From 49998ee5b78a2bad0922875e280147caf488f04f Mon Sep 17 00:00:00 2001
From: Karol Selak <karol.selak@gmail.com>
Date: Sun, 21 Mar 2021 10:36:09 +0100
Subject: [PATCH] password recovery wip

---
 app/controllers/users_controller.rb           | 25 +++++++++++++++++++
 app/mailers/user_mailer.rb                    |  9 +++++++
 app/views/sessions/welcome.html.erb           |  1 +
 .../user_mailer/password_recovery.html.erb    |  1 +
 app/views/users/password_recovery.html.erb    |  9 +++++++
 .../users/password_recovery_email.html.erb    |  4 +++
 .../send_password_recovery_email.html.erb     |  1 +
 config/routes.rb                              |  4 +++
 ...401_add_password_recovery_code_to_users.rb |  5 ++++
 db/schema.rb                                  |  3 ++-
 spec/mailers/previews/user_mailer_preview.rb  |  4 +++
 spec/mailers/user_mailer_spec.rb              |  5 ++++
 12 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 app/mailers/user_mailer.rb
 create mode 100644 app/views/user_mailer/password_recovery.html.erb
 create mode 100644 app/views/users/password_recovery.html.erb
 create mode 100644 app/views/users/password_recovery_email.html.erb
 create mode 100644 app/views/users/send_password_recovery_email.html.erb
 create mode 100644 db/migrate/20210320233401_add_password_recovery_code_to_users.rb
 create mode 100644 spec/mailers/previews/user_mailer_preview.rb
 create mode 100644 spec/mailers/user_mailer_spec.rb

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 9392fc5..1e36920 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -8,4 +8,29 @@ class UsersController < ApplicationController
     session[:user_id] = @user.id
     redirect_to '/welcome'
   end
+
+  def send_password_recovery_email
+    @user = User.where(email: params['email']).first
+    UserMailer.with(user: @user).password_recovery.deliver_now
+  end
+
+  def password_recovery_email
+  end
+
+  def password_recovery
+    @recovery_code = params[:recovery_code]
+    @user_id = params[:id]
+  end
+
+  def recover_password
+    user = User.find(params[:user_id])
+    if user.password_recovery_code == params[:recovery_code]
+      user.password = params[:password]
+      user.password_confirmation = params[:repeated_password]
+      user.password_recovery_code = nil
+      if user.save
+        redirect_to '/welcome'
+      end
+    end
+  end
 end
diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb
new file mode 100644
index 0000000..a72456e
--- /dev/null
+++ b/app/mailers/user_mailer.rb
@@ -0,0 +1,9 @@
+class UserMailer < ApplicationMailer
+  def password_recovery
+    @user = params[:user]
+    recovery_code = ('a'..'z').to_a.shuffle[0,8].join
+    @user.update(password_recovery_code: recovery_code)
+    @url  = "http://localhost:18210/password_recovery/#{@user.id}/#{recovery_code}"
+    mail(to: @user.email, subject: 'Password recovery')
+  end
+end
diff --git a/app/views/sessions/welcome.html.erb b/app/views/sessions/welcome.html.erb
index b97e9cf..a7e9d6e 100644
--- a/app/views/sessions/welcome.html.erb
+++ b/app/views/sessions/welcome.html.erb
@@ -5,4 +5,5 @@
 <%else%>
   <%= button_to "Login", '/login', method: :get%>
   <%= button_to "Sign Up", '/users/new', method: :get%>
+  <%= button_to "Password recovery", '/password_recovery', method: :get%>
 <%end%>
diff --git a/app/views/user_mailer/password_recovery.html.erb b/app/views/user_mailer/password_recovery.html.erb
new file mode 100644
index 0000000..b89c984
--- /dev/null
+++ b/app/views/user_mailer/password_recovery.html.erb
@@ -0,0 +1 @@
+Please click the link to recover your password: <%= @url %>
\ No newline at end of file
diff --git a/app/views/users/password_recovery.html.erb b/app/views/users/password_recovery.html.erb
new file mode 100644
index 0000000..7cc567b
--- /dev/null
+++ b/app/views/users/password_recovery.html.erb
@@ -0,0 +1,9 @@
+Recover password
+
+<%= form_with url: "/recover_password", method: :post do |form| %>
+  <%= form.text_field :password %>
+  <%= form.text_field :repeated_password %>
+  <%= form.hidden_field :recovery_code, :value => @recovery_code %>
+  <%= form.hidden_field :user_id, :value => @user_id %>
+  <%= form.submit "Change password" %>
+<% end %>
\ No newline at end of file
diff --git a/app/views/users/password_recovery_email.html.erb b/app/views/users/password_recovery_email.html.erb
new file mode 100644
index 0000000..60b2904
--- /dev/null
+++ b/app/views/users/password_recovery_email.html.erb
@@ -0,0 +1,4 @@
+<%= form_with url: "/password_recovery", method: :post do |form| %>
+  <%= form.text_field :email %>
+  <%= form.submit "Send email" %>
+<% end %>
\ No newline at end of file
diff --git a/app/views/users/send_password_recovery_email.html.erb b/app/views/users/send_password_recovery_email.html.erb
new file mode 100644
index 0000000..18e5a7b
--- /dev/null
+++ b/app/views/users/send_password_recovery_email.html.erb
@@ -0,0 +1 @@
+Recovery email sent.
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 4c00a41..e9dfcbe 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -4,5 +4,9 @@ Rails.application.routes.draw do
   get 'logout', to: 'sessions#delete'
   post 'login', to: 'sessions#create'
   get 'welcome', to: 'sessions#welcome'
+  get 'password_recovery/:id/:recovery_code', to: 'users#password_recovery'
+  get 'password_recovery', to: 'users#password_recovery_email'
+  post 'password_recovery', to: 'users#send_password_recovery_email'
+  post 'recover_password', to: 'users#recover_password'
   resources :books
 end
diff --git a/db/migrate/20210320233401_add_password_recovery_code_to_users.rb b/db/migrate/20210320233401_add_password_recovery_code_to_users.rb
new file mode 100644
index 0000000..157cd56
--- /dev/null
+++ b/db/migrate/20210320233401_add_password_recovery_code_to_users.rb
@@ -0,0 +1,5 @@
+class AddPasswordRecoveryCodeToUsers < ActiveRecord::Migration[6.1]
+  def change
+    add_column :users, :password_recovery_code, :string
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 7240eeb..4bcc3dc 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2021_03_20_212922) do
+ActiveRecord::Schema.define(version: 2021_03_20_233401) do
 
   create_table "authors", force: :cascade do |t|
     t.string "first_name"
@@ -43,6 +43,7 @@ ActiveRecord::Schema.define(version: 2021_03_20_212922) do
     t.string "password_digest"
     t.datetime "created_at", precision: 6, null: false
     t.datetime "updated_at", precision: 6, null: false
+    t.string "password_recovery_code"
   end
 
 end
diff --git a/spec/mailers/previews/user_mailer_preview.rb b/spec/mailers/previews/user_mailer_preview.rb
new file mode 100644
index 0000000..56c816a
--- /dev/null
+++ b/spec/mailers/previews/user_mailer_preview.rb
@@ -0,0 +1,4 @@
+# Preview all emails at http://localhost:3000/rails/mailers/user
+class UserMailerPreview < ActionMailer::Preview
+
+end
diff --git a/spec/mailers/user_mailer_spec.rb b/spec/mailers/user_mailer_spec.rb
new file mode 100644
index 0000000..4a78b85
--- /dev/null
+++ b/spec/mailers/user_mailer_spec.rb
@@ -0,0 +1,5 @@
+require "rails_helper"
+
+RSpec.describe UserMailer, type: :mailer do
+  pending "add some examples to (or delete) #{__FILE__}"
+end