add password settings page

This commit is contained in:
msquare 2020-11-23 20:41:02 +01:00 committed by Igor Scheller
parent ebab34ee67
commit d3265ef70a
14 changed files with 399 additions and 67 deletions

View File

@ -20,6 +20,8 @@ $route->post('/oauth/{provider:\w+}/connect', 'OAuthController@connect');
$route->post('/oauth/{provider:\w+}/disconnect', 'OAuthController@disconnect');
// User settings
$route->get('/settings/password', 'SettingsController@password');
$route->post('/settings/password', 'SettingsController@savePassword');
$route->get('/settings/oauth', 'SettingsController@oauth');
// Password recovery

View File

@ -101,31 +101,6 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes)
return $user_source;
}
/**
* Change user password.
*
* @param User $user_source The user
*/
function user_settings_password($user_source)
{
$request = request();
$auth = auth();
if (
!$request->has('password')
|| !$auth->verifyPassword($user_source, $request->postData('password'))
) {
error(__('-> not OK. Please try again.'));
} elseif (strlen($request->postData('new_password')) < config('min_password_length')) {
error(__('Your password is to short (please use at least 6 characters).'));
} elseif ($request->postData('new_password') != $request->postData('new_password2')) {
error(__('Your passwords don\'t match.'));
} else {
$auth->setPassword($user_source, $request->postData('new_password'));
success(__('Password saved.'));
}
throw_redirect(page_link_to('user_settings'));
}
/**
* Change user theme
*
@ -216,8 +191,6 @@ function user_settings()
$user_source = auth()->user();
if ($request->hasPostData('submit')) {
$user_source = user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes);
} elseif ($request->hasPostData('submit_password')) {
user_settings_password($user_source);
} elseif ($request->hasPostData('submit_theme')) {
$user_source = user_settings_theme($user_source, $themes);
} elseif ($request->hasPostData('submit_language')) {

View File

@ -107,13 +107,6 @@ function User_settings_view(
. button(url('/settings/oauth'), __('settings.oauth'), 'btn-primary')
: ''
),
form([
form_info(__('Here you can change your password.')),
form_password('password', __('Old password:')),
form_password('new_password', __('New password:')),
form_password('new_password2', __('Password confirmation:')),
form_submit('submit_password', __('Save'))
]),
form([
form_info(__('Here you can choose your color settings:')),
form_select('theme', __('Color settings:'), $themes, $user_source->settings->theme),

View File

@ -102,3 +102,6 @@ msgstr "Account nicht gefunden"
msgid "oauth.provider-not-found"
msgstr "OAuth-Provider nicht gefunden"
msgid "settings.profile"
msgstr "Profil"

View File

@ -2915,8 +2915,14 @@ msgstr "Nachricht"
msgid "settings.settings"
msgstr "Einstellungen"
msgid "settings.password"
msgstr "Passwort"
msgid "settings.oauth"
msgstr "OAuth Einstellungen"
msgstr "Single-Sign-On"
msgid "settings.oauth.identity-provider"
msgstr "Login-Dienst"
msgid "oauth.login"
msgstr "Login mit OAuth"

View File

@ -98,3 +98,6 @@ msgstr "Unable to find account"
msgid "oauth.provider-not-found"
msgstr "Unable to find OAuth provider"
msgid "settings.profile"
msgstr "Profile"

View File

@ -181,8 +181,14 @@ msgstr "Message"
msgid "settings.settings"
msgstr "Settings"
msgid "settings.password"
msgstr "Password"
msgid "settings.oauth"
msgstr "OAuth Settings"
msgstr "Single-Sign-On"
msgid "settings.oauth.identity-provider"
msgstr "Identity provider"
msgid "oauth.login"
msgstr "Login using OAuth"

View File

@ -65,7 +65,7 @@
{%- endmacro %}
{% macro button(label, opt) %}
<button class="btn btn-{{ opt.btn_type|default('primary') }}"
<button class="btn btn-{{ opt.btn_type|default('primary') }} btn-{{ opt.btn_size|default('m') }}"
{%- if opt.type is defined %} type="{{ opt.type }}"{% endif %}
{%- if opt.name is defined %} name="{{ opt.name }}"{% endif %}
{%- if opt.value is defined or opt.name is defined %} value="{{ opt.value|default('1') }}"{% endif -%}

View File

@ -62,7 +62,7 @@
{% if news %}
<div class="row">
<div class="col-md-12">
<h2>Preview</h2>
<h2>{{ __('Preview') }}</h2>
<div class="panel {% if not news.is_meeting %}panel-default{% else %}panel-info{% endif %}">
<div class="panel-heading">

View File

@ -4,15 +4,21 @@
{% block title %}{{ __('settings.oauth') }}{% endblock %}
{% block container_title %}
<h1 id="oauth-settings-title">{{ block('title') }}</h1>
<h2 id="oauth-settings-title">{{ block('title') }}</h2>
{% endblock %}
{% block row_content %}
<table class="table table-striped">
<thead>
<tr>
<th>{{ __('settings.oauth.identity-provider') }}</th>
<th></th>
</tr>
</thead>
<tbody>
{% for name,config in providers %}
<tr{% if config.hidden|default(false) %} class="hidden"{% endif %}>
<th>
<td>
{% if config.url|default %}
<a href="{{ config.url }}" target="_blank" rel="noopener">
{{ __(config.name|default(name|capitalize)) }}
@ -20,19 +26,19 @@
{% else %}
{{ __(config.name|default(name|capitalize)) }}
{% endif %}
</th>
</td>
<td>
{% if not user.oauth.contains('provider', name) %}
<form method="POST" action="{{ url('/oauth/' ~ name ~ '/connect') }}">
{{ csrf() }}
{{ f.submit(__('form.connect')) }}
{{ f.submit(__('form.connect'), {'btn_size' : 'xs'}) }}
</form>
{% else %}
<form method="POST" action="{{ url('/oauth/' ~ name ~ '/disconnect') }}">
{{ csrf() }}
{{ f.submit(__('form.disconnect'), {'btn_type': 'danger'}) }}
{{ f.submit(__('form.disconnect'), {'btn_type': 'danger', 'btn_size' : 'xs'}) }}
</form>
{% endif %}
</td>

View File

@ -0,0 +1,36 @@
{% extends 'pages/settings/settings.twig' %}
{% import 'macros/form.twig' as f %}
{% import 'macros/base.twig' as m %}
{% block title %}{{ __('settings.password') }}{% endblock %}
{% block row_content %}
<form action="" enctype="multipart/form-data" method="post">
{{ csrf() }}
<div class="row">
<div class="col-md-12">
{{ m.alert(__('Here you can change your password.')) }}
{{ f.input(
'password',
__('Old password:'),
'password',
{'required': true}
) }}
{{ f.input(
'new_password',
__('New password:'),
'password',
{'required': true}
) }}
{{ f.input(
'new_password2',
__('Password confirmation:'),
'password',
{'required': true}
) }}
{{ f.submit() }}
</div>
</div>
</form>
{% endblock %}

View File

@ -1,14 +1,17 @@
{% extends 'layouts/app.twig' %}
{% import 'macros/base.twig' as m %}
{% block title %}{{ __('settings') }}{% endblock %}
{% block content %}
<div class="container user-settings">
<h1>{{ __('settings.settings') }}</h1>
<div class="row">
<div class="col-md-2 settings-menu">
<div class="col-md-3 settings-menu">
<ul class="nav nav-pills nav-stacked">
{% for url,title in {
(url('/user-settings')): __('settings.settings'),
(url('/user-settings')): __('settings.profile'),
(url('/settings/password')): __('settings.password'),
(url('/settings/oauth')): __('settings.oauth'),
} %}
<li{% if url == request.url() %} class="active"{% endif %}>
@ -18,18 +21,16 @@
</ul>
</div>
<div class="col-md-10">
<div class="col-md-9">
{% block container_title %}
<h1>{{ block('title') }}</h1>
<h2>{{ block('title') }}</h2>
{% endblock %}
{% include 'layouts/parts/messages.twig' %}
<div class="row">
{% block row_content %}
{% endblock %}
</div>
</div>
</div>
</div>
{% endblock %}

View File

@ -5,29 +5,90 @@ namespace Engelsystem\Controllers;
use Engelsystem\Config\Config;
use Engelsystem\Http\Exceptions\HttpNotFound;
use Engelsystem\Http\Response;
use Engelsystem\Http\Redirector;
use Engelsystem\Http\Request;
use Engelsystem\Helpers\Authenticator;
use Psr\Log\LoggerInterface;
class SettingsController extends BaseController
{
use HasUserNotifications;
/** @var Authenticator */
protected $auth;
/** @var Config */
protected $config;
/** @var LoggerInterface */
protected $log;
/** @var Redirector */
protected $redirect;
/** @var Response */
protected $response;
/** @var string[] */
protected $permissions = [
'user_settings',
];
/**
* @param Config $config
* @param Response $response
*/
public function __construct(
Authenticator $auth,
Config $config,
LoggerInterface $log,
Redirector $redirector,
Response $response
) {
$this->auth = $auth;
$this->config = $config;
$this->log = $log;
$this->redirect = $redirector;
$this->response = $response;
}
/**
* @return Response
*/
public function password(): Response
{
return $this->response->withView(
'pages/settings/password.twig',
$this->getNotifications()
);
}
/**
* @return Response
*/
public function savePassword(Request $request): Response
{
$user = $this->auth->user();
if (
!$request->has('password')
|| !$this->auth->verifyPassword($user, $request->postData('password'))
) {
$this->addNotification('-> not OK. Please try again.', 'errors');
} elseif (strlen($request->postData('new_password')) < config('min_password_length')) {
$this->addNotification('Your password is to short (please use at least 6 characters).', 'errors');
} elseif ($request->postData('new_password') != $request->postData('new_password2')) {
$this->addNotification('Your passwords don\'t match.', 'errors');
} else {
$this->auth->setPassword($user, $request->postData('new_password'));
$this->addNotification('Password saved.');
$this->log->info('User set new password.');
}
return $this->redirect->to('/settings/password');
}
/**
* @return Response
*/

View File

@ -10,9 +10,217 @@ use Engelsystem\Test\Unit\TestCase;
use PHPUnit\Framework\MockObject\MockObject;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
use Psr\Log\LoggerInterface;
use Engelsystem\Http\Redirector;
use Engelsystem\Helpers\Authenticator;
use Engelsystem\Test\Unit\HasDatabase;
use Engelsystem\Http\Request;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Log\Test\TestLogger;
use Engelsystem\Http\UrlGeneratorInterface;
use Engelsystem\Http\UrlGenerator;
use Engelsystem\Models\User\User;
class SettingsControllerTest extends TestCase
{
use HasDatabase;
/** @var Authenticator|MockObject */
protected $auth;
/** @var Config */
protected $config;
/** @var TestLogger */
protected $log;
/** @var Response|MockObject */
protected $response;
/** @var Request */
protected $request;
/** @var User */
protected $user;
/**
* @covers \Engelsystem\Controllers\SettingsController::password
*/
public function testPassword()
{
/** @var Response|MockObject $response */
$this->response->expects($this->once())
->method('withView')
->willReturnCallback(function ($view, $data) {
$this->assertEquals('pages/settings/password.twig', $view);
return $this->response;
});
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->password();
}
/**
* @covers \Engelsystem\Controllers\SettingsController::savePassword
*/
public function testSavePassword()
{
$body = [
'password' => 'password',
'new_password' => 'newpassword',
'new_password2' => 'newpassword'
];
$this->request = $this->request->withParsedBody($body);
$this->auth->expects($this->once())
->method('user')
->willReturn($this->user);
$this->auth->expects($this->once())
->method('verifyPassword')
->with($this->user, 'password')
->willReturn(true);
$this->auth->expects($this->once())
->method('setPassword')
->with($this->user, 'newpassword');
$this->response->expects($this->once())
->method('redirectTo')
->with('http://localhost/settings/password')
->willReturn($this->response);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->savePassword($this->request);
$this->assertTrue($this->log->hasInfoThatContains('User set new password.'));
/** @var Session $session */
$session = $this->app->get('session');
$messages = $session->get('messages');
$this->assertEquals('Password saved.', $messages[0]);
}
/**
* @covers \Engelsystem\Controllers\SettingsController::savePassword
*/
public function testSavePasswordWrongOldPassword()
{
$body = [
'password' => 'wrongpassword',
'new_password' => 'newpassword',
'new_password2' => 'newpassword'
];
$this->request = $this->request->withParsedBody($body);
$this->auth->expects($this->once())
->method('user')
->willReturn($this->user);
$this->auth->expects($this->once())
->method('verifyPassword')
->with($this->user, 'wrongpassword')
->willReturn(false);
$this->auth->expects($this->never())
->method('setPassword');
$this->response->expects($this->once())
->method('redirectTo')
->with('http://localhost/settings/password')
->willReturn($this->response);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->savePassword($this->request);
/** @var Session $session */
$session = $this->app->get('session');
$errors = $session->get('errors');
$this->assertEquals('-> not OK. Please try again.', $errors[0]);
}
/**
* @covers \Engelsystem\Controllers\SettingsController::savePassword
*/
public function testSavePasswordMismatchingNewPassword()
{
$body = [
'password' => 'password',
'new_password' => 'newpassword',
'new_password2' => 'wrongpassword'
];
$this->request = $this->request->withParsedBody($body);
$this->auth->expects($this->once())
->method('user')
->willReturn($this->user);
$this->auth->expects($this->once())
->method('verifyPassword')
->with($this->user, 'password')
->willReturn(true);
$this->auth->expects($this->never())
->method('setPassword');
$this->response->expects($this->once())
->method('redirectTo')
->with('http://localhost/settings/password')
->willReturn($this->response);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->savePassword($this->request);
/** @var Session $session */
$session = $this->app->get('session');
$errors = $session->get('errors');
$this->assertEquals('Your passwords don\'t match.', $errors[0]);
}
/**
* @covers \Engelsystem\Controllers\SettingsController::savePassword
*/
public function testSavePasswordInvalidNewPassword()
{
$body = [
'password' => 'password',
'new_password' => 'short',
'new_password2' => 'short'
];
$this->request = $this->request->withParsedBody($body);
$this->auth->expects($this->once())
->method('user')
->willReturn($this->user);
$this->auth->expects($this->once())
->method('verifyPassword')
->with($this->user, 'password')
->willReturn(true);
$this->auth->expects($this->never())
->method('setPassword');
$this->response->expects($this->once())
->method('redirectTo')
->with('http://localhost/settings/password')
->willReturn($this->response);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->savePassword($this->request);
/** @var Session $session */
$session = $this->app->get('session');
$errors = $session->get('errors');
$this->assertEquals('Your password is to short (please use at least 6 characters).', $errors[0]);
}
/**
* @covers \Engelsystem\Controllers\SettingsController::__construct
* @covers \Engelsystem\Controllers\SettingsController::oauth
@ -20,24 +228,20 @@ class SettingsControllerTest extends TestCase
public function testOauth()
{
$providers = ['foo' => ['lorem' => 'ipsum']];
$config = new Config(['oauth' => $providers]);
$session = new Session(new MockArraySessionStorage());
$session->set('information', [['lorem' => 'ipsum']]);
$this->app->instance('session', $session);
/** @var Response|MockObject $response */
$response = $this->createMock(Response::class);
$response->expects($this->once())
config(['oauth' => $providers]);
$this->response->expects($this->once())
->method('withView')
->willReturnCallback(function ($view, $data) use ($response, $providers) {
->willReturnCallback(function ($view, $data) use ($providers) {
$this->assertEquals('pages/settings/oauth.twig', $view);
$this->assertArrayHasKey('information', $data);
$this->assertArrayHasKey('providers', $data);
$this->assertEquals($providers, $data['providers']);
return $response;
return $this->response;
});
$controller = new SettingsController($config, $response);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$controller->oauth();
}
@ -46,13 +250,51 @@ class SettingsControllerTest extends TestCase
*/
public function testOauthNotConfigured()
{
$config = new Config(['oauth' => []]);
/** @var Response|MockObject $response */
$response = $this->createMock(Response::class);
config(['oauth' => []]);
$controller = new SettingsController($config, $response);
/** @var SettingsController $controller */
$controller = $this->app->make(SettingsController::class);
$this->expectException(HttpNotFound::class);
$controller->oauth();
}
/**
* Setup environment
*/
public function setUp(): void
{
parent::setUp();
$this->initDatabase();
$this->config = new Config(['min_password_length' => 6]);
$this->app->instance('config', $this->config);
$this->app->instance(Config::class, $this->config);
$this->request = Request::create('http://localhost');
$this->app->instance('request', $this->request);
$this->app->instance(Request::class, $this->request);
$this->app->instance(ServerRequestInterface::class, $this->request);
$this->response = $this->createMock(Response::class);
$this->app->instance(Response::class, $this->response);
$this->app->bind(UrlGeneratorInterface::class, UrlGenerator::class);
$this->log = new TestLogger();
$this->app->instance(LoggerInterface::class, $this->log);
$this->app->instance('session', new Session(new MockArraySessionStorage()));
$this->auth = $this->createMock(Authenticator::class);
$this->app->instance(Authenticator::class, $this->auth);
$this->user = new User([
'name' => 'testuser',
'email' => 'test@engelsystem.de',
'password' => 'xxx',
'api_key' => 'xxx'
]);
$this->user->save();
}
}