);
} catch (InvalidParameterException $expected) {
$message = $expected->getMessage();
}
$this->assertEquals('passwordResetMinWait', $message);
// time travel
$reset_sent_at = ApiUtils::GetStringTime(time() - PASSWORD_RESET_MIN_WAIT - 1);
$user = UsersDAO::FindByEmail($user_data['email']);
$user->setResetSentAt($reset_sent_at);
UsersDAO::save($user);
ResetController::apiCreate($r);
}
public function testShouldRefuseExpiredReset()
{
$user_data = UserFactory::generateUser();
$r = new Request(array('email' => $user_data['email']));
$response = ResetController::apiCreate($r);
$user_data['password_confirmation'] = $user_data['password'];
$user_data['reset_token'] = $response['token'];
// Time travel
$reset_sent_at = ApiUtils::GetStringTime(time() - PASSWORD_RESET_TIMEOUT - 1);
$user = UsersDAO::FindByEmail($user_data['email']);
$user->setResetSentAt($reset_sent_at);
UsersDAO::save($user);
try {
$r = new Request($user_data);
$response = ResetController::apiUpdate($r);
} catch (InvalidParameterException $expected) {
$message = $expected->getMessage();
}
$this->assertEquals('passwordResetResetExpired', $message);
}
/**
* Creates a reset operation, the first of two steps needed to reset a
* password. The first step consist of sending an email to the user with
* instructions to reset he's password, if and only if the email is valid.
* @param Request $r
* @return array
* @throws InvalidParameterException
*/
public static function apiCreate(Request $r)
{
self::ValidateCreateRequest($r);
$email = $r['email'];
$token = ApiUtils::GetRandomString();
$reset_digest = hash('sha1', $token);
$reset_sent_at = ApiUtils::GetStringTime();
$mail = new PHPMailer();
$mail->IsSMTP();
$mail->Host = OMEGAUP_EMAIL_SMTP_HOST;
$mail->SMTPAuth = true;
$mail->Password = OMEGAUP_EMAIL_SMTP_PASSWORD;
$mail->From = OMEGAUP_EMAIL_SMTP_FROM;
$mail->Port = 465;
$mail->SMTPSecure = 'ssl';
$mail->Username = OMEGAUP_EMAIL_SMTP_FROM;
$mail->FromName = OMEGAUP_EMAIL_SMTP_FROM;
$mail->AddAddress($email);
$mail->isHTML(true);
$user = UsersDAO::FindByEmail($email);
$user->setResetDigest($reset_digest);
$user->setResetSentAt($reset_sent_at);
UsersDAO::save($user);
if (IS_TEST) {
return array('status' => 'ok', 'token' => $token);
}
global $smarty;
$mail->Subject = $smarty->getConfigVariable('wordsReset');
$link = OMEGAUP_URL . '/login/password/reset/?';
$link .= 'email=' . rawurlencode($email) . '&reset_token=' . $token;
$message = $smarty->getConfigVariable('wordsResetMessage');
$mail->Body = str_replace('[link]', $link, $message);
if (!$mail->Send()) {
self::$log->error('Failed to send mail:' . $mail->ErrorInfo);
$user->setResetDigest(null);
$user->setResetSentAt(null);
UsersDAO::save($user);
}
return array('status' => 'ok', 'message' => $smarty->getConfigVariable('passwordResetRequestSuccess'));
}
