From 0695c44b21a365ca6af1541c09cb1a59b9881625 Mon Sep 17 00:00:00 2001
From: Alinson Santos <isoron@gmail.com>
Date: Sat, 19 Apr 2008 19:14:47 -0300
Subject: [PATCH] Recuperacao de senha

---
 app/controllers/users_controller.rb           | 26 ++++++++++++++
 app/models/notifications.rb                   |  9 +++--
 app/models/user.rb                            |  9 +++--
 .../notifications/forgot_password.html.erb    | 14 +++++---
 app/views/users/_form_settings.html.haml      |  2 +-
 app/views/users/login.html.haml               |  4 ++-
 app/views/users/recover_password.html.haml    | 36 +++++++++++++++++++
 config/application.rb                         |  3 ++
 config/routes.rb                              |  2 ++
 db/migrate/035_reset_password.rb              |  9 +++++
 db/schema.rb                                  | 23 ++++++------
 11 files changed, 109 insertions(+), 28 deletions(-)
 create mode 100644 app/views/users/recover_password.html.haml
 create mode 100644 db/migrate/035_reset_password.rb

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 51150b1..28f483f 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -137,6 +137,32 @@ class UsersController < ApplicationController
 		end
 	end
 
+	def recover_password
+		if params[:key]
+			@user = User.find_by_password_reset_key(params[:key])
+			if @user.nil?
+				redirect_to login_path
+			elsif request.post?
+				@user.password = params[:user][:password]
+				@user.password_confirmation = params[:user][:password_confirmation]
+				if @user.save
+					@user.update_attribute(:password_reset_key, nil)
+					flash[:message] = "Senha modificada"
+					redirect_to login_path
+				end
+			end
+		else
+			if request.post?
+				@user = User.find_by_email(params[:user][:email])
+				if @user.nil?
+					flash[:warning] = "Email inválido"
+				else
+					@user.generate_password_reset_key!
+				end
+			end
+		end
+	end
+
 #	def forgot_password
 #		if request.post?
 #			u = User.find_by_email(params[:user][:email])
diff --git a/app/models/notifications.rb b/app/models/notifications.rb
index 3ef789b..985c7e0 100644
--- a/app/models/notifications.rb
+++ b/app/models/notifications.rb
@@ -16,12 +16,11 @@
 
 class Notifications < ActionMailer::Base
 
-	def forgot_password(to, login, pass, sent_at = Time.now)
-		@subject = "Your password is ..."
-		@body['login']=login
-		@body['pass']=pass
+	def forgot_password(to, key, sent_at = Time.now)
+		@subject = "#{App.title} - Recuperar senha"
+		@body['key'] = key
 		@recipients = to
-		@from = 'support@yourdomain.com'
+		@from = "#{App.title} <#{App.webmaster_email}>"
 		@sent_on = sent_at
 		@headers = {}
 	end
diff --git a/app/models/user.rb b/app/models/user.rb
index 1304b04..45b27b9 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -63,11 +63,10 @@ class User < ActiveRecord::Base
 	end
 
 	# Gera uma nova senha, e a envia por email.
-	def send_new_password
-		new_pass = User.random_string(10)
-		@password = @password_confirmation = new_pass
-		save
-		Notifications.deliver_forgot_password(self.email, self.login, new_pass)
+	def generate_password_reset_key!
+		update_attribute(:password_reset_key, User.random_string(30))
+		save!
+		Notifications.deliver_forgot_password(self.email, self.password_reset_key)
 	end
 
 	def reset_login_key
diff --git a/app/views/notifications/forgot_password.html.erb b/app/views/notifications/forgot_password.html.erb
index 68ec496..b7c7ef7 100644
--- a/app/views/notifications/forgot_password.html.erb
+++ b/app/views/notifications/forgot_password.html.erb
@@ -1,9 +1,13 @@
-_____________
+Olá,
 
+  Recentemente, alguém solicitou que uma nova senha fosse gerada para
+  a conta associada a este email. Para completar o procedimento de
+  recuperação de senha, visite o endereço:
 
-Seu nome de usuário é <%= h(@login) %>. E seu novo password é <%= h(@pass) %>.
-Faça o seu Login e mude para algo mais fácil de ser memorizado.
+    <%= recover_password_with_key_url(@key, :host => App.default_host) %>
 
+  Caso esta solicitação não tenha sido feita por você, por favor,
+  desconsidere esta mensagem.
 
-Wiki Ufc
--------------
+Atenciosamente,
+Equipe do <%= App.title %>.
diff --git a/app/views/users/_form_settings.html.haml b/app/views/users/_form_settings.html.haml
index 670e182..e111847 100644
--- a/app/views/users/_form_settings.html.haml
+++ b/app/views/users/_form_settings.html.haml
@@ -21,7 +21,7 @@
     %dd= text_field('user', 'display_name')
 
     %dt
-      %laber{:for => 'user_email'} Email
+      %label{:for => 'user_email'} Email
     %dd= text_field('user', 'email')
 
     %dt
diff --git a/app/views/users/login.html.haml b/app/views/users/login.html.haml
index 6f27178..22c5ad8 100644
--- a/app/views/users/login.html.haml
+++ b/app/views/users/login.html.haml
@@ -22,4 +22,6 @@
 
   %br
   = link_to 'Criar nova conta', signup_path
-  =# link_ro 'Recuperar senha', recover_password_path
+
+  %br
+  = link_to 'Recuperar senha', recover_password_path
diff --git a/app/views/users/recover_password.html.haml b/app/views/users/recover_password.html.haml
new file mode 100644
index 0000000..0efc66c
--- /dev/null
+++ b/app/views/users/recover_password.html.haml
@@ -0,0 +1,36 @@
+%h4.title= App.title
+%h1.title Recuperar senha
+
+- if params[:key]
+  %p= error_messages_for :user
+  - form_tag recover_password_with_key_path(params[:key]) do
+    %dl
+      %dt
+        %label{:for => 'user_login'} Login
+      %dd
+        = text_field('user', 'login', {:value => @user.login, :readonly => true}) 
+
+      %dt
+        %label{:for => 'user_password'} Senha
+      %dd
+        = password_field('user', 'password', {:value => '', :id => 'password'}) 
+        %span#passmeter &nbsp;
+
+      %dt
+        %label{:for => 'user_password_confirmation'} Confirmação de Senha
+      %dd
+        =password_field('user', 'password_confirmation', {:value => ''})
+    = submit_tag 'Alterar senha'
+
+- else
+  - if @user
+    %p Uma mensagem de confirmacão foi enviado para o seu email.
+
+  - else
+    - form_tag recover_password_path do
+      %dl
+        %dt
+          %label{:for => 'user_email'} Email
+        %dd
+          =text_field('user', 'email')
+      = submit_tag 'Recuperar senha'
diff --git a/config/application.rb b/config/application.rb
index 5d61c3e..3fc234b 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -1,6 +1,9 @@
 # Geral
 App.language = "pt-br"
 App.title = "Wiki UFC"
+App.webmaster_email = "webmaster@wikiufc.gelsol.org"
+
+App.default_host = "wikiufc.gelsol.org"
 App.base_path = ""
 
 # Limites
diff --git a/config/routes.rb b/config/routes.rb
index 3dce15c..179757e 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -71,6 +71,8 @@ ActionController::Routing::Routes.draw do |map|
 		user.logout   'logout',   :action => 'logout'
 		user.signup   'signup',   :action => 'signup'
 		user.settings 'settings', :action => 'settings'
+		user.recover_password 'recover_password', :action => 'recover_password'
+		user.recover_password_with_key 'recover_password/:key', :action => 'recover_password'
    end
 	
 	# Pagina pessoal
diff --git a/db/migrate/035_reset_password.rb b/db/migrate/035_reset_password.rb
new file mode 100644
index 0000000..e4b0eae
--- /dev/null
+++ b/db/migrate/035_reset_password.rb
@@ -0,0 +1,9 @@
+class ResetPassword < ActiveRecord::Migration
+	def self.up
+		add_column :users, :password_reset_key, :string
+	end
+
+	def self.down
+		remove_column :users, :password_reset_key
+	end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 54812d4..c57d461 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -9,7 +9,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 34) do
+ActiveRecord::Schema.define(:version => 35) do
 
   create_table "attachments", :force => true do |t|
     t.string   "file_name",     :null => false
@@ -104,20 +104,21 @@ ActiveRecord::Schema.define(:version => 34) do
   add_index "sessions", ["session_id"], :name => "index_sessions_on_session_id"
 
   create_table "users", :force => true do |t|
-    t.string   "login",                              :null => false
-    t.string   "hashed_password",                    :null => false
-    t.string   "email",                              :null => false
-    t.string   "salt",                               :null => false
+    t.string   "login",                                 :null => false
+    t.string   "hashed_password",                       :null => false
+    t.string   "email",                                 :null => false
+    t.string   "salt",                                  :null => false
     t.datetime "created_at"
-    t.string   "name",            :default => "",    :null => false
-    t.integer  "pref_color",      :default => 0,     :null => false
-    t.string   "display_name",                       :null => false
+    t.string   "name",               :default => "",    :null => false
+    t.integer  "pref_color",         :default => 0,     :null => false
+    t.string   "display_name",                          :null => false
     t.text     "description"
-    t.datetime "last_seen",                          :null => false
+    t.datetime "last_seen",                             :null => false
     t.string   "login_key"
-    t.boolean  "admin",           :default => false, :null => false
-    t.string   "secret",                             :null => false
+    t.boolean  "admin",              :default => false, :null => false
+    t.string   "secret",                                :null => false
     t.datetime "deleted_at"
+    t.string   "password_reset_key"
   end
 
   create_table "wiki_page_versions", :force => true do |t|