iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

review changes

This commit is contained in:
msquare 2020-11-24 17:27:21 +01:00 committed by Igor Scheller
parent 27331b4cf6
commit 39f96783cf
17 changed files with 223 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/controller/users_controller.php
View File

@ -75,7 +75,7 @@ function user_delete_controller()
&& $auth->verifyPassword($user, $request->postData('password'))
)) {
$valid = false;
error(__('Your password is incorrect. Please try it again.'));
error(__('auth.password.error'));
}
if ($valid) {

3
includes/sys_form.php
View File

@ -321,8 +321,9 @@ function form_password($name, $label, $disabled = false)
return form_element(
$label,
sprintf(
'<input class="form-control" id="form_%1$s" type="password" name="%1$s" value=""%s/>',
'<input class="form-control" id="form_%1$s" type="password" name="%1$s" minlength="%2$s" value=""%3$s/>',
$name,
config('min_password_length'),
$disabled
),
'form_' . $name

2
includes/view/User_view.php
View File

@ -7,6 +7,7 @@ use Engelsystem\Models\Worklog;
use Engelsystem\Renderer\Renderer;
use Illuminate\Support\Collection;
use Illuminate\Support\Str;
use Engelsystem\Controllers\SettingsController;
/**
* Renders user settings page
@ -44,6 +45,7 @@ function User_settings_view(
'pages/settings/settings.twig',
[
'title' => 'settings.profile',
'settings_menu' => app()->make(SettingsController::class)->settingsMenu(),
'content' =>
msg()
. div('row', [

5
resources/lang/de_DE/additional.po
View File

@ -27,7 +27,10 @@ msgid "validation.email.email"
msgstr "Die E-Mail-Adresse ist nicht gültig."
msgid "validation.password.min"
msgstr "Dein angegebenes Passwort ist zu kurz."
msgstr "Dein neues Passwort ist zu kurz."
msgid "validation.new_password.min"
msgstr "Dein neues Passwort ist zu kurz."
msgid "validation.password.confirmed"
msgstr "Deine Passwörter stimmen nicht überein."

42
resources/lang/de_DE/default.po
View File

@ -775,7 +775,7 @@ msgid "You cannot delete yourself."
msgstr "Du kannst Dich nicht selber löschen."
#: includes/controller/users_controller.php:76
msgid "Your password is incorrect. Please try it again."
msgid "auth.password.error"
msgstr "Dein Passwort stimmt nicht. Bitte probiere es nochmal."
#: includes/controller/users_controller.php:85
@ -1578,10 +1578,6 @@ msgstr "Bitte gib Deine E-Mail-Adresse ein."
msgid "Please select your shirt size."
msgstr "Bitte wähle Deine T-Shirt Größe."
#: includes/pages/guest_login.php:124 includes/pages/user_settings.php:117
msgid "Your passwords don't match."
msgstr "Deine Passwörter stimmen nicht überein."
#: includes/pages/guest_login.php:129
#, php-format
msgid "Your password is too short (please use at least %s characters)."
@ -2491,22 +2487,6 @@ msgstr "Geplanter Abreisetag"
msgid "Please visit the angeltypes page to manage your angeltypes."
msgstr "Bitte benutze die Engeltypen-Seite um deine Engeltypen zu verwalten."
#: includes/view/User_view.php:89
msgid "Here you can change your password."
msgstr "Hier kannst Du Dein Passwort ändern."
#: includes/view/User_view.php:90
msgid "Old password:"
msgstr "Altes Passwort:"
#: includes/view/User_view.php:91
msgid "New password:"
msgstr "Neues Passwort:"
#: includes/view/User_view.php:92
msgid "Password confirmation:"
msgstr "Passwort wiederholen:"
#: includes/view/User_view.php:96
msgid "Here you can choose your color settings:"
msgstr "Hier kannst Du das Aussehen auswählen:"
@ -2896,6 +2876,9 @@ msgstr "Treffen"
msgid "news.edit.message"
msgstr "Nachricht"
msgid "news.preview"
msgstr "Vorschau"
msgid "form.search"
msgstr "Suchen"
@ -2918,8 +2901,23 @@ msgstr "Einstellungen"
msgid "settings.password"
msgstr "Passwort"
msgid "settings.password.info"
msgstr "Hier kannst Du Dein Passwort ändern."
msgid "settings.password.password"
msgstr "Altes Passwort"
msgid "settings.password.new_password"
msgstr "Neues Passwort"
msgid "settings.password.new_password2"
msgstr "Passwort wiederholen"
msgid "settings.password.success"
msgstr "Passwort wurde erfolgreich geändert."
msgid "settings.oauth"
msgstr "Single-Sign-On"
msgstr "Single Sign-On"
msgid "settings.oauth.identity-provider"
msgstr "Login-Dienst"

5
resources/lang/en_US/additional.po
View File

@ -25,7 +25,10 @@ msgid "validation.email.email"
msgstr "This email address is not valid."
msgid "validation.password.min"
msgstr "Your password is too short."
msgstr "Your new password is too short."
msgid "validation.new_password.min"
msgstr "Your new password is too short."
msgid "validation.password.confirmed"
msgstr "Your passwords are not equal."

22
resources/lang/en_US/default.po
View File

@ -21,6 +21,8 @@ msgstr ""
#~ msgid "auth.no-password"
#~ msgstr "Please enter a password."
msgid "auth.password.error"
msgstr "Your password is incorrect. Please try it again."
msgid "form.submit"
msgstr "Submit"
@ -163,6 +165,9 @@ msgstr "Meeting"
msgid "news.edit.message"
msgstr "Message"
msgid "news.preview"
msgstr "Preview"
msgid "form.search"
msgstr "Search"
@ -184,8 +189,23 @@ msgstr "Settings"
msgid "settings.password"
msgstr "Password"
msgid "settings.password.info"
msgstr "Here you can change your password."
msgid "settings.password.password"
msgstr "Old password"
msgid "settings.password.new_password"
msgstr "New passwort"
msgid "settings.password.new_password2"
msgstr "Password confirmation"
msgid "settings.password.success"
msgstr "Password was changed successfully."
msgid "settings.oauth"
msgstr "Single-Sign-On"
msgstr "Single Sign-On"
msgid "settings.oauth.identity-provider"
msgstr "Identity provider"

4
resources/views/macros/base.twig
View File

@ -23,3 +23,7 @@
{{ label }}
</a>
{% endmacro %}
{% macro info(text) %}
<span class="help-block">{{ _self.glyphicon('info-sign') }}{{ text }}</span>
{%- endmacro %}

6
resources/views/macros/form.twig
View File

@ -7,6 +7,7 @@
type="{{ type|default('text') }}" class="form-control"
id="{{ name }}" name="{{ name }}"
value="{{ opt.value|default('')|escape('html_attr') }}"
{%- if opt.min is defined %} minlength="{{ opt.min }}"{% endif %}
{%- if opt.required|default(false) %}
required
{%- endif -%}
@ -77,8 +78,3 @@
{% macro submit(label, opt) %}
{{ _self.button(label|default(__('form.submit')), opt|default({})|merge({'type': 'submit'})) }}
{%- endmacro %}
{% macro info(text) %}
{% import 'macros/base.twig' as m %}
<span class="help-block">{{ m.glyphicon('info-sign') }}{{ text }}</span>
{%- endmacro %}

2
resources/views/pages/news/edit.twig
View File

@ -62,7 +62,7 @@
{% if news %}
<div class="row">
<div class="col-md-12">
<h2>{{ __('Preview') }}</h2>
<h2>{{ __('news.preview') }}</h2>
<div class="panel {% if not news.is_meeting %}panel-default{% else %}panel-info{% endif %}">
<div class="panel-heading">

4
resources/views/pages/password/reset-form.twig
View File

@ -7,8 +7,8 @@
<form action="" enctype="multipart/form-data" method="post">
{{ csrf() }}
{{ f.input('password', __('Password'), 'password', {'required': true}) }}
{{ f.input('password_confirmation', __('Confirm password'), 'password', {'required': true}) }}
{{ f.input('password', __('Password'), 'password', {'min': min_length, 'required': true}) }}
{{ f.input('password_confirmation', __('Confirm password'), 'password', {'min': min_length, 'required': true}) }}
<div class="form-group">
{{ f.submit(__('Save')) }}

12
resources/views/pages/settings/password.twig
View File

@ -10,24 +10,24 @@
<div class="row">
<div class="col-md-12">
{{ f.info(__('Here you can change your password.')) }}
{{ m.info(__('settings.password.info')) }}
{{ f.input(
'password',
__('Old password:'),
__('settings.password.password'),
'password',
{'required': true}
) }}
{{ f.input(
'new_password',
__('New password:'),
__('settings.password.new_password'),
'password',
{'required': true}
{'min': min_length, 'required': true}
) }}
{{ f.input(
'new_password2',
__('Password confirmation:'),
__('settings.password.new_password2'),
'password',
{'required': true}
{'min': min_length, 'required': true}
) }}
{{ f.submit() }}
</div>

8
resources/views/pages/settings/settings.twig
View File

@ -12,13 +12,9 @@
<div class="row">
<div class="col-md-3 settings-menu">
<ul class="nav nav-pills nav-stacked">
{% for url,title in {
(url('/user-settings')): __('settings.profile'),
(url('/settings/password')): __('settings.password'),
(url('/settings/oauth')): __('settings.oauth'),
} %}
{% for url,title in settings_menu %}
<li{% if url == request.url() %} class="active"{% endif %}>
<a href="{{ url }}">{{ title }}</a>
<a href="{{ url }}">{{ __(title) }}</a>
</li>
{% endfor %}
</ul>

5
src/Controllers/PasswordResetController.php
View File

@ -103,7 +103,10 @@ class PasswordResetController extends BaseController
{
$this->requireToken($request);
return $this->showView('pages/password/reset-form');
return $this->showView(
'pages/password/reset-form',
['min_length' => config('min_password_length')]
);
}
/**

64
src/Controllers/SettingsController.php
View File

@ -45,11 +45,11 @@ class SettingsController extends BaseController
Redirector $redirector,
Response $response
) {
$this->auth = $auth;
$this->config = $config;
$this->log = $log;
$this->redirect = $redirector;
$this->response = $response;
$this->auth = $auth;
$this->config = $config;
$this->log = $log;
$this->redirect = $redirector;
$this->response = $response;
}
/**
@ -58,31 +58,38 @@ class SettingsController extends BaseController
public function password(): Response
{
return $this->response->withView(
'pages/settings/password.twig',
$this->getNotifications()
'pages/settings/password',
[
'settings_menu' => $this->settingsMenu(),
'min_length' => config('min_password_length')
] + $this->getNotifications()
);
}
/**
* @param Request $request
* @return Response
*/
public function savePassword(Request $request): Response
{
$user = $this->auth->user();
if (
!$request->has('password')
|| !$this->auth->verifyPassword($user, $request->postData('password'))
) {
$this->addNotification('-> not OK. Please try again.', 'errors');
} elseif (strlen($request->postData('new_password')) < config('min_password_length')) {
$this->addNotification('Your password is to short (please use at least 6 characters).', 'errors');
} elseif ($request->postData('new_password') != $request->postData('new_password2')) {
$this->addNotification('Your passwords don\'t match.', 'errors');
} else {
$this->auth->setPassword($user, $request->postData('new_password'));
$minLength = config('min_password_length');
$data = $this->validate($request, [
'password' => 'required',
'new_password' => 'required|min:' . $minLength,
'new_password2' => 'required'
]);
$this->addNotification('Password saved.');
if (!$this->auth->verifyPassword($user, $data['password'])) {
$this->addNotification('auth.password.error', 'errors');
} elseif ($data['new_password'] != $data['new_password2']) {
$this->addNotification('validation.password.confirmed', 'errors');
} else {
$this->auth->setPassword($user, $data['new_password']);
$this->addNotification('settings.password.success');
$this->log->info('User set new password.');
}
@ -100,10 +107,27 @@ class SettingsController extends BaseController
}
return $this->response->withView(
'pages/settings/oauth.twig',
'pages/settings/oauth',
[
'settings_menu' => $this->settingsMenu(),
'providers' => $providers,
] + $this->getNotifications(),
);
}
/**
* @return array
*/
public function settingsMenu(): array
{
$menu = [
url('/user-settings') => 'settings.profile',
url('/settings/password') => 'settings.password'
];
if (!empty(config('oauth'))) {
$menu[url('/settings/oauth')] = 'settings.oauth';
}
return $menu;
}
}

1
tests/Unit/Controllers/PasswordResetControllerTest.php
View File

@ -104,6 +104,7 @@ class PasswordResetControllerTest extends TestCase
{
$this->initDatabase();
$this->app->instance('config', new Config(['min_password_length' => 3]));
$user = $this->createUser();
$token = $this->createToken($user);
$request = new Request([], [], ['token' => $token->token]);

183
tests/Unit/Controllers/SettingsControllerTest.php
View File

@ -19,6 +19,8 @@ use Psr\Log\Test\TestLogger;
use Engelsystem\Http\UrlGeneratorInterface;
use Engelsystem\Http\UrlGenerator;
use Engelsystem\Models\User\User;
use Engelsystem\Http\Validation\Validator;
use Engelsystem\Http\Exceptions\ValidationException;
class SettingsControllerTest extends TestCase
{
@ -51,7 +53,7 @@ class SettingsControllerTest extends TestCase
$this->response->expects($this->once())
->method('withView')
->willReturnCallback(function ($view, $data) {
$this->assertEquals('pages/settings/password.twig', $view);
$this->assertEquals('pages/settings/password', $view);
return $this->response;
});
@ -73,26 +75,20 @@ class SettingsControllerTest extends TestCase
];
$this->request = $this->request->withParsedBody($body);
$this->auth->expects($this->once())
->method('user')
->willReturn($this->user);
$this->auth->expects($this->once())
->method('verifyPassword')
->with($this->user, 'password')
->willReturn(true);
$this->auth->expects($this->once())
->method('setPassword')
->with($this->user, 'newpassword');
$this->response->expects($this->once())
->method('redirectTo')
->with('http://localhost/settings/password')
->willReturn($this->response);
$this->setExpects($this->auth, 'user', null, $this->user, $this->once());
$this->setExpects($this->auth, 'verifyPassword', [$this->user, 'password'], true, $this->once());
$this->setExpects($this->auth, 'setPassword', [$this->user, 'newpassword'], null, $this->once());
$this->setExpects(
$this->response,
'redirectTo',
['http://localhost/settings/password'],
$this->response,
$this->once()
);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->setValidator(new Validator());
$controller->savePassword($this->request);
$this->assertTrue($this->log->hasInfoThatContains('User set new password.'));
@ -100,7 +96,7 @@ class SettingsControllerTest extends TestCase
/** @var Session $session */
$session = $this->app->get('session');
$messages = $session->get('messages');
$this->assertEquals('Password saved.', $messages[0]);
$this->assertEquals('settings.password.success', $messages[0]);
}
/**
@ -115,31 +111,26 @@ class SettingsControllerTest extends TestCase
];
$this->request = $this->request->withParsedBody($body);
$this->auth->expects($this->once())
->method('user')
->willReturn($this->user);
$this->auth->expects($this->once())
->method('verifyPassword')
->with($this->user, 'wrongpassword')
->willReturn(false);
$this->auth->expects($this->never())
->method('setPassword');
$this->response->expects($this->once())
->method('redirectTo')
->with('http://localhost/settings/password')
->willReturn($this->response);
$this->setExpects($this->auth, 'user', null, $this->user, $this->once());
$this->setExpects($this->auth, 'verifyPassword', [$this->user, 'wrongpassword'], false, $this->once());
$this->setExpects($this->auth, 'setPassword', null, null, $this->never());
$this->setExpects(
$this->response,
'redirectTo',
['http://localhost/settings/password'],
$this->response,
$this->once()
);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->setValidator(new Validator());
$controller->savePassword($this->request);
/** @var Session $session */
$session = $this->app->get('session');
$errors = $session->get('errors');
$this->assertEquals('-> not OK. Please try again.', $errors[0]);
$this->assertEquals('auth.password.error', $errors[0]);
}
/**
@ -154,70 +145,69 @@ class SettingsControllerTest extends TestCase
];
$this->request = $this->request->withParsedBody($body);
$this->auth->expects($this->once())
->method('user')
->willReturn($this->user);
$this->auth->expects($this->once())
->method('verifyPassword')
->with($this->user, 'password')
->willReturn(true);
$this->auth->expects($this->never())
->method('setPassword');
$this->response->expects($this->once())
->method('redirectTo')
->with('http://localhost/settings/password')
->willReturn($this->response);
$this->setExpects($this->auth, 'user', null, $this->user, $this->once());
$this->setExpects($this->auth, 'verifyPassword', [$this->user, 'password'], true, $this->once());
$this->setExpects($this->auth, 'setPassword', null, null, $this->never());
$this->setExpects(
$this->response,
'redirectTo',
['http://localhost/settings/password'],
$this->response,
$this->once()
);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->setValidator(new Validator());
$controller->savePassword($this->request);
/** @var Session $session */
$session = $this->app->get('session');
$errors = $session->get('errors');
$this->assertEquals('Your passwords don\'t match.', $errors[0]);
$this->assertEquals('validation.password.confirmed', $errors[0]);
}
/**
* @return array
*/
public function savePasswordValidationProvider(): array
{
return [
[null, 'newpassword', 'newpassword'],
['password', null, 'newpassword'],
['password', 'newpassword', null],
['password', 'short', 'short']
];
}
/**
* @covers \Engelsystem\Controllers\SettingsController::savePassword
* @dataProvider savePasswordValidationProvider
* @param string $password
* @param string $new_password
* @param string $new_password2
*/
public function testSavePasswordInvalidNewPassword()
{
public function testSavePasswordValidation(
?string $password,
?string $newPassword,
?string $newPassword2
) {
$body = [
'password' => 'password',
'new_password' => 'short',
'new_password2' => 'short'
'password' => $password,
'new_password' => $newPassword,
'new_password2' => $newPassword2
];
$this->request = $this->request->withParsedBody($body);
$this->auth->expects($this->once())
->method('user')
->willReturn($this->user);
$this->setExpects($this->auth, 'user', null, $this->user, $this->once());
$this->setExpects($this->auth, 'setPassword', null, null, $this->never());
$this->auth->expects($this->once())
->method('verifyPassword')
->with($this->user, 'password')
->willReturn(true);
$this->auth->expects($this->never())
->method('setPassword');
$this->response->expects($this->once())
->method('redirectTo')
->with('http://localhost/settings/password')
->willReturn($this->response);
$this->expectException(ValidationException::class);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->setValidator(new Validator());
$controller->savePassword($this->request);
/** @var Session $session */
$session = $this->app->get('session');
$errors = $session->get('errors');
$this->assertEquals('Your password is to short (please use at least 6 characters).', $errors[0]);
}
/**
@ -231,7 +221,7 @@ class SettingsControllerTest extends TestCase
$this->response->expects($this->once())
->method('withView')
->willReturnCallback(function ($view, $data) use ($providers) {
$this->assertEquals('pages/settings/oauth.twig', $view);
$this->assertEquals('pages/settings/oauth', $view);
$this->assertArrayHasKey('information', $data);
$this->assertArrayHasKey('providers', $data);
$this->assertEquals($providers, $data['providers']);
@ -258,6 +248,40 @@ class SettingsControllerTest extends TestCase
$controller->oauth();
}
/**
* @covers \Engelsystem\Controllers\SettingsController::settingsMenu
*/
public function testSettingsMenuWithOAuth()
{
$providers = ['foo' => ['lorem' => 'ipsum']];
config(['oauth' => $providers]);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$this->assertEquals([
'http://localhost/user-settings' => 'settings.profile',
'http://localhost/settings/password' => 'settings.password',
'http://localhost/settings/oauth' => 'settings.oauth'
], $controller->settingsMenu());
}
/**
* @covers \Engelsystem\Controllers\SettingsController::settingsMenu
*/
public function testSettingsMenuWithoutOAuth()
{
config(['oauth' => []]);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$this->assertEquals([
'http://localhost/user-settings' => 'settings.profile',
'http://localhost/settings/password' => 'settings.password'
], $controller->settingsMenu());
}
/**
* Setup environment
*/
@ -279,6 +303,7 @@ class SettingsControllerTest extends TestCase
$this->app->instance(Response::class, $this->response);
$this->app->bind(UrlGeneratorInterface::class, UrlGenerator::class);
$this->app->bind('http.urlGenerator', UrlGenerator::class);
$this->log = new TestLogger();
$this->app->instance(LoggerInterface::class, $this->log);