Added email verify feature for self signup accounts.

This commit is contained in:
Martin Edenhofer 2016-06-01 16:58:11 +02:00
parent 2ac873886e
commit 5adba8c9d0
14 changed files with 405 additions and 50 deletions

View file

@ -223,7 +223,7 @@ class App.Controller extends Spine.Controller
# remember requested url
if !checkOnly
location = window.location.hash
if location isnt '#login' && location isnt '#logout' && location isnt '#keyboard_shortcuts'
if location && location isnt '#login' && location isnt '#logout' && location isnt '#keyboard_shortcuts'
@Config.set('requested_url', location)
return false if checkOnly
@ -559,16 +559,20 @@ class App.Controller extends Spine.Controller
return if !@initLoadingDoneDelay
@clearDelay(@initLoadingDoneDelay)
renderScreenSuccess: (data) ->
App.TaskManager.touch(@task_key) if @task_key
@html App.view('generic/error/success')(data)
renderScreenError: (data) ->
App.TaskManager.touch(@task_key)
App.TaskManager.touch(@task_key) if @task_key
@html App.view('generic/error/generic')(data)
renderScreenNotFound: (data) ->
App.TaskManager.touch(@task_key)
App.TaskManager.touch(@task_key) if @task_key
@html App.view('generic/error/not_found')(data)
renderScreenUnauthorized: (data) ->
App.TaskManager.touch(@task_key)
App.TaskManager.touch(@task_key) if @task_key
@html App.view('generic/error/unauthorized')(data)
locationVerify: (e) =>

View file

@ -0,0 +1,55 @@
class Index extends App.Controller
constructor: ->
super
return if !@authenticate()
@verifyCall()
verifyCall: =>
@ajax(
id: 'email_verify'
type: 'POST'
url: @apiPath + '/users/email_verify'
data: JSON.stringify(token: @token)
processData: true
success: @success
error: @error
)
success: =>
new Success(el: @el)
error: =>
new Fail(el: @el)
class Success extends App.ControllerContent
constructor: ->
super
@render()
# rerender view, e. g. on language change
@bind 'ui:rerender', =>
@render()
render: =>
@renderScreenSuccess(
detail: 'Woo hoo! Your email is verified!'
)
delay = =>
@navigate '#'
@delay(delay, 20500)
class Fail extends App.ControllerContent
constructor: ->
super
@render()
# rerender view, e. g. on language change
@bind 'ui:rerender', =>
@render()
render: =>
@renderScreenError(
detail: 'Unable to verify email. Please contact your administrator.'
)
App.Config.set('email_verify/:token', Index, 'Routes')

View file

@ -105,10 +105,10 @@ class Verify extends App.ControllerContent
url: @apiPath + '/users/password_reset_verify'
data: JSON.stringify(params)
processData: true
success: @render_change
success: @renderChange
)
render_change: (data) =>
renderChange: (data) =>
if data.message is 'ok'
configure_attributes = [
{ name: 'password', display: 'Password', tag: 'input', type: 'password', limit: 100, null: false, class: 'input', },
@ -161,10 +161,10 @@ class Verify extends App.ControllerContent
url: @apiPath + '/users/password_reset_verify'
data: JSON.stringify(params)
processData: true
success: @render_changed
success: @renderChanged
)
render_changed: (data, status, xhr) =>
renderChanged: (data, status, xhr) =>
if data.message is 'ok'
App.Auth.login(
data:

View file

@ -49,6 +49,7 @@ class Widget extends App.Controller
.on 'blur.translation', '.translation', (e) ->
element = $(e.target)
source = element.attr('title')
return if !source
# get new translation
translation_new = element.text()
@ -62,6 +63,7 @@ class Widget extends App.Controller
App.i18n.setMap(source, translation_new)
# replace rest in page
source = source.replace('\'', '\\\'')
$(".translation[title='#{source}']").text(translation_new)
# update permanent translation mapString

View file

@ -0,0 +1,82 @@
class Widget extends App.Controller
constructor: ->
# for browser test
App.Event.bind('user_signup_verify', (user) ->
new Modal(user: user)
'user_signup_verify'
)
App.Event.bind('auth:login', (user) =>
return if !user
@verifyLater(user.id)
'user_signup_verify'
)
currentUserId = App.Session.get('id')
return if !currentUserId
@verifyLater(currentUserId)
verifyLater: (userId) =>
delay = =>
@verify(userId)
@delay(delay, 5000, 'user_signup_verify_dialog')
verify: (userId) ->
return if !userId
user = App.User.find(userId)
return if user.source isnt 'signup'
return if user.verified is true
currentTime = new Date().getTime()
createdAt = Date.parse(user.created_at)
diff = currentTime - createdAt
max = 1000 * 60 * 30 # show message if account is older then 30 minutes
return if diff < max
new Modal(user: user)
class Modal extends App.ControllerModal
backdrop: false
keyboard: false
head: 'Account not verified'
small: true
buttonClose: false
buttonCancel: false
buttonSubmit: 'Resend verification email'
constructor: ->
super
content: =>
if !@sent
return App.i18n.translateContent('Your account is not verified. Please click the link in the verification email.')
content = App.i18n.translateContent('We\'ve sent an email to _%s_. Click the link in the email to verify your account.', @user.email)
content += '<br><br>'
content += App.i18n.translateContent('If you don\'t see the email, check other places it might be, like your junk, spam, social, or other folders.')
content
onSubmit: =>
@ajax(
id: 'email_verify_send'
type: 'POST'
url: @apiPath + '/users/email_verify_send'
data: JSON.stringify(email: @user.email)
processData: true
success: @success
error: @error
)
success: (data) =>
@sent = true
@update()
# if in developer mode, redirect to verify
if data.token && @Config.get('developer_mode') is true
redirect = =>
@close()
@navigate "#email_verify/#{data.token}"
App.Delay.set(redirect, 4000)
error: =>
@contentInline = App.i18n.translateContent('Unable to send verify email.')
@update()
App.Config.set('user_signup', Widget, 'Widgets')

View file

@ -1,4 +1,4 @@
<div class="fullscreenMessage">
<%- @Icon('diagonal-cross', 'icon-error') %>
<h2><% if @status isnt undefined: %><%- @T('Status Code') %>: <%= @status %>. <% end %><%= @detail %></h2>
<h2><% if @status isnt undefined: %><%- @T('Status Code') %>: <%= @status %>. <% end %><%- @T(@detail) %></h2>
</div>

View file

@ -0,0 +1,4 @@
<div class="fullscreenMessage">
<%- @Icon('checkmark') %>
<h2><%- @T(@detail) %></h2>
</div>

View file

@ -73,6 +73,10 @@ class UsersController < ApplicationController
# if it's a signup, add user to customer role
if !current_user
if !params[:signup]
render json: { error_human: 'Only signup is possible!' }, status: :unprocessable_entity
return
end
user.updated_by_id = 1
user.created_by_id = 1
@ -100,6 +104,9 @@ class UsersController < ApplicationController
user.role_ids = role_ids
user.group_ids = group_ids
# remember source (in case show email verify banner)
user.source = 'signup'
# else do assignment as defined
else
@ -150,14 +157,11 @@ class UsersController < ApplicationController
# send email verify
if params[:signup] && !current_user
token = Token.create(action: 'EmailVerify', user_id: user.id)
result = User.signup_new_token(user)
NotificationFactory::Mailer.notification(
template: 'signup',
user: user,
objects: {
token: token,
user: user,
}
objects: result
)
end
user_new = User.find(user.id).attributes_with_associations
@ -393,6 +397,106 @@ class UsersController < ApplicationController
=begin
Resource:
POST /api/v1/users/email_verify
Payload:
{
"token": "SoMeToKeN",
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/email_verify.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"token": "SoMeToKeN"}'
=end
def email_verify
if !params[:token]
render json: { message: 'No token!' }, status: :unprocessable_entity
return
end
user = User.signup_verify_via_token(params[:token], current_user)
if !user
render json: { message: 'Invalid token!' }, status: :unprocessable_entity
return
end
render json: { message: 'ok', user_email: user.email }, status: :ok
end
=begin
Resource:
POST /api/v1/users/email_verify_send
Payload:
{
"email": "some_email@example.com"
}
Response:
{
:message => 'ok'
}
Test:
curl http://localhost/api/v1/users/email_verify_send.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"email": "some_email@example.com"}'
=end
def email_verify_send
if !params[:email]
render json: { message: 'No email!' }, status: :unprocessable_entity
return
end
# check is verify is possible to send
user = User.find_by(email: params[:email].downcase)
if !user
render json: { error_human: 'No such user!' }, status: :unprocessable_entity
return
end
#if user.verified == true
# render json: { error_human: 'Already verified!' }, status: :unprocessable_entity
# return
#end
token = Token.create(action: 'Signup', user_id: user.id)
result = User.signup_new_token(user)
if result && result[:token]
user = result[:user]
NotificationFactory::Mailer.notification(
template: 'signup',
user: user,
objects: result
)
# only if system is in develop mode, send token back to browser for browser tests
if Setting.get('developer_mode') == true
render json: { message: 'ok', token: result[:token].name }, status: :ok
return
end
# token sent to user, send ok to browser
render json: { message: 'ok' }, status: :ok
return
end
# unable to generate token
render json: { message: 'failed' }, status: :ok
end
=begin
Resource:
POST /api/v1/users/password_reset

View file

@ -81,7 +81,6 @@ cleanup old token
loop do
self.name = SecureRandom.hex(30)
break if !Token.exists?(name: name)
end
end

View file

@ -375,7 +375,7 @@ returns
=begin
reset reset password with token and set new password
reset password with token and set new password
result = User.password_reset_via_token(token,password)
@ -423,6 +423,63 @@ returns
=begin
generate new token for signup
result = User.signup_new_token(user) # or email
returns
result = {
token: token,
user: user,
}
=end
def self.signup_new_token(user)
return if !user
return if !user.email
# generate token
token = Token.create(action: 'Signup', user_id: user.id)
{
token: token,
user: user,
}
end
=begin
verify signup with token
result = User.signup_verify_via_token(token, user)
returns
result = user_model # user_model if token was verified
=end
def self.signup_verify_via_token(token, user = nil)
# check token
local_user = Token.check(action: 'Signup', name: token)
return if !local_user
# if requested user is different to current user
return if user && local_user.id != user.id
# set verified
local_user.update_attributes(verified: true)
# delete token
Token.find_by(action: 'Signup', name: token).destroy
local_user
end
=begin
merge two users to one
user = User.find(123)

View file

@ -22,4 +22,7 @@ Zammad::Application.routes.draw do
match api_path + '/users/:id', to: 'users#update', via: :put
match api_path + '/users/image/:hash', to: 'users#image', via: :get
match api_path + '/users/email_verify', to: 'users#email_verify', via: :post
match api_path + '/users/email_verify_send', to: 'users#email_verify_send', via: :post
end

View file

@ -3,7 +3,7 @@ require 'browser_test_helper'
class SignupPasswordChangeAndResetTest < TestCase
def test_signup
signup_user_email = 'signup-test-' + rand(999_999).to_s + '@example.com'
signup_user_email = "signup-test-#{rand(999_999)}@example.com"
@browser = browser_instance
location(url: browser_url)
click(css: 'a[href="#signup"]')
@ -41,6 +41,51 @@ class SignupPasswordChangeAndResetTest < TestCase
attribute: 'title',
)
# check email verify
location(url: "#{browser_url}#email_verify/not_existing")
watch_for(
css: '#content',
value: 'Unable to verify email',
)
logout()
login(
username: signup_user_email,
password: 'some-pass',
url: "#{browser_url}#email_verify/not_existing2",
)
watch_for(
css: '#content',
value: 'Unable to verify email',
)
execute(
js: 'App.Event.trigger("user_signup_verify", App.Session.get())',
)
watch_for(
css: '.modal',
value: 'Account not verified',
)
click(css: '.modal .js-submit')
execute(
js: 'App.Auth.logout()',
)
sleep 6
watch_for(
css: '#login',
)
login(
username: signup_user_email,
password: 'some-pass',
)
watch_for(
css: '#content',
value: 'Your email is verified',
)
exists_not(
css: '.modal',
)
sleep 2
# change password
click(css: '.navbar-items-personal .user a')
sleep 1