public function testClearTokensForUser()
{
$testPasswordResetToken = UserPasswordResetTokenTest::createRandomTestPasswordResetToken();
UserPasswordResetTokenService::create($testPasswordResetToken);
$user1 = $testPasswordResetToken->getUser();
$testPasswordResetToken = UserPasswordResetTokenTest::createRandomTestPasswordResetToken();
UserPasswordResetTokenService::create($testPasswordResetToken);
$user2 = $testPasswordResetToken->getUser();
$tokens = self::$entityManager->createQuery('SELECT e FROM Rexmac\\Zyndax\\Entity\\UserPasswordResetToken e')->execute();
$this->assertEquals(2, count($tokens));
UserPasswordResetTokenService::clearTokensForUser($user2);
$tokens = self::$entityManager->createQuery('SELECT e FROM Rexmac\\Zyndax\\Entity\\UserPasswordResetToken e')->execute();
$this->assertEquals(1, count($tokens));
}
/**
* Send password reset email to user
*
* @param User $user
* @param Zend_Mail_Transport_Abstract $transport [Optional] Zend mail transport class
* @return void
*/
public static function sendPasswordResetEmail(User $user, Zend_Mail_Transport_Abstract $transport = null)
{
$serverUrlHelper = new Zend_View_Helper_ServerUrl();
$urlHelper = HelperBroker::getStaticHelper('url');
$siteDomain = preg_replace('/^https?:\\/\\//', '', $serverUrlHelper->serverUrl());
$siteName = Zend_Registry::get('siteName');
$config = Zend_Registry::get('config');
$from = 'noreply@' . $siteDomain;
if (!empty($config->mail) && !empty($config->mail->from)) {
$from = $config->mail->from;
}
if (null === $transport) {
if (Zend_Session::$_unitTestEnabled) {
$transport = new MockMailTransport();
} else {
if (!empty($config->mail) && !empty($config->mail->smtp) && !empty($config->mail->smtp->host)) {
$options = $config->mail->smtp->toArray();
unset($options['host']);
$transport = new Zend_Mail_Transport_Smtp($config->mail->smtp->host, $options);
}
}
}
UserPasswordResetTokenService::collectGarbage();
// @todo cronjob?
$resetToken = sha1(mt_rand() . $user->getEmail() . mt_rand());
if (APPLICATION_ENV === 'testing') {
$resetLink = $serverUrlHelper->serverUrl() . '/resetPassword/' . $resetToken;
} else {
// @codeCoverageIgnoreStart
$resetLink = $serverUrlHelper->serverUrl() . $urlHelper->url(array('token' => $resetToken), 'resetPassword');
}
// @codeCoverageIgnoreEnd
// Clear any existing tokens
UserPasswordResetTokenService::clearTokensForUser($user);
// Generate a new token
UserPasswordResetTokenService::create(new UserPasswordResetToken(array('user' => $user, 'token' => $resetToken, 'requestDate' => new DateTime())));
$text = 'Hello ' . $user->getUsername() . ',
We recently received a request to reset your password.
Please use the following link within the next 24 hours to reset your password.
' . $resetLink . '
If you did not request to have your password reset, then please ignore this message.
Thank you,
The ' . $siteName . ' Team
';
$html = '<p>Hello ' . $user->getUsername() . ',</p>
<p>We recently received a request to reset your password.</p>
<p>Please use the following link within the next 24 hours to reset your password.</p>
<p><a href="' . $resetLink . '" title="Reset your password">' . $resetLink . '</a></p>
<p>If you did not request to have your password reset, then please ignore this message.</p>
<p>Thank you,<br>
The ' . $siteName . ' Team</p>
';
try {
Logger::info('Attempting to send email to \'' . $user->getEmail() . '\'.');
$mail = new Zend_Mail('utf-8');
$mail->setFrom($from, $siteName)->setSubject('[' . $siteName . '] Lost password')->setBodyText($text)->setBodyHtml($html)->addTo($user->getEmail());
$mail->send($transport);
} catch (Exception $e) {
Logger::crit($e->getMessage());
throw $e;
}
}
public function testResetPasswordActionWithInvalidFormData()
{
// Preparation
$user = UserService::findOneByUsername('testuser');
$this->dispatch('/user/lostpassword');
$this->getRequest()->setMethod('POST')->setPost(array('username' => $user->getUsername()));
$this->redispatch('/user/lostpassword', false);
$this->assertRedirectTo('/home', 'Failed to redirect');
$resetToken = UserPasswordResetTokenService::findOneByUser($user->getId());
$this->assertTrue(null !== $resetToken);
// Test
$this->redispatch('/user/resetpassword?token=' . $resetToken->getToken());
$this->assertNotRedirect();
$this->assertQuery('form#userPasswordResetForm');
$this->getRequest()->setMethod('POST')->setPost(array('csrf' => $this->_getFormCsrf(), 'password' => '123', 'passwordConfirm' => '123'));
$this->redispatch('/user/resetpassword?token=' . $resetToken->getToken(), false);
$this->assertNotRedirect();
$this->assertQuery('form#userPasswordResetForm');
$this->assertTrue(UserService::verifyPassword($user, 'testuser'));
}
/**
* Password reset action
*
* Allows user to reset their password.
*
* @return void
*/
public function resetpasswordAction()
{
if (Zend_Auth::getInstance()->hasIdentity()) {
return $this->_helper->redirector('index', 'index');
}
$token = $this->getRequest()->getParam('token', null);
if (null === $token || '' == $token) {
throw new UserControllerException('Invalid verification token');
}
if (null == ($passwordResetToken = UserPasswordResetTokenService::findOneByToken($token))) {
throw new UserControllerException('Invalid verification token');
}
$form = new \Application_Form_UserPasswordReset();
$request = $this->getRequest();
if ($request->isPost()) {
if ($form->isValid($request->getPost())) {
$data = $form->getValues();
// Update user's password
$user = $passwordResetToken->getUser();
$user->setPassword(UserService::encryptPassword($data['password']));
UserService::update();
// Track changes
UserEditEventService::create(array('user' => $user, 'editor' => $user, 'ip' => $this->getRequest()->getServer('REMOTE_ADDR'), 'date' => new DateTime(), 'description' => 'Password reset.'));
// Delete sender verification record
UserPasswordResetTokenService::delete($passwordResetToken);
// Redirect to login page
$this->_helper->sessionMessenger('Password reset successfully. You may now login using your new password.', 'success');
return $this->getHelper('Redirector')->gotoRoute(array(), 'login');
} else {
// Submitted form data is invalid
$this->getResponse()->setHttpResponseCode(500);
$this->view->success = 0;
}
}
$this->view->form = $form;
}