From bb01ae7fca0d66b7ec5c3040a4c6222a018cc342 Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Sat, 16 Nov 2013 19:24:33 +0100
Subject: [PATCH] Closed #62

---
 config.ini                         | 18 ++++--
 src/Controllers/UserController.php | 94 +++++++++++++++++++++++++-----
 src/Models/Model_Token.php         | 25 ++++++++
 src/Views/auth-login.phtml         |  3 +-
 4 files changed, 119 insertions(+), 21 deletions(-)
 create mode 100644 src/Models/Model_Token.php

diff --git a/config.ini b/config.ini
index d454fd1e..cdd7965a 100644
--- a/config.ini
+++ b/config.ini
@@ -41,15 +41,25 @@ needEmailForRegistering = 1
 needEmailForCommenting = 0
 needEmailForUploading = 1
 confirmationEmailEnabled = 1
-confirmationEmailSenderName = "{host} registration engine"
+confirmationEmailSenderName = "{host} mailing system"
 confirmationEmailSenderEmail = "noreply@{host}"
-confirmationEmailSubject = "{host} activation"
+confirmationEmailSubject = "{host} - account activation"
 confirmationEmailBody = "Hello,
 
-You received this e-mail because someone registered a user with this address at {host}. If it's you, visit {link} to finish registration process, otherwise you may ignore and delete this e-mail.
+You received this e-mail because someone registered a user with this e-mail address at {host}. If it's you, visit {link} to finish registration process, otherwise you may ignore and delete this e-mail.
 
 Kind regards,
-{host} registration engine"
+{host} mailing system"
+
+passwordResetEmailSenderName = "{host} mailing system"
+passwordResetEmailSenderEmail = "noreply@{host}"
+passwordResetEmailSubject = "{host} - password reset"
+passwordResetEmailBody = "Hello,
+
+You received this e-mail because someone requested a password reset for user with this e-mail address at {host}. If it's you, visit {link} to finish password reset process, otherwise you may ignore and delete this e-mail.
+
+Kind regards,
+{host} mailing system"
 
 [privileges]
 uploadPost=registered
diff --git a/src/Controllers/UserController.php b/src/Controllers/UserController.php
index e3e579af..1901fb3b 100644
--- a/src/Controllers/UserController.php
+++ b/src/Controllers/UserController.php
@@ -32,6 +32,9 @@ class UserController
 		$senderName = TextHelper::replaceTokens($senderName, $tokens);
 		$senderEmail = TextHelper::replaceTokens($senderEmail, $tokens);
 
+		if (empty($recipientEmail))
+			throw new SimpleException('Destination e-mail address was not found');
+
 		$headers = [];
 		$headers []= sprintf('MIME-Version: 1.0');
 		$headers []= sprintf('Content-Transfer-Encoding: 7bit');
@@ -71,6 +74,23 @@ class UserController
 			$tokens);
 	}
 
+	private static function sendPasswordResetConfirmation($user)
+	{
+		$regConfig = \Chibi\Registry::getConfig()->registration;
+
+		$tokens = [];
+		$tokens['link'] = \Chibi\UrlHelper::route('user', 'password-reset', ['token' => '{token}']);
+
+		return self::sendTokenizedEmail(
+			$user,
+			$regConfig->passwordResetEmailBody,
+			$regConfig->passwordResetEmailSubject,
+			$regConfig->passwordResetEmailSenderName,
+			$regConfig->passwordResetEmailSenderEmail,
+			$user->email_confirmed,
+			$tokens);
+	}
+
 
 
 	/**
@@ -519,18 +539,7 @@ class UserController
 		$this->context->subTitle = 'account activation';
 		$this->context->viewName = 'message';
 
-		if (empty($token))
-			throw new SimpleException('Invalid activation token');
-
-		$dbToken = R::findOne('usertoken', 'token = ?', [$token]);
-		if ($dbToken === null)
-			throw new SimpleException('No user with such activation token');
-
-		if ($dbToken->used)
-			throw new SimpleException('This user was already activated');
-
-		if ($dbToken->expires !== null and time() > $dbToken->expires)
-			throw new SimpleException('Activation link expired');
+		$dbToken = Model_Token::locate($token);
 
 		$dbUser = $dbToken->user;
 		$dbUser->email_confirmed = $dbUser->email_unconfirmed;
@@ -554,14 +563,67 @@ class UserController
 
 
 	/**
-	* @route /activation-retry/
+	* @route /password-reset/{token}
 	*/
-	public function activationRetryAction()
+	public function passwordResetAction($token)
 	{
-		$this->context->subTitle = 'activation retry';
+		$this->context->subTitle = 'password reset';
+		$this->context->viewName = 'message';
 
-		$this->context->stylesheets []= 'auth.css';
+		$dbToken = Model_Token::locate($token);
+
+		$alphabet = array_merge(range('A', 'Z'), range('a', 'z'), range('0', '9'));
+		$randomPassword = join('', array_map(function($x) use ($alphabet)
+		{
+			return $alphabet[$x];
+		}, array_rand($alphabet, 8)));
+
+		$dbUser = $dbToken->user;
+		$dbUser->pass_hash = Model_User::hashPassword($randomPassword, $dbUser->pass_salt);
+		$dbToken->used = true;
+		R::store($dbToken);
+		R::store($dbUser);
+
+		$message = 'Password reset successfuly. Your new password is **' . $randomPassword . '**.';
+		StatusHelper::success($message);
+
+		$this->context->user = $dbUser;
+		AuthController::doReLog();
+	}
+
+
+
+
+	/**
+	* @route /password-reset-proxy
+	*/
+	public function passwordResetProxyAction()
+	{
+		$this->context->subTtile = 'password reset';
 		$this->context->viewName = 'user-select';
+		$this->context->stylesheets []= 'auth.css';
+
+		if (InputHelper::get('submit'))
+		{
+			$name = InputHelper::get('name');
+			$user = Model_User::locate($name);
+			if (empty($user->email_confirmed))
+				throw new SimpleException('This user has no e-mail confirmed; password reset cannot proceed');
+
+			self::sendPasswordResetConfirmation($user);
+			StatusHelper::success('E-mail sent. Follow instructions to reset password.');
+		}
+	}
+
+	/**
+	* @route /activation-proxy
+	*/
+	public function activationProxyAction()
+	{
+		$this->context->subTitle = 'account activation';
+		$this->context->viewName = 'user-select';
+		$this->context->stylesheets []= 'auth.css';
+
 		if (InputHelper::get('submit'))
 		{
 			$name = InputHelper::get('name');
diff --git a/src/Models/Model_Token.php b/src/Models/Model_Token.php
new file mode 100644
index 00000000..aff9a16f
--- /dev/null
+++ b/src/Models/Model_Token.php
@@ -0,0 +1,25 @@
+<?php
+class Model_Token extends AbstractModel
+{
+	public static function locate($key, $throw = true)
+	{
+		if (empty($key))
+			throw new SimpleException('Invalid security token');
+
+		$token = R::findOne('usertoken', 'token = ?', [$key]);
+		if ($token === null)
+		{
+			if ($throw)
+				throw new SimpleException('No user with security token');
+			return null;
+		}
+
+		if ($token->used)
+			throw new SimpleException('This token was already used');
+
+		if ($token->expires !== null and time() > $token->expires)
+			throw new SimpleException('This token has expired');
+
+		return $token;
+	}
+}
diff --git a/src/Views/auth-login.phtml b/src/Views/auth-login.phtml
index 7c090c29..40819ec4 100644
--- a/src/Views/auth-login.phtml
+++ b/src/Views/auth-login.phtml
@@ -35,7 +35,8 @@
 		<div>
 			<p>Problems logging in?</p>
 			<ul>
-				<li><a href="<?php echo \Chibi\UrlHelper::route('user', 'activation-retry') ?>">I haven't received activation e-mail</a></li>
+				<li><a href="<?php echo \Chibi\UrlHelper::route('user', 'password-reset-proxy') ?>">I don't remember my password</a></li>
+				<li><a href="<?php echo \Chibi\UrlHelper::route('user', 'activation-proxy') ?>">I haven't received activation e-mail</a></li>
 				<li><a href="<?php echo \Chibi\UrlHelper::route('user', 'registration') ?>">I don't have account</a></li>
 			</ul>
 		</div>