Merge pull request Human-Connection#22 from Human-Connection/feature/password-reset

Feature/password reset

Author: appinteractive

config/local.example.json

@@ -4,14 +4,9 @@
   "baseURL": "http://localhost:3030",
   "frontURL": "http://localhost:3000",
   "smtpConfig": {
-    "host": "localhost",
+    "host": "0.0.0.0",
     "port": 1025,
-    "secure": false,
-    "ignoreTLS": true,
-    "auth": {
-      "user": "",
-      "pass": ""
-    }
+    "ignoreTLS": true
   },
   "thumbor": {
     "url": "",

email-templates/account/password-reset/de/style.scss

@@ -1 +1 @@
-@import '../../layout/common';
+@import '../../../layout/common';

email-templates/account/password-reset/en/style.scss

@@ -1 +1 @@
-@import '../../layout/common';
+@import '../../../layout/common';

email-templates/account/reset-password/de/html.hbs

@@ -20,12 +20,12 @@
 			</tr>
 			<tr>
 				<td class="aligncenter content-block">
-					Wenn du diese Nachricht ignorierst bleibt dein passwort wie es ist.
+					Wenn du diese Nachricht ignorierst, bleibt dein Passwort wie es ist.
 				</td>
 			</tr>
 			<tr>
 				<td class="aligncenter content-block" itemprop="handler" itemscope itemtype="http://schema.org/HttpActionHandler">
-          Wenn du es nicht warst der dein Passwort zurücksetzen wollte <a href='mailto:{{returnEmail}}?subject=I did not reset my password&body=Someone unauthorized sent this reset password request.'>lass es uns wissen!</a>
+          Wenn du es nicht warst, der dein Passwort zurücksetzen wollte, <a href='mailto:{{returnEmail}}?subject=I did not reset my password&body=Someone unauthorized sent this reset password request.'>lass es uns wissen!</a>
 				</td>
 			</tr>
 			<tr>

email-templates/account/reset-password/de/style.scss

@@ -1 +1 @@
-@import '../../layout/common';
+@import '../../../layout/common';

email-templates/account/reset-password/en/style.scss

@@ -1 +1 @@
-@import '../../layout/common';
+@import '../../../layout/common';

server/services/auth-management/notifier.js

@@ -37,14 +37,33 @@ module.exports = function (app) {
       )
     );
 
+    let language = user.userSettings ? user.userSettings.uiLanguage : user.language || 'en';
+
     const templatePath = path.join(
       __dirname,
       '../../../email-templates/account',
       templatename,
-      user.language || 'en'
+      language
     );
 
-    const hashLink = getLink(linktype, user.verifyToken || null);
+    let token;
+
+    switch (linktype) {
+    case 'invite-email':
+      token = user.verifyToken;
+      break;
+    case 'verify':
+      token = user.verifyToken;
+      break;
+    case 'reset':
+      token = user.resetToken;
+      break;
+    case 'verifyChanges':
+      token = user.changeToken;
+      break;
+    }
+
+    const hashLink = getLink(linktype, token || null);
     const frontURL = app.get('frontURL');
     const backURL = app.get('baseURL');
 
@@ -62,7 +81,7 @@ module.exports = function (app) {
       name: user.name || user.email,
       email: user.email,
       code: user.code || null,
-      language: user.language || 'en',
+      language: language,
       link: hashLink,
       returnEmail: returnEmail,
       frontURL,
@@ -95,9 +114,7 @@ module.exports = function (app) {
     if (app.get('debug')) {
       const filename = String(Date.now()) + '.html';
       const filepath = path.join(__dirname, '../../../tmp/emails/', filename);
-      fs.outputFile(filepath, email.html).catch(err => {
-        app.error('Error saving email', err);
-      });
+      fs.outputFileSync(filepath, email.html);
     }
 
     return app
@@ -124,23 +141,31 @@ module.exports = function (app) {
           user
         );
       case 'resendVerifySignup':
-        return buildEmail('verify-email', 'Confirm signup', 'verify', user);
+        return buildEmail(
+          'verify-email',
+          'Confirm signup',
+          'verify',
+          user);
       case 'verifySignup':
         return buildEmail(
           'email-verified',
           'Email address verified',
           'verify',
           user
         );
-      case 'resetPwd':
-        return buildEmail('reset-password', 'Password reset', 'reset', user);
       case 'sendResetPwd':
         return buildEmail(
-          'password-was-reset',
-          'Your password was reset',
+          'reset-password',
+          'Password reset',
           'reset',
           user
         );
+      case 'resetPwd':
+        return buildEmail(
+          'password-reset',
+          'Your password was reset',
+          'reset',
+          user);
       case 'passwordChange':
         return buildEmail(
           'password-change',

server/services/users/users.hooks.js

@@ -49,12 +49,25 @@ const candosSchema = {
   }
 };
 
+const userSettingsPrivateSchema = {
+  include: {
+    service: 'usersettings',
+    nameAs: 'userSettings',
+    parentField: '_id',
+    childField: 'userId',
+    asArray: false
+  }
+};
+
 const userSettingsSchema = {
   include: {
     service: 'usersettings',
     nameAs: 'userSettings',
     parentField: '_id',
     childField: 'userId',
+    query: {
+      $select: ['uiLanguage', 'contentLanguages'],
+    },
     asArray: false
   }
 };
@@ -139,6 +152,7 @@ module.exports = {
     all: [
       populate({ schema: badgesSchema }),
       populate({ schema: candosSchema }),
+      populate({ schema: userSettingsSchema }),
       cleanupBasicData
     ],
     find: [
@@ -147,15 +161,12 @@ module.exports = {
     ],
     get: [
       thumbnails(thumbnailOptions),
-
       // remove personal data if its not the current authenticated user
-      iff(isProvider('external'),
-        when(isOwnEntry(false), [
-          cleanupPersonalData
-        ])
+      iff(isOwnEntry(false),
+        cleanupPersonalData,
       ),
       iff(isOwnEntry(),
-        populate({ schema: userSettingsSchema })
+        populate({ schema: userSettingsPrivateSchema })
       )
     ],
     create: [

test/services/auth-management.test.js

@@ -1,10 +1,73 @@
 const assert = require('assert');
 const app = require('../../server/app');
+const service = app.service('authManagement');
+const userService = app.service('users');
+const fs = require('fs-extra');
+const path = require('path');
+const cheerio = require('cheerio');
+let user = null;
 
 describe('\'authManagement\' service', () => {
-  it('registered the service', () => {
-    const service = app.service('authManagement');
+  before(function(done) {
+    this.server = app.listen(3031);
+    this.server.once('listening', () => done());
+  });
+
+  after(function(done) {
+    this.server.close(done);
+  });
+
+  beforeEach(async () => {
+    await app.get('mongooseClient').connection.dropDatabase();
+    user = await userService.create({
+      email: '[email protected]',
+      password: '1234',
+      name: 'Peter',
+      role: 'admin'
+    });
+  });
+
+  afterEach(async () => {
+    await app.get('mongooseClient').connection.dropDatabase();
+    user = null;
+  });
 
+  it('registered the service', () => {
     assert.ok(service, 'Registered the service');
   });
+
+  it('can reset password', async () => {
+    await service.create({
+      action: 'sendResetPwd',
+      value: {
+        email: user.email
+      }
+    });
+
+    const token = await getTokenFromMail();
+
+    const result = await service.create({
+      action: 'resetPwdLong',
+      value: {
+        token,
+        password: '123456'
+      }
+    });
+    assert.ok(result, 'password can be reset');
+  });
 });
+
+const getTokenFromMail = async () => {
+  // Get token from tmp email file
+  const mailDir = path.join(__dirname, '../../tmp/emails');
+  const fileName = await fs.readdirSync(mailDir)[0];
+  const mailFile = path.join(mailDir, fileName);
+  const mailContent = await fs.readFileSync(mailFile, 'utf8');
+  const $ = await cheerio.load(mailContent);
+  let url;
+  await $('a.btn-primary').each((i, el) => {
+    url = el.attribs['href'];
+  });
+  const token = url.split('/').pop();
+  return token;
+};