[Feature - Reset Password Flow] - added new ENVs, pages, routes, rails and stimulus controllers and mailer. New tests and fixtures added.

Author: milos-dukic

app/assets/stylesheets/messages.css

@@ -593,3 +593,9 @@ img.message__attachment {
     inline-size: 1.4em;
   }
 }
+
+/* Reset password */
+.reset-password-alert {
+  color: var(--color-negative);
+  visibility: hidden;
+}

app/controllers/sessions/password_resets_controller.rb

@@ -0,0 +1,51 @@
+class Sessions::PasswordResetsController < ApplicationController
+  allow_unauthenticated_access
+
+  before_action :require_smpt
+
+  def index
+  end
+  def new
+  end
+
+  def show
+    @password_reset_id = params[:id]
+    @user = User.find_by_password_reset_id(@password_reset_id)
+
+    redirect_to root_url unless @user
+  end
+
+  def update
+    @user = User.find_by_password_reset_id(password_reset_params[:password_reset_id])
+
+    redirect_to root_url unless @user
+    redirect_to root_url unless password_reset_params[:new_password] == password_reset_params[:confirm_new_password]
+
+    @user.update(password: password_reset_params[:new_password])
+
+    redirect_to new_session_path
+  end
+
+  def create
+    email = params[:email_address]
+    password_reset_url = session_password_reset_url(find_user_by_email(email).password_reset_id)
+
+    PasswordResetMailer.with(email: email, url: password_reset_url).password_reset_email.deliver_later
+
+    redirect_to new_session_password_reset_path
+  end
+
+  private
+
+  def require_smpt
+    redirect_to root_url unless helpers.smtp_enabled?
+  end
+
+  def find_user_by_email(email)
+    User.find_by(email_address: email)
+  end
+
+  def password_reset_params
+    params.require(:user).permit(:new_password, :confirm_new_password, :password_reset_id)
+  end
+end

app/helpers/application_helper.rb

@@ -35,6 +35,15 @@ def link_back_to(destination)
     end
   end
 
+  def smtp_enabled?
+    Rails.application.config.feature_enable_smtp.present? &&
+    Rails.application.config.action_mailer.smtp_settings[:address].present? &&
+    Rails.application.config.action_mailer.smtp_settings[:port].present? &&
+    Rails.application.config.action_mailer.smtp_settings[:domain].present? &&
+    Rails.application.config.action_mailer.smtp_settings[:user_name].present? &&
+    Rails.application.config.action_mailer.smtp_settings[:password].present?
+  end
+
   private
     def admin_body_class
       "admin" if Current.user&.can_administer?

app/javascript/controllers/password_reset_controller.js

@@ -0,0 +1,38 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = [ "resetPasswordInput", "resetPasswordConfirmInput", "resetPasswordError", "resetPasswordSubmit"]
+
+  resetPasswordCheckInputs() {
+    if(this.#checkResetInputsValues()) {
+      this.#hideErrorMessage()
+      this.#enableSubmitButton()
+    } else {
+      this.#showErrorMessage()
+      this.#disableSubmitButton()
+    }
+  }
+
+  #showErrorMessage() {
+    this.resetPasswordErrorTarget.style.visibility = "visible"
+  }
+
+  #hideErrorMessage() {
+    this.resetPasswordErrorTarget.style.visibility = "hidden"
+  }
+
+  #enableSubmitButton() {
+    this.resetPasswordSubmitTarget.disabled = false
+  }
+
+  #disableSubmitButton() {
+    this.resetPasswordSubmitTarget.disabled = true
+  }
+
+  #checkResetInputsValues() {
+    if (this.resetPasswordInputTarget.value.length < 0 || this.resetPasswordConfirmInputTarget.value.length < 0) return false
+    if (this.resetPasswordInputTarget.value !== this.resetPasswordConfirmInputTarget.value) return false
+
+    return true
+  }
+}

app/mailers/application_mailer.rb

@@ -0,0 +1,6 @@
+class ApplicationMailer < ActionMailer::Base
+  DEFAULT_BASE_FROM="[email protected]"
+
+  default from: ENV.fetch("SMTP_INFO_EMAIL_FROM", DEFAULT_BASE_FROM)
+  layout "mailer"
+end

app/mailers/password_reset_mailer.rb

@@ -0,0 +1,9 @@
+class PasswordResetMailer < ApplicationMailer
+  default from: ENV.fetch("SMTP_PASSWORD_RESET_EMAIL_FROM", DEFAULT_BASE_FROM)
+
+  def password_reset_email
+    @email = params[:email]
+    @url  = params[:url]
+    mail(to: @email, subject: "Campfire Reset Password")
+  end
+end

app/models/user.rb

@@ -1,5 +1,5 @@
 class User < ApplicationRecord
-  include Avatar, Bot, Mentionable, Role, Transferable
+  include Avatar, Bot, Mentionable, Role, Transferable, Resettable
 
   has_many :memberships, dependent: :delete_all
   has_many :rooms, through: :memberships

app/models/user/resettable.rb

@@ -0,0 +1,16 @@
+module User::Resettable
+  extend ActiveSupport::Concern
+
+  # RESET_PASSWORD_LINK_EXPIRY_DURATION = 5.minutes
+  RESET_PASSWORD_LINK_EXPIRY_DURATION = 5.hours
+
+  class_methods do
+    def find_by_password_reset_id(id)
+      find_signed(id, purpose: :password_reset)
+    end
+  end
+
+  def password_reset_id
+    signed_id(purpose: :password_reset, expires_in: RESET_PASSWORD_LINK_EXPIRY_DURATION)
+  end
+end

app/views/password_reset_mailer/password_reset_email.html.erb

@@ -0,0 +1,9 @@
+<h1>Reset Your Campfire Password</h1>
+<p>Hello,</p>
+<br>
+<p>You have requested a password reset for your Campfire account.</p>
+<p>
+  To reset your Campfire password, please click on this: <%= link_to 'link', @url %>.
+</p>
+<br>
+<p>Campfire</p>

app/views/password_reset_mailer/password_reset_email.text.erb

@@ -0,0 +1,9 @@
+Reset Your Campfire Password
+===============================================
+Hello,
+
+You have requested a password reset for your Campfire account.
+
+To reset your Campfire password, please click on this: <%= link_to 'link', @url %>.
+
+Campfire