From d1b17ba9ccb459f34993b7d7a67d027d334782b5 Mon Sep 17 00:00:00 2001
From: Martin Edenhofer <me@edenhofer.de>
Date: Sun, 10 Feb 2013 22:38:35 +0100
Subject: [PATCH] Added password change to profile page.

---
 .../_application_controller_form.js.coffee    |  9 +--
 .../controllers/_profile/password.js.coffee   | 61 +++++++++++++++++++
 .../app/controllers/_settings/area.js.coffee  |  4 +-
 .../app/controllers/profile.js.coffee         | 33 ++++++----
 .../app/controllers/reset_password.js.coffee  |  2 -
 .../app/controllers/settings.js.coffee        |  2 -
 .../javascripts/app/views/profile.jst.eco     |  2 -
 .../app/views/profile/password.jst.eco        |  7 +++
 app/controllers/users_controller.rb           | 43 +++++++++++++
 config/routes/user.rb                         | 13 ++--
 db/seeds.rb                                   | 20 +++++-
 11 files changed, 163 insertions(+), 33 deletions(-)
 create mode 100644 app/assets/javascripts/app/controllers/_profile/password.js.coffee
 create mode 100644 app/assets/javascripts/app/views/profile/password.jst.eco

diff --git a/app/assets/javascripts/app/controllers/_application_controller_form.js.coffee b/app/assets/javascripts/app/controllers/_application_controller_form.js.coffee
index 93312f8a6..1eb8526fc 100644
--- a/app/assets/javascripts/app/controllers/_application_controller_form.js.coffee
+++ b/app/assets/javascripts/app/controllers/_application_controller_form.js.coffee
@@ -37,10 +37,11 @@ class App.ControllerForm extends App.Controller
               attribute.value = @params[attribute.name]
 
           # rename display and name to _confirm
-          attribute.display = attribute.display + ' (confirm)'
-          attribute.name = attribute.name + '_confirm';
-          item = @formGenItem( attribute, @model.className, fieldset )
-          item.appendTo(fieldset)
+          if !attribute.single
+            attribute.display = attribute.display + ' (confirm)'
+            attribute.name = attribute.name + '_confirm';
+            item = @formGenItem( attribute, @model.className, fieldset )
+            item.appendTo(fieldset)
 
     # return form
     return fieldset
diff --git a/app/assets/javascripts/app/controllers/_profile/password.js.coffee b/app/assets/javascripts/app/controllers/_profile/password.js.coffee
new file mode 100644
index 000000000..1c12a4abb
--- /dev/null
+++ b/app/assets/javascripts/app/controllers/_profile/password.js.coffee
@@ -0,0 +1,61 @@
+class App.ProfilePassword extends App.Controller
+  events:
+    'submit form': 'update'
+
+  constructor: ->
+    super
+    return if !@authenticate()
+    @render()
+
+  render: =>
+
+    # item
+    html = $( App.view('profile/password')() )
+
+    configure_attributes = [
+      { name: 'password_old', display: 'Current Password', tag: 'input', type: 'password', limit: 100, null: false, class: 'input span4', single: true  },
+      { name: 'password_new', display: 'New Password',     tag: 'input', type: 'password', limit: 100, null: false, class: 'input span4',  },
+    ]
+
+    @form = new App.ControllerForm(
+      el:        html.find('.password_item')
+      model:     { configure_attributes: configure_attributes }
+      autofocus: false
+    )
+    @html html
+
+  update: (e) =>
+    e.preventDefault()
+    params = @formParam(e.target)
+    error = @form.validate(params)
+    if error
+      @formValidate( form: e.target, errors: error )
+      return false
+
+    @formDisable(e)
+
+    # get data
+    App.Com.ajax(
+      id:   'password_reset'
+      type: 'POST'
+      url:  'api/users/password_change'
+      data: JSON.stringify(params)
+      processData: true
+      success: @success
+      error:   @error
+    )
+
+  success: (data, status, xhr) =>
+    @render()
+    @notify(
+      type: 'success'
+      msg:  App.i18n.translateContent( 'Password changed successfully!' )
+    )
+
+  error: (xhr, status, error) =>
+    @render()
+    data = JSON.parse( xhr.responseText )
+    @notify(
+      type: 'error'
+      msg:  App.i18n.translateContent( data.message )
+    )
diff --git a/app/assets/javascripts/app/controllers/_settings/area.js.coffee b/app/assets/javascripts/app/controllers/_settings/area.js.coffee
index cff6083ab..154c16528 100644
--- a/app/assets/javascripts/app/controllers/_settings/area.js.coffee
+++ b/app/assets/javascripts/app/controllers/_settings/area.js.coffee
@@ -1,5 +1,3 @@
-$ = jQuery.sub()
-
 class App.SettingsArea extends App.Controller
   constructor: ->
     super
@@ -23,7 +21,7 @@ class App.SettingsArea extends App.Controller
 
 class App.SettingsAreaItem extends App.Controller
   events:
-    'submit form': 'update',
+    'submit form': 'update'
 
   constructor: ->
     super
diff --git a/app/assets/javascripts/app/controllers/profile.js.coffee b/app/assets/javascripts/app/controllers/profile.js.coffee
index e6cc60cd8..11e04369a 100644
--- a/app/assets/javascripts/app/controllers/profile.js.coffee
+++ b/app/assets/javascripts/app/controllers/profile.js.coffee
@@ -1,21 +1,32 @@
-class Index extends App.Controller
-#  events:
-#    'focusin [data-type=edit]':     'edit_in'
+class Index extends App.ControllerLevel2
+  toggleable: false
+#  toggleable: true
 
   constructor: ->
     super
-    
-    # set title
-    @title 'Profile'
 
+    return if !@authenticate()
+
+    @menu = [
+      { name: 'Password',       'target': 'password', controller: App.ProfilePassword, params: {} },
+      { name: 'Language',       'target': 'language', controller: App.ProfileLinkedAccounts, params: { area: 'Ticket::Number' } },
+      { name: 'Link Accounts',  'target': 'accounts', controller: App.ProfileLinkedAccounts, params: { area: 'Ticket::Number' } },
+#      { name: 'Notifications',  'target': 'notify',   controller: App.SettingsArea, params: { area: 'Ticket::Number' } },
+    ] 
+    @page = {
+      title:     'Profile',
+      head:      'Profile',
+      sub_title: 'Settings'
+      nav:       '#profile',
+    }
+
+    # render page
     @render()
-    
-    @navupdate '#profile'
 
-    
-  render: ->
-    @html App.view('profile')()
+#  render: ->
+#    @html App.view('profile')()
 
 
+App.Config.set( 'profile/:target', Index, 'Routes' )
 App.Config.set( 'profile', Index, 'Routes' )
 App.Config.set( 'Profile', { prio: 1700, parent: '#current_user', name: 'Profile', target: '#profile', role: [ 'Agent', 'Customer' ] }, 'NavBarRight' )
diff --git a/app/assets/javascripts/app/controllers/reset_password.js.coffee b/app/assets/javascripts/app/controllers/reset_password.js.coffee
index 0f0cf7a8e..03b9dd2e2 100644
--- a/app/assets/javascripts/app/controllers/reset_password.js.coffee
+++ b/app/assets/javascripts/app/controllers/reset_password.js.coffee
@@ -1,5 +1,3 @@
-$ = jQuery.sub()
-
 class Index extends App.Controller
   className: 'container'
 
diff --git a/app/assets/javascripts/app/controllers/settings.js.coffee b/app/assets/javascripts/app/controllers/settings.js.coffee
index 6fb46a34a..b4f51c0b0 100644
--- a/app/assets/javascripts/app/controllers/settings.js.coffee
+++ b/app/assets/javascripts/app/controllers/settings.js.coffee
@@ -1,5 +1,3 @@
-$ = jQuery.sub()
-
 class Index extends App.ControllerLevel2
   toggleable: false
 #  toggleable: true
diff --git a/app/assets/javascripts/app/views/profile.jst.eco b/app/assets/javascripts/app/views/profile.jst.eco
index a6fb0afd4..64cd44a11 100644
--- a/app/assets/javascripts/app/views/profile.jst.eco
+++ b/app/assets/javascripts/app/views/profile.jst.eco
@@ -1,14 +1,12 @@
 <div class="page-header">
   <h1><%- @T( 'Profile' ) %><small></small></h1>
 </div>
-<!--
 <ul>
   <li><%- @T( 'Password' ) %></li>
   <li><%- @T( 'Link Accounts' ) %></li>
   <li><%- @T( 'Notifications' ) %></li>
   <li></li>
 </ul>
--->
     <div class="container">
       <div class="row">
         <div class="span12">
diff --git a/app/assets/javascripts/app/views/profile/password.jst.eco b/app/assets/javascripts/app/views/profile/password.jst.eco
new file mode 100644
index 000000000..eb579d8c1
--- /dev/null
+++ b/app/assets/javascripts/app/views/profile/password.jst.eco
@@ -0,0 +1,7 @@
+<form class="">
+  <h2><%- @T( 'Password' ) %></h2>
+  <p><%- @T( 'Change your password.' ) %></p>
+  <div class="password_item"></div>
+  <button type="submit" class="btn"><%- @T( 'Submit' ) %></button>
+</form>
+<hr/>
\ No newline at end of file
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 2e5189eda..8c0ca0903 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -375,4 +375,47 @@ curl http://localhost/api/users/password_reset_verify.json -v -u #{login}:#{pass
     end
   end
 
+=begin
+
+Resource:
+POST /api/users/password_change
+
+Payload:
+{
+  "password_old": "some_password_old",
+  "password_new" "some_password_new"
+}
+
+Response:
+{
+  :message => 'ok'
+}
+
+Test:
+curl http://localhost/api/users/password_change.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"password_old": "password_old", "password_new" "password_new"}'
+
+=end
+
+  def password_change
+
+    # check old password
+    if !params[:password_old]
+      render :json => { :message => 'Old password needed!' }, :status => :unprocessable_entity
+      return  
+    end
+    user = User.authenticate( current_user.login, params[:password_old] )
+    if !user
+      render :json => { :message => 'Old password is wrong!' }, :status => :unprocessable_entity
+      return  
+    end
+
+    # set new password
+    if !params[:password_new]
+      render :json => { :message => 'New password needed!' }, :status => :unprocessable_entity
+      return  
+    end
+    user.update_attributes( :password => params[:password_new] )
+    render :json => { :message => 'ok', :user_login => user.login }, :status => :ok
+  end
+
 end
diff --git a/config/routes/user.rb b/config/routes/user.rb
index 1e6d2b52b..8073fd212 100644
--- a/config/routes/user.rb
+++ b/config/routes/user.rb
@@ -2,13 +2,14 @@ module ExtraRoutes
   def add(map)
 
     # users
-    map.match '/api/users/search',                :to => 'users#search', :via => [:get, :post]
-    map.match '/api/users/password_reset',        :to => 'users#password_reset_send', :via => :post
+    map.match '/api/users/search',                :to => 'users#search',                :via => [:get, :post]
+    map.match '/api/users/password_reset',        :to => 'users#password_reset_send',   :via => :post
     map.match '/api/users/password_reset_verify', :to => 'users#password_reset_verify', :via => :post
-    map.match '/api/users',                       :to => 'users#index',  :via => :get
-    map.match '/api/users/:id',                   :to => 'users#show',   :via => :get
-    map.match '/api/users',                       :to => 'users#create', :via => :post
-    map.match '/api/users/:id',                   :to => 'users#update', :via => :put
+    map.match '/api/users/password_change',       :to => 'users#password_change',       :via => :post
+    map.match '/api/users',                       :to => 'users#index',                 :via => :get
+    map.match '/api/users/:id',                   :to => 'users#show',                  :via => :get
+    map.match '/api/users',                       :to => 'users#create',                :via => :post
+    map.match '/api/users/:id',                   :to => 'users#update',                :via => :put
 
   end
   module_function :add
diff --git a/db/seeds.rb b/db/seeds.rb
index 8deb2d12d..72defe176 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -512,7 +512,7 @@ Setting.create_if_not_exists(
   :title       => 'Maximal failed logins',
   :name        => 'password_max_login_failed',
   :area        => 'Security::Password',
-  :description => 'Maximal faild logins after account is inactive.',
+  :description => 'Maximal failed logins after account is inactive.',
   :options     => {
     :form => [
       {
@@ -529,12 +529,19 @@ Setting.create_if_not_exists(
           9 => 9,
           10 => 10,
           11 => 11,
-          12 => 12,
+          13 => 13,
+          14 => 14,
+          15 => 15,
+          16 => 16,
+          17 => 17,
+          18 => 18,
+          19 => 19,
+          20 => 20,
         },
       },
     ],
   },
-  :state    => 6,
+  :state    => 10,
   :frontend => true
 )
 
@@ -1738,6 +1745,13 @@ Translation.create_if_not_exists( :locale => 'de', :source => "Week", :target =>
 Translation.create_if_not_exists( :locale => 'de', :source => "Follow up possible", :target => "Nachfrage möglich", :updated_by_id => 1, :created_by_id => 1  )
 Translation.create_if_not_exists( :locale => 'de', :source => "Assign Follow Ups", :target => "Zuweisung bei Nachfrage", :updated_by_id => 1, :created_by_id => 1  )
 Translation.create_if_not_exists( :locale => 'de', :source => "Signature", :target => "Signatur", :updated_by_id => 1, :created_by_id => 1  )
+Translation.create_if_not_exists( :locale => 'de', :source => "Change your password.", :target => "Ändern sie Ihr Passwort.", :updated_by_id => 1, :created_by_id => 1  )
+Translation.create_if_not_exists( :locale => 'de', :source => "Current Password", :target => "Aktuelles Passwort", :updated_by_id => 1, :created_by_id => 1  )
+Translation.create_if_not_exists( :locale => 'de', :source => "New Password", :target => "Neues Passwort", :updated_by_id => 1, :created_by_id => 1  )
+Translation.create_if_not_exists( :locale => 'de', :source => "New Password (confirm)", :target => "Neues Passwort (bestätigen)", :updated_by_id => 1, :created_by_id => 1  )
+Translation.create_if_not_exists( :locale => 'de', :source => "Language", :target => "Sprache", :updated_by_id => 1, :created_by_id => 1  )
+Translation.create_if_not_exists( :locale => 'de', :source => "", :target => "", :updated_by_id => 1, :created_by_id => 1  )
+Translation.create_if_not_exists( :locale => 'de', :source => "", :target => "", :updated_by_id => 1, :created_by_id => 1  )
 
 
 #Translation.create_if_not_exists( :locale => 'de', :source => "", :target => "", :updated_by_id => 1, :created_by_id => 1  )