Add api for password resets

Author: nygrenh

app/controllers/api/v8/users/password_reset_controller.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Api
+  module V8
+    module Users
+      class PasswordResetController < Api::V8::BaseController
+        skip_authorization_check
+
+        def create
+          @email = params['email'].to_s.strip
+          if @email.empty?
+            return render json: {
+              success: false,
+              errors: 'No email address provided'
+            }
+          end
+
+          user = User.find_by_email(@email)
+          unless user
+            return render json: {
+              success: false,
+              errors: 'No such email address registered'
+            }
+          end
+
+          key = ActionToken.generate_password_reset_key_for(user)
+          # TODO: Whitelist origins
+          PasswordResetKeyMailer.reset_link_email(user, key, params['origin']).deliver
+          render json: {
+            success: true
+          }
+        end
+
+      end
+    end
+  end
+end

app/mailers/password_reset_key_mailer.rb

@@ -1,8 +1,10 @@
 class PasswordResetKeyMailer < ActionMailer::Base
-  def reset_link_email(user, key)
+  def reset_link_email(user, key, origin = nil)
+    @user = user
+    @origin = origin
     settings = SiteSetting.value('emails')
 
-    subject = '[TMC] Password Reset'
+    subject = 'Reset your mooc.fi account password'
     @url = settings['baseurl'].sub(/\/+$/, '') + '/reset_password/' + key.token
     mail(from: settings['from'], to: user.email, subject: subject)
   end

app/views/password_reset_key_mailer/reset_link_email.html.erb

@@ -4,7 +4,7 @@
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 </head>
 <body>
-  <p>Please go to the following URL to change your password</p>
+  <p>Someone requested a password reset for your mooc.fi account <%= @user.login %>.<%= @origin ? " The request originated from '#{@origin}'." : '' %> Please proceed to the following URL to change your password</p>
 
   <a href="<%= @url %>"><%= @url %></a>
 

app/views/password_reset_key_mailer/reset_link_email.text.erb

@@ -1,4 +1,4 @@
-Please go to the following URL to change your password
+Someone requested a password reset for your mooc.fi account <%= @user.login %>.<% @origin.nil? ? '' : " The request originated from #{@origin}." %> Please proceed to the following URL to change your password
 
 <%= @url %>
 

config/routes.rb

@@ -44,6 +44,10 @@
 
       resources :users, only: [:show, :create]
 
+      namespace :users do
+        resources :password_reset, only: [:create]
+      end
+
       resources :organizations, param: :slug, path: 'org', only: %i{index show} do
         resources :courses, module: :organizations, param: :name, only: :show do
           resources :points, module: :courses, only: :index