egov_utils 0.2.12 → 0.2.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 38c99e9ec2cf5d25aa7b814edae5f6ea40bc0daf4415ab949b3a8cbacca86bb8
-  data.tar.gz: 0befe9b58a73e45efde674697f22c116e3a82e9219e68ea3ad8bf6bf6c70f29a
+  metadata.gz: '0180df0129a941cc5e555901b831867c2540fb9fba09d2ae8ac4d174e07606d7'
+  data.tar.gz: 9790504b20a2987452da2433aa0364de5d0d6b1ad59d3646cfdf3d2b761dda4a
 SHA512:
-  metadata.gz: 73c3cef165f18c95dc3b518709ff825ff5f840b71444b471d414f2f0e0c031a17f68df0c4fa740e015109d7d7e509d7f92d3e2985f24375dc898e4fb1fbc51e9
-  data.tar.gz: c17455fe4ff7594600241b123e4100c881a0c6ba9bf9e6467c48d4b7912fbd3cc87f2891b48a1e89db0782d8a3da604a4726536acf20ed79f2e010656665c611
+  metadata.gz: c458ee913a5c0b9c6727db5283b971cec87fcbea447ee540d665201addfed1a3ca396fe5019d9d4128348bf717c711330c05e1654fc1bef4849561d90a2935b6
+  data.tar.gz: f455d3005cdaa372d499ac0fc42a288814554249cf8b909ac625b11c10673d098647fefd94c2c7e2fa994af5eecca5fca4473058a7740f70d1f9fdca648632f4

data/app/controllers/egov_utils/passwords_controller.rb

@@ -3,7 +3,38 @@ require_dependency "egov_utils/application_controller"
 module EgovUtils
   class PasswordsController < ApplicationController
 
-    skip_before_action :check_password_change
+    skip_before_action :require_login, only: [:reset, :send_reset_token, :new, :create]
+    skip_before_action :check_password_change, only: [:edit, :update]
+
+    before_action :find_user_for_reset, only: [:new, :create]
+
+    def reset
+      return render_404 unless EgovUtils::Settings.allow_password_reset?
+    end
+
+    def send_reset_token
+      return render_404 unless EgovUtils::Settings.allow_password_reset?
+      @user = EgovUtils::User.find_by(mail: params[:reset_password][:mail])
+      if @user
+        @token = @user.generate_reset_password_token
+        EgovUtils::UserMailer.password_reset(@user, @token).deliver_later if @user.save
+      end
+      redirect_to egov_utils.reset_passwords_path, notice: t('notice_reset_email_sent')
+    end
+
+    # New password for existing user - password reset
+    def new
+    end
+    def create
+      if change_password!(@user)
+        EgovUtils::UserMailer.password_change_info(@user).deliver_later
+        flash[:notice] = t(:notice_password_changed)
+        redirect_to main_app.root_path
+      else
+        flash[:warning] = t(:warning_password_not_changed)
+        redirect_to reset_passwords
+      end
+    end
 
     def edit
       @user = current_user
@@ -11,11 +42,8 @@ module EgovUtils
 
     def update
       @user = current_user
-      if @user.password_change_possible? && @user.password_check?(params[:password_change][:current_password])
-        @user.attributes = password_change_params
-        @user.must_change_password = false
-      end
-      if @user.save
+      if @user.password_check?(params[:password_change][:current_password]) && change_password!(@user)
+        EgovUtils::UserMailer.password_change_info(@user).deliver_later
         flash[:notice] = t(:notice_password_changed)
         redirect_to main_app.root_path
       else
@@ -26,9 +54,27 @@ module EgovUtils
 
     private
 
+      def find_user_for_reset
+        @token = params[:token]
+        @user = EgovUtils::User.find_by(confirmation_code: @token)
+        if @user.nil? || @user.updated_at < (Time.now - 1.hour)
+          render_404
+        else
+          @user
+        end
+      end
+
       def password_change_params
         params.require(:password_change).permit(:password, :password_confirmation)
       end
 
+      # private helpers
+      def change_password!(user)
+        return false unless @user.password_change_possible?
+        user.attributes = password_change_params
+        user.must_change_password = false
+        user.save
+      end
+
   end
 end

data/app/mailers/egov_utils/user_mailer.rb

@@ -12,6 +12,11 @@ module EgovUtils
       mail(to: user.mail, subject: t(:app_name))
     end
 
+    def password_reset(user, token)
+      @user, @token = user, token
+      mail(to: user.mail, subject: t(:app_name))
+    end
+
     def password_change_info(user)
       @user = user
       mail(to: user.mail, subject: t(:app_name))

data/app/models/egov_utils/user.rb

@@ -163,6 +163,11 @@ module EgovUtils
       false
     end
 
+    def generate_reset_password_token
+      self.confirmation_code = nil
+      generate_confirmation_code
+    end
+
     private
 
       def generate_confirmation_code

data/app/views/egov_utils/passwords/new.html.haml

@@ -0,0 +1,7 @@
+%h2= t('label_reset_password')
+
+= bootstrap_form_for(:password_change, url: egov_utils.create_password_path(@token), method: :post) do |f|
+  = f.password_field(:password)
+  = f.password_field(:password_confirmation)
+  .form-actions
+    = f.submit

data/app/views/egov_utils/passwords/reset.html.haml

@@ -0,0 +1,6 @@
+%h2= t('label_reset_password')
+
+= bootstrap_form_for(:reset_password, url: send_reset_token_passwords_path, method: :post) do |f|
+  = f.text_field(:mail)
+  .form-actions
+    = f.submit t('label_send')

data/app/views/egov_utils/sessions/new.html.haml

@@ -3,4 +3,6 @@
   = f.password_field(:password)
   = f.submit t(:label_login)
 - if EgovUtils::Settings.allow_register?
-  = link_to t('label_signup'), new_user_path, class: 'btn btn-secondary'
+  = link_to t('label_signup'), egov_utils.new_user_path, class: 'btn btn-secondary'
+- if EgovUtils::Settings.allow_password_reset?
+  = link_to t('label_forgotten_password'), egov_utils.reset_passwords_path

data/app/views/egov_utils/user_mailer/password_reset.html.erb

@@ -0,0 +1,9 @@
+<p>
+  v aplikaci <%= t(:app_name) %> jste si vyžádal/a změnu hesla, pro provedení této změny klikněte prosím <%= link_to 'sem', new_password_url(@token) %>.
+</p>
+<p>
+  Tento odkaz je platný hodinu od vyplnění žádosti.
+</p>
+<p>
+  Pokud jste o změnu hesla nežádal/a, tento e-mail ignorujte.
+</p>

data/app/views/egov_utils/user_mailer/password_reset.text.erb

@@ -0,0 +1,5 @@
+v aplikaci <%= t(:app_name) %> jste si vyžádal/a změnu hesla, pro provedení této změny přejděte prosím na tuto url: <%= new_password_url(@token) %>.
+Tento odkaz je platný hodinu od vyplnění žádosti.
+
+
+Pokud jste o změnu hesla nežádal/a, tento e-mail ignorujte.

data/app/views/errors/error_403.html.haml

@@ -1 +1 @@
-Forbidden
+= t('error_forbidden')

data/app/views/errors/error_404.html.haml

@@ -0,0 +1 @@
+= t('error_not_found')

data/config/locales/cs.yml

@@ -22,6 +22,9 @@ cs:
     cookies_text: K ukládání nastavení a správnému fungování využíváme soubory cookies. Používáním webu s jejich používáním souhlasíte.
     ok: Rozumím
 
+  error_forbidden: Přístup odepřen
+  error_not_found: Nenalezeno
+
   button_add: Přidat
 
   ministery_justice_name: Ministerstvo spravedlnosti ČR
@@ -34,6 +37,7 @@ cs:
   notice_logout: Byl/a jste úspěšně odhlášen/a
   notice_signeup_with_mail: Registrace proběhla úspěšně, byl Vám odeslán potvrzovací e-mail, prosím zkontrolujte svou poštu.
   notice_password_changed: Vaše heslo bylo úspěšně změněno
+  notice_reset_email_sent: E-mail s instrukcemi pro změnu hesla byl odeslán na zadanou e-mailovou adresu.
   success_user_confirm: Váše e-mailová adresa byla potvrzena. Nyní se již můžete přihlásit.
   error_password_expired: Platnost vašeho hesla vypršela. Prosím změňte ho.
   warning_password_not_changed: Heslo nebylo změněno, zadali jste všechna hesla správně?
@@ -54,6 +58,8 @@ cs:
   label_actions: Akce
   label_done: hotovo
   label_add_group_member: Přidat uživatele
+  label_forgotten_password: Zapomněli jste heslo?
+  label_reset_password: Obnova hesla
 
   text_born_on_at: "Narozen %{date} v %{place}"
 
@@ -123,8 +129,10 @@ cs:
       password: Heslo
     password_change:
       current_password: Současné heslo
-      password: Heslo
+      password: Nové heslo
       password_confirmation: Potvrzení hesla
+    reset_password:
+      mail: E-mailová adresa
 
   submits: &my_submits
     password_change:

data/config/routes.rb

@@ -22,7 +22,14 @@ EgovUtils::Engine.routes.draw do
   end
   resources :roles
 
-  resources :passwords
+  resources :passwords, only: [:index, :edit, :update] do
+    collection do
+      get 'reset'
+      post 'send_reset_token'
+    end
+  end
+  get 'passwords/new/:token', to: 'passwords#new', as: 'new_password'
+  post 'passwords/:token', to: 'passwords#create', as: 'create_password'
 
   # post '/auth/:provider/callback', to: 'sessions#create'
 

data/lib/egov_utils/settings.rb

@@ -15,9 +15,14 @@ module EgovUtils
       allow_register
     end
 
+    def allow_password_reset?
+      allow_register? && allow_password_reset
+    end
+
   end
 
   Settings['allow_register'] ||= false
+  Settings['allow_password_reset'] ||= true
 
   Settings['redmine'] ||= Settingslogic.new({})
   Settings['redmine']['enabled'] ||= false

data/lib/egov_utils/user_utils/application_controller_patch.rb

@@ -50,6 +50,15 @@ module EgovUtils
         render 'common/modal_action'
       end
 
+      def render_404(exception = nil)
+        respond_to do |format|
+          format.json { head :not_found, content_type: 'text/html' }
+          format.html { render template: "errors/error_404", error: exception.try('message'), status: 404 }
+          format.js   { head :not_found, content_type: 'text/html' }
+        end
+        return false
+      end
+
       protected
         def find_current_user
           # existing session

data/lib/egov_utils/version.rb

@@ -1,3 +1,3 @@
 module EgovUtils
-  VERSION = '0.2.12'
+  VERSION = '0.2.13'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: egov_utils
 version: !ruby/object:Gem::Version
-  version: 0.2.12
+  version: 0.2.13
 platform: ruby
 authors:
 - Ondřej Ezr
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-21 00:00:00.000000000 Z
+date: 2018-03-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -438,6 +438,7 @@ files:
 - app/views/egov_utils/groups/show.html.haml
 - app/views/egov_utils/passwords/edit.html.haml
 - app/views/egov_utils/passwords/new.html.haml
+- app/views/egov_utils/passwords/reset.html.haml
 - app/views/egov_utils/people/_form.html.haml
 - app/views/egov_utils/redmine/issues/index.html.haml
 - app/views/egov_utils/roles/index.html.haml
@@ -448,6 +449,8 @@ files:
 - app/views/egov_utils/user_mailer/confirmation_email.text.erb
 - app/views/egov_utils/user_mailer/password_change_info.html.erb
 - app/views/egov_utils/user_mailer/password_change_info.text.erb
+- app/views/egov_utils/user_mailer/password_reset.html.erb
+- app/views/egov_utils/user_mailer/password_reset.text.erb
 - app/views/egov_utils/users/_form.html.haml
 - app/views/egov_utils/users/_ldap_search.html.haml
 - app/views/egov_utils/users/_users_tab.html.haml
@@ -455,6 +458,7 @@ files:
 - app/views/egov_utils/users/new.html.haml
 - app/views/egov_utils/users/show.html.haml
 - app/views/errors/error_403.html.haml
+- app/views/errors/error_404.html.haml
 - app/views/layouts/egov_utils/_messages.html.haml
 - app/views/layouts/egov_utils/application.html.erb
 - app/views/layouts/egov_utils/mailer.html.erb