[browsermedia#684] Forgot Password should work

There are two forgot password pages, one of public, one for CMS users. * Write Reset password scenario * Implement 'Reset Password' so public users can access it. * Bump version to 4.0.0.beta for testing release. * 'Forgot Password' shows a CMS styled form (even when an error occurs) * Move 'Forgot' to a more prominent place on the sign in.

Author: peakpg

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
  remote: .
  specs:
- browsercms (4.0.0.alpha)
+ browsercms (4.0.0.beta)
  actionpack-page_caching (~> 1.0)
  ancestry (~> 2.0.0)
  bootstrap-sass
@@ -52,15 +52,15 @@ GEM
  ancestry (2.0.0)
  activerecord (>= 3.0.0)
  ansi (1.4.3)
- arel (4.0.1)
+ arel (4.0.2)
  aruba (0.5.3)
  childprocess (>= 0.3.6)
  cucumber (>= 1.1.1)
  rspec-expectations (>= 2.7.0)
  atomic (1.1.14)
  bcrypt-ruby (3.1.2)
  bluecloth (2.2.0)
- bootstrap-sass (3.1.0.0)
+ bootstrap-sass (3.1.0.2)
  sass (~> 3.2)
  builder (3.1.4)
  capybara (2.1.0)
@@ -71,7 +71,7 @@ GEM
  xpath (~> 2.0)
  childprocess (0.3.9)
  ffi (~> 1.0, >= 1.0.11)
- chunky_png (1.2.9)
+ chunky_png (1.3.0)
  ckeditor_rails (4.3.1)
  railties (>= 3.0)
  climate_control (0.0.3)
@@ -165,7 +165,7 @@ GEM
  orm_adapter (0.5.0)
  panoramic (0.0.4)
  rails (>= 3.0.7)
- paperclip (3.5.3)
+ paperclip (3.5.4)
  activemodel (>= 3.0.0)
  activesupport (>= 3.0.0)
  cocaine (~> 0.5.3)
@@ -220,8 +220,8 @@ GEM
  sqlite3 (1.3.7)
  sqlite3-ruby (1.3.3)
  sqlite3 (>= 1.3.3)
- term-ansicolor (1.2.2)
- tins (~> 0.8)
+ term-ansicolor (1.3.0)
+ tins (~> 1.0)
  thin (1.5.1)
  daemons (>= 1.0.9)
  eventmachine (>= 0.12.6)
@@ -230,7 +230,7 @@ GEM
  thread_safe (0.1.3)
  atomic
  tilt (1.4.1)
- tins (0.13.1)
+ tins (1.0.0)
  treetop (1.4.15)
  polyglot
  polyglot (>= 0.3.1)

app/controllers/cms/passwords_controller.rb

@@ -8,6 +8,11 @@ def new
  super
  end
 
+ def create
+ use_page_title('Forgot Password')
+ super
+ end
+
  def edit
  use_page_title('Change Password')
  super

app/controllers/cms/sites/passwords_controller.rb

@@ -16,6 +16,11 @@ def create
  super
  end
 
+ def edit
+ use_page_title('Reset Password')
+ super
+ end
+
  protected
 
  # @override [Devise::PasswordsController]

app/models/cms/persistent_user.rb

@@ -11,6 +11,7 @@ class PersistentUser < ActiveRecord::Base
  # Note that Chrome doesn't expire session cookies immediately so test this in other browsers.
  # http://stackoverflow.com/questions/16817229/issues-with-devise-rememberable
  :rememberable,
+ :recoverable, # Needs to be here so forgot password link works.
  :authentication_keys => [:login]
 
 

app/views/cms/passwords/new.html.erb

@@ -0,0 +1,16 @@
+<%# Overrides devise/passwords/new to add CMS specific styles. %>
+<%= render 'cms/application/page_title' %>
+
+<%= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
+ <%= render layout: 'cms/application/main_with_sidebar' do %>
+ <%= f.error_notification %>
+ <%= f.input :email, :required => true, :autofocus => true %>
+
+ <%= render "devise/shared/links" %>
+ <% end %>
+ <%= render layout: 'cms/application/row' do %>
+ <%= button_menu :bottom do %>
+ <%= f.button :submit, "Send me reset password instructions", class: 'right btn-primary' %>
+ <% end %>
+ <% end %>
+<% end %>

app/views/cms/sessions/new.html.erb

@@ -1,17 +1,16 @@
 <% use_page_title 'Sign in' %>
 <%= render 'cms/application/page_title' %>
 
- <%= simple_form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
-  <%=  render layout: 'cms/application/main_with_sidebar' do  %>
+<%= simple_form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
+ <%= render layout: 'cms/application/main_with_sidebar' do %>
  <%= f.input :login, :required => false, :autofocus => true %>
  <%= f.input :password, :required => false %>
  <%= f.input :remember_me, :as => :boolean if devise_mapping.rememberable? %>
-
- <% end %>
- <%= render layout: 'cms/application/row' do %>
- <%= button_menu :bottom do %>
- <%= f.button :submit, "Sign in", class: 'right btn-primary' %>
- <% end %>
- <% end %>
- <% end %>
-<%= render "devise/shared/links" %>
+ <%= render "devise/shared/links" %>
+ <% end %>
+ <%= render layout: 'cms/application/row' do %>
+ <%= button_menu :bottom do %>
+ <%= f.button :submit, "Sign in", class: 'right btn-primary' %>
+ <% end %>
+ <% end %>
+<% end %>

doc/release_notes.md

@@ -2,6 +2,11 @@
 
 * List Portlet [#678] - A convenient way to find content without custom coding.
 * NameInput [#682] - Improved :name input allows for consistent name fields look/feel. New content will be generated with it.
+* [Fixes #684] Forgot Password
+
+ * /cms/forgot-password doesn't exist
+ * Reenable the forgot password link (/forgot-password)
+ * The edit_password page (pulled from email) doesn't work when followed.
 
 ## [#678] List Portlet
 

features/authentication/user_self_service.feature

@@ -24,3 +24,17 @@ Feature:
  When I login to the public site
  Then I should be successful
 
+ Scenario: Forgot Password
+ Given I am not logged in
+ When I go to the public login page
+ Then there should be a forgot password link
+ When I click the forgot password link
+ And I enter my email address to reset my password
+ Then I should receive an email with a reset password link.
+
+ Scenario: Reset Password
+ Given I am not logged in
+ And I have requested to reset my password
+ When I follow the link in the email
+ And I enter my new password
+ Then I should be able to log in with the new password

features/step_definitions/user_steps.rb

@@ -198,4 +198,56 @@
 
 When /^I fill in passwords as "([^"]*)"$/ do |new_pw|
  fill_in_password(new_pw)
+end
+
+When /^I go to the public login page$/ do
+ visit "/login"
+end
+
+Then /^there should be a forgot password link$/ do
+ assert page.has_content?("Forgot your password?")
+end
+
+When /^I click the forgot password link$/ do
+ click_on "Forgot your password?"
+end
+
+When /^I enter my email address to reset my password$/ do
+ fill_in "Email", with: Cms::User.first.email
+ click_on "Send me reset password instructions"
+end
+
+Then /^I should receive an email with a reset password link.$/ do
+ should_be_successful
+ assert_equal 1, ActionMailer::Base.deliveries.size
+ assert_equal [Cms::User.first.email], ActionMailer::Base.deliveries.first.to
+ assert page.has_content?("You will receive an email")
+end
+
+Given /^I have requested to reset my password$/ do
+ visit forgot_password_path
+ fill_in "Email", with: Cms::User.first.email
+ click_on "Send me reset password instructions"
+end
+
+def cmsadmin
+ Cms::User.first
+end
+
+When /^I follow the link in the email$/ do
+ visit edit_password_path(reset_password_token: cmsadmin.reset_password_token, id: cmsadmin.id)
+ should_see_a_page_titled "Reset Password"
+end
+
+When /^I enter my new password$/ do
+ @new_password = "mynewpassword"
+ fill_in "New password", with: @new_password
+ fill_in "Confirm your new password", with: @new_password
+ click_on "Change my password"
+ should_be_successful
+end
+
+Then /^I should be able to log in with the new password$/ do
+ login_as(Cms::User.first.login, @new_password)
+ should_be_successful
 end

lib/cms/route_extensions.rb

@@ -49,6 +49,8 @@ def mount_browsercms
  devise_scope :cms_user do
  get '/forgot-password' => "cms/sites/passwords#new", :as => 'forgot_password'
  post '/forgot-password' => "cms/sites/passwords#create", as: 'cms_user_password'
+ get '/passwords/:id/edit' => "cms/sites/passwords#edit", as: 'edit_password'
+ put '/forgot-password' => "cms/sites/passwords#update", as: 'update_password'
  end
 
  # Handle 'stock' attachments