iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add password settings page

This commit is contained in:
msquare 2020-11-23 20:41:02 +01:00 committed by Igor Scheller
parent ebab34ee67
commit d3265ef70a
14 changed files with 399 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/routes.php
View File

@ -20,6 +20,8 @@ $route->post('/oauth/{provider:\w+}/connect', 'OAuthController@connect');
$route->post('/oauth/{provider:\w+}/disconnect', 'OAuthController@disconnect'); $route->post('/oauth/{provider:\w+}/disconnect', 'OAuthController@disconnect');
// User settings // User settings
$route->get('/settings/password', 'SettingsController@password');
$route->post('/settings/password', 'SettingsController@savePassword');
$route->get('/settings/oauth', 'SettingsController@oauth'); $route->get('/settings/oauth', 'SettingsController@oauth');
// Password recovery // Password recovery

27
includes/pages/user_settings.php
View File

@ -101,31 +101,6 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes)
return $user_source; return $user_source;
} }
/**
* Change user password.
*
* @param User $user_source The user
*/
function user_settings_password($user_source)
{
$request = request();
$auth = auth();
if (
!$request->has('password')
|| !$auth->verifyPassword($user_source, $request->postData('password'))
) {
error(__('-> not OK. Please try again.'));
} elseif (strlen($request->postData('new_password')) < config('min_password_length')) {
error(__('Your password is to short (please use at least 6 characters).'));
} elseif ($request->postData('new_password') != $request->postData('new_password2')) {
error(__('Your passwords don\'t match.'));
} else {
$auth->setPassword($user_source, $request->postData('new_password'));
success(__('Password saved.'));
}
throw_redirect(page_link_to('user_settings'));
}
/** /**
* Change user theme * Change user theme
* *
@ -216,8 +191,6 @@ function user_settings()
$user_source = auth()->user(); $user_source = auth()->user();
if ($request->hasPostData('submit')) { if ($request->hasPostData('submit')) {
$user_source = user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes); $user_source = user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes);
} elseif ($request->hasPostData('submit_password')) {
user_settings_password($user_source);
} elseif ($request->hasPostData('submit_theme')) { } elseif ($request->hasPostData('submit_theme')) {
$user_source = user_settings_theme($user_source, $themes); $user_source = user_settings_theme($user_source, $themes);
} elseif ($request->hasPostData('submit_language')) { } elseif ($request->hasPostData('submit_language')) {

7
includes/view/User_view.php
View File

@ -107,13 +107,6 @@ function User_settings_view(
. button(url('/settings/oauth'), __('settings.oauth'), 'btn-primary') . button(url('/settings/oauth'), __('settings.oauth'), 'btn-primary')
: '' : ''
), ),
form([
form_info(__('Here you can change your password.')),
form_password('password', __('Old password:')),
form_password('new_password', __('New password:')),
form_password('new_password2', __('Password confirmation:')),
form_submit('submit_password', __('Save'))
]),
form([ form([
form_info(__('Here you can choose your color settings:')), form_info(__('Here you can choose your color settings:')),
form_select('theme', __('Color settings:'), $themes, $user_source->settings->theme), form_select('theme', __('Color settings:'), $themes, $user_source->settings->theme),

3
resources/lang/de_DE/additional.po
View File

@ -102,3 +102,6 @@ msgstr "Account nicht gefunden"
msgid "oauth.provider-not-found" msgid "oauth.provider-not-found"
msgstr "OAuth-Provider nicht gefunden" msgstr "OAuth-Provider nicht gefunden"
msgid "settings.profile"
msgstr "Profil"

8
resources/lang/de_DE/default.po
View File

@ -2915,8 +2915,14 @@ msgstr "Nachricht"
msgid "settings.settings" msgid "settings.settings"
msgstr "Einstellungen" msgstr "Einstellungen"
msgid "settings.password"
msgstr "Passwort"
msgid "settings.oauth" msgid "settings.oauth"
msgstr "OAuth Einstellungen" msgstr "Single-Sign-On"
msgid "settings.oauth.identity-provider"
msgstr "Login-Dienst"
msgid "oauth.login" msgid "oauth.login"
msgstr "Login mit OAuth" msgstr "Login mit OAuth"

3
resources/lang/en_US/additional.po
View File

@ -98,3 +98,6 @@ msgstr "Unable to find account"
msgid "oauth.provider-not-found" msgid "oauth.provider-not-found"
msgstr "Unable to find OAuth provider" msgstr "Unable to find OAuth provider"
msgid "settings.profile"
msgstr "Profile"

8
resources/lang/en_US/default.po
View File

@ -181,8 +181,14 @@ msgstr "Message"
msgid "settings.settings" msgid "settings.settings"
msgstr "Settings" msgstr "Settings"
msgid "settings.password"
msgstr "Password"
msgid "settings.oauth" msgid "settings.oauth"
msgstr "OAuth Settings" msgstr "Single-Sign-On"
msgid "settings.oauth.identity-provider"
msgstr "Identity provider"
msgid "oauth.login" msgid "oauth.login"
msgstr "Login using OAuth" msgstr "Login using OAuth"

2
resources/views/macros/form.twig
View File

@ -65,7 +65,7 @@
{%- endmacro %} {%- endmacro %}
{% macro button(label, opt) %} {% macro button(label, opt) %}
<button class="btn btn-{{ opt.btn_type|default('primary') }}" <button class="btn btn-{{ opt.btn_type|default('primary') }} btn-{{ opt.btn_size|default('m') }}"
{%- if opt.type is defined %} type="{{ opt.type }}"{% endif %} {%- if opt.type is defined %} type="{{ opt.type }}"{% endif %}
{%- if opt.name is defined %} name="{{ opt.name }}"{% endif %} {%- if opt.name is defined %} name="{{ opt.name }}"{% endif %}
{%- if opt.value is defined or opt.name is defined %} value="{{ opt.value|default('1') }}"{% endif -%} {%- if opt.value is defined or opt.name is defined %} value="{{ opt.value|default('1') }}"{% endif -%}

2
resources/views/pages/news/edit.twig
View File

@ -62,7 +62,7 @@
{% if news %} {% if news %}
<div class="row"> <div class="row">
<div class="col-md-12"> <div class="col-md-12">
<h2>Preview</h2> <h2>{{ __('Preview') }}</h2>
<div class="panel {% if not news.is_meeting %}panel-default{% else %}panel-info{% endif %}"> <div class="panel {% if not news.is_meeting %}panel-default{% else %}panel-info{% endif %}">
<div class="panel-heading"> <div class="panel-heading">

16
resources/views/pages/settings/oauth.twig
View File

@ -4,15 +4,21 @@
{% block title %}{{ __('settings.oauth') }}{% endblock %} {% block title %}{{ __('settings.oauth') }}{% endblock %}
{% block container_title %} {% block container_title %}
<h1 id="oauth-settings-title">{{ block('title') }}</h1> <h2 id="oauth-settings-title">{{ block('title') }}</h2>
{% endblock %} {% endblock %}
{% block row_content %} {% block row_content %}
<table class="table table-striped"> <table class="table table-striped">
<thead>
<tr>
<th>{{ __('settings.oauth.identity-provider') }}</th>
<th></th>
</tr>
</thead>
<tbody> <tbody>
{% for name,config in providers %} {% for name,config in providers %}
<tr{% if config.hidden|default(false) %} class="hidden"{% endif %}> <tr{% if config.hidden|default(false) %} class="hidden"{% endif %}>
<th> <td>
{% if config.url|default %} {% if config.url|default %}
<a href="{{ config.url }}" target="_blank" rel="noopener"> <a href="{{ config.url }}" target="_blank" rel="noopener">
{{ __(config.name|default(name|capitalize)) }} {{ __(config.name|default(name|capitalize)) }}
@ -20,19 +26,19 @@
{% else %} {% else %}
{{ __(config.name|default(name|capitalize)) }} {{ __(config.name|default(name|capitalize)) }}
{% endif %} {% endif %}
</th> </td>
<td> <td>
{% if not user.oauth.contains('provider', name) %} {% if not user.oauth.contains('provider', name) %}
<form method="POST" action="{{ url('/oauth/' ~ name ~ '/connect') }}"> <form method="POST" action="{{ url('/oauth/' ~ name ~ '/connect') }}">
{{ csrf() }} {{ csrf() }}
{{ f.submit(__('form.connect')) }} {{ f.submit(__('form.connect'), {'btn_size' : 'xs'}) }}
</form> </form>
{% else %} {% else %}
<form method="POST" action="{{ url('/oauth/' ~ name ~ '/disconnect') }}"> <form method="POST" action="{{ url('/oauth/' ~ name ~ '/disconnect') }}">
{{ csrf() }} {{ csrf() }}
{{ f.submit(__('form.disconnect'), {'btn_type': 'danger'}) }} {{ f.submit(__('form.disconnect'), {'btn_type': 'danger', 'btn_size' : 'xs'}) }}
</form> </form>
{% endif %} {% endif %}
</td> </td>

36
resources/views/pages/settings/password.twig Normal file
View File

@ -0,0 +1,36 @@
{% extends 'pages/settings/settings.twig' %}
{% import 'macros/form.twig' as f %}
{% import 'macros/base.twig' as m %}
{% block title %}{{ __('settings.password') }}{% endblock %}
{% block row_content %}
<form action="" enctype="multipart/form-data" method="post">
{{ csrf() }}
<div class="row">
<div class="col-md-12">
{{ m.alert(__('Here you can change your password.')) }}
{{ f.input(
'password',
__('Old password:'),
'password',
{'required': true}
) }}
{{ f.input(
'new_password',
__('New password:'),
'password',
{'required': true}
) }}
{{ f.input(
'new_password2',
__('Password confirmation:'),
'password',
{'required': true}
) }}
{{ f.submit() }}
</div>
</div>
</form>
{% endblock %}

17
resources/views/pages/settings/settings.twig
View File

@ -1,14 +1,17 @@
{% extends 'layouts/app.twig' %} {% extends 'layouts/app.twig' %}
{% import 'macros/base.twig' as m %}
{% block title %}{{ __('settings') }}{% endblock %} {% block title %}{{ __('settings') }}{% endblock %}
{% block content %} {% block content %}
<div class="container user-settings"> <div class="container user-settings">
<h1>{{ __('settings.settings') }}</h1>
<div class="row"> <div class="row">
<div class="col-md-2 settings-menu"> <div class="col-md-3 settings-menu">
<ul class="nav nav-pills nav-stacked"> <ul class="nav nav-pills nav-stacked">
{% for url,title in { {% for url,title in {
(url('/user-settings')): __('settings.settings'), (url('/user-settings')): __('settings.profile'),
(url('/settings/password')): __('settings.password'),
(url('/settings/oauth')): __('settings.oauth'), (url('/settings/oauth')): __('settings.oauth'),
} %} } %}
<li{% if url == request.url() %} class="active"{% endif %}> <li{% if url == request.url() %} class="active"{% endif %}>
@ -18,17 +21,15 @@
</ul> </ul>
</div> </div>
<div class="col-md-10"> <div class="col-md-9">
{% block container_title %} {% block container_title %}
<h1>{{ block('title') }}</h1> <h2>{{ block('title') }}</h2>
{% endblock %} {% endblock %}
{% include 'layouts/parts/messages.twig' %} {% include 'layouts/parts/messages.twig' %}
<div class="row"> {% block row_content %}
{% block row_content %} {% endblock %}
{% endblock %}
</div>
</div> </div>
</div> </div>
</div> </div>

65
src/Controllers/SettingsController.php
View File

@ -5,27 +5,88 @@ namespace Engelsystem\Controllers;
use Engelsystem\Config\Config; use Engelsystem\Config\Config;
use Engelsystem\Http\Exceptions\HttpNotFound; use Engelsystem\Http\Exceptions\HttpNotFound;
use Engelsystem\Http\Response; use Engelsystem\Http\Response;
use Engelsystem\Http\Redirector;
use Engelsystem\Http\Request;
use Engelsystem\Helpers\Authenticator;
use Psr\Log\LoggerInterface;
class SettingsController extends BaseController class SettingsController extends BaseController
{ {
use HasUserNotifications; use HasUserNotifications;
/** @var Authenticator */
protected $auth;
/** @var Config */ /** @var Config */
protected $config; protected $config;
/** @var LoggerInterface */
protected $log;
/** @var Redirector */
protected $redirect;
/** @var Response */ /** @var Response */
protected $response; protected $response;
/** @var string[] */
protected $permissions = [
'user_settings',
];
/** /**
* @param Config $config * @param Config $config
* @param Response $response * @param Response $response
*/ */
public function __construct( public function __construct(
Authenticator $auth,
Config $config, Config $config,
LoggerInterface $log,
Redirector $redirector,
Response $response Response $response
) { ) {
$this->config = $config; $this->auth = $auth;
$this->response = $response; $this->config = $config;
$this->log = $log;
$this->redirect = $redirector;
$this->response = $response;
}
/**
* @return Response
*/
public function password(): Response
{
return $this->response->withView(
'pages/settings/password.twig',
$this->getNotifications()
);
}
/**
* @return Response
*/
public function savePassword(Request $request): Response
{
$user = $this->auth->user();
if (
!$request->has('password')
|| !$this->auth->verifyPassword($user, $request->postData('password'))
) {
$this->addNotification('-> not OK. Please try again.', 'errors');
} elseif (strlen($request->postData('new_password')) < config('min_password_length')) {
$this->addNotification('Your password is to short (please use at least 6 characters).', 'errors');
} elseif ($request->postData('new_password') != $request->postData('new_password2')) {
$this->addNotification('Your passwords don\'t match.', 'errors');
} else {
$this->auth->setPassword($user, $request->postData('new_password'));
$this->addNotification('Password saved.');
$this->log->info('User set new password.');
}
return $this->redirect->to('/settings/password');
} }
/** /**

270
tests/Unit/Controllers/SettingsControllerTest.php
View File

@ -10,9 +10,217 @@ use Engelsystem\Test\Unit\TestCase;
use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\MockObject\MockObject;
use Symfony\Component\HttpFoundation\Session\Session; use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage; use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
use Psr\Log\LoggerInterface;
use Engelsystem\Http\Redirector;
use Engelsystem\Helpers\Authenticator;
use Engelsystem\Test\Unit\HasDatabase;
use Engelsystem\Http\Request;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Log\Test\TestLogger;
use Engelsystem\Http\UrlGeneratorInterface;
use Engelsystem\Http\UrlGenerator;
use Engelsystem\Models\User\User;
class SettingsControllerTest extends TestCase class SettingsControllerTest extends TestCase
{ {
use HasDatabase;
/** @var Authenticator|MockObject */
protected $auth;
/** @var Config */
protected $config;
/** @var TestLogger */
protected $log;
/** @var Response|MockObject */
protected $response;
/** @var Request */
protected $request;
/** @var User */
protected $user;
/**
* @covers \Engelsystem\Controllers\SettingsController::password
*/
public function testPassword()
{
/** @var Response|MockObject $response */
$this->response->expects($this->once())
->method('withView')
->willReturnCallback(function ($view, $data) {
$this->assertEquals('pages/settings/password.twig', $view);
return $this->response;
});
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->password();
}
/**
* @covers \Engelsystem\Controllers\SettingsController::savePassword
*/
public function testSavePassword()
{
$body = [
'password' => 'password',
'new_password' => 'newpassword',
'new_password2' => 'newpassword'
];
$this->request = $this->request->withParsedBody($body);
$this->auth->expects($this->once())
->method('user')
->willReturn($this->user);
$this->auth->expects($this->once())
->method('verifyPassword')
->with($this->user, 'password')
->willReturn(true);
$this->auth->expects($this->once())
->method('setPassword')
->with($this->user, 'newpassword');
$this->response->expects($this->once())
->method('redirectTo')
->with('http://localhost/settings/password')
->willReturn($this->response);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->savePassword($this->request);
$this->assertTrue($this->log->hasInfoThatContains('User set new password.'));
/** @var Session $session */
$session = $this->app->get('session');
$messages = $session->get('messages');
$this->assertEquals('Password saved.', $messages[0]);
}
/**
* @covers \Engelsystem\Controllers\SettingsController::savePassword
*/
public function testSavePasswordWrongOldPassword()
{
$body = [
'password' => 'wrongpassword',
'new_password' => 'newpassword',
'new_password2' => 'newpassword'
];
$this->request = $this->request->withParsedBody($body);
$this->auth->expects($this->once())
->method('user')
->willReturn($this->user);
$this->auth->expects($this->once())
->method('verifyPassword')
->with($this->user, 'wrongpassword')
->willReturn(false);
$this->auth->expects($this->never())
->method('setPassword');
$this->response->expects($this->once())
->method('redirectTo')
->with('http://localhost/settings/password')
->willReturn($this->response);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->savePassword($this->request);
/** @var Session $session */
$session = $this->app->get('session');
$errors = $session->get('errors');
$this->assertEquals('-> not OK. Please try again.', $errors[0]);
}
/**
* @covers \Engelsystem\Controllers\SettingsController::savePassword
*/
public function testSavePasswordMismatchingNewPassword()
{
$body = [
'password' => 'password',
'new_password' => 'newpassword',
'new_password2' => 'wrongpassword'
];
$this->request = $this->request->withParsedBody($body);
$this->auth->expects($this->once())
->method('user')
->willReturn($this->user);
$this->auth->expects($this->once())
->method('verifyPassword')
->with($this->user, 'password')
->willReturn(true);
$this->auth->expects($this->never())
->method('setPassword');
$this->response->expects($this->once())
->method('redirectTo')
->with('http://localhost/settings/password')
->willReturn($this->response);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->savePassword($this->request);
/** @var Session $session */
$session = $this->app->get('session');
$errors = $session->get('errors');
$this->assertEquals('Your passwords don\'t match.', $errors[0]);
}
/**
* @covers \Engelsystem\Controllers\SettingsController::savePassword
*/
public function testSavePasswordInvalidNewPassword()
{
$body = [
'password' => 'password',
'new_password' => 'short',
'new_password2' => 'short'
];
$this->request = $this->request->withParsedBody($body);
$this->auth->expects($this->once())
->method('user')
->willReturn($this->user);
$this->auth->expects($this->once())
->method('verifyPassword')
->with($this->user, 'password')
->willReturn(true);
$this->auth->expects($this->never())
->method('setPassword');
$this->response->expects($this->once())
->method('redirectTo')
->with('http://localhost/settings/password')
->willReturn($this->response);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->savePassword($this->request);
/** @var Session $session */
$session = $this->app->get('session');
$errors = $session->get('errors');
$this->assertEquals('Your password is to short (please use at least 6 characters).', $errors[0]);
}
/** /**
* @covers \Engelsystem\Controllers\SettingsController::__construct * @covers \Engelsystem\Controllers\SettingsController::__construct
* @covers \Engelsystem\Controllers\SettingsController::oauth * @covers \Engelsystem\Controllers\SettingsController::oauth
@ -20,24 +228,20 @@ class SettingsControllerTest extends TestCase
public function testOauth() public function testOauth()
{ {
$providers = ['foo' => ['lorem' => 'ipsum']]; $providers = ['foo' => ['lorem' => 'ipsum']];
$config = new Config(['oauth' => $providers]); config(['oauth' => $providers]);
$session = new Session(new MockArraySessionStorage()); $this->response->expects($this->once())
$session->set('information', [['lorem' => 'ipsum']]);
$this->app->instance('session', $session);
/** @var Response|MockObject $response */
$response = $this->createMock(Response::class);
$response->expects($this->once())
->method('withView') ->method('withView')
->willReturnCallback(function ($view, $data) use ($response, $providers) { ->willReturnCallback(function ($view, $data) use ($providers) {
$this->assertEquals('pages/settings/oauth.twig', $view); $this->assertEquals('pages/settings/oauth.twig', $view);
$this->assertArrayHasKey('information', $data); $this->assertArrayHasKey('information', $data);
$this->assertArrayHasKey('providers', $data); $this->assertArrayHasKey('providers', $data);
$this->assertEquals($providers, $data['providers']); $this->assertEquals($providers, $data['providers']);
return $response; return $this->response;
}); });
$controller = new SettingsController($config, $response); /** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->oauth(); $controller->oauth();
} }
@ -46,13 +250,51 @@ class SettingsControllerTest extends TestCase
*/ */
public function testOauthNotConfigured() public function testOauthNotConfigured()
{ {
$config = new Config(['oauth' => []]); config(['oauth' => []]);
/** @var Response|MockObject $response */
$response = $this->createMock(Response::class);
$controller = new SettingsController($config, $response); /** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$this->expectException(HttpNotFound::class); $this->expectException(HttpNotFound::class);
$controller->oauth(); $controller->oauth();
} }
/**
* Setup environment
*/
public function setUp(): void
{
parent::setUp();
$this->initDatabase();
$this->config = new Config(['min_password_length' => 6]);
$this->app->instance('config', $this->config);
$this->app->instance(Config::class, $this->config);
$this->request = Request::create('http://localhost');
$this->app->instance('request', $this->request);
$this->app->instance(Request::class, $this->request);
$this->app->instance(ServerRequestInterface::class, $this->request);
$this->response = $this->createMock(Response::class);
$this->app->instance(Response::class, $this->response);
$this->app->bind(UrlGeneratorInterface::class, UrlGenerator::class);
$this->log = new TestLogger();
$this->app->instance(LoggerInterface::class, $this->log);
$this->app->instance('session', new Session(new MockArraySessionStorage()));
$this->auth = $this->createMock(Authenticator::class);
$this->app->instance(Authenticator::class, $this->auth);
$this->user = new User([
'name' => 'testuser',
'email' => 'test@engelsystem.de',
'password' => 'xxx',
'api_key' => 'xxx'
]);
$this->user->save();
}
} }