diff --git a/Web/lib/MJB/Web.pm b/Web/lib/MJB/Web.pm index 52a88a1..190c486 100644 --- a/Web/lib/MJB/Web.pm +++ b/Web/lib/MJB/Web.pm @@ -65,11 +65,11 @@ sub startup ($self) { # Helper to redirect on errors, support setting the form and errors in a flash # if they exist in the stash. - $self->helper( redirect_error => sub ( $c, $redirect_to ) { + $self->helper( redirect_error => sub ( $c, $redirect_to, $redirect_args = {} ) { $c->flash( form => $c->stash->{form} ) if $c->stash->{form}; $c->flash( errors => $c->stash->{errors} ) if $c->stash->{errors}; - $c->redirect_to( $c->url_for( $redirect_to ) ); + $c->redirect_to( $c->url_for( $redirect_to, $redirect_args ) ); }); # Minion plugin & tasks diff --git a/Web/lib/MJB/Web/Controller/Auth.pm b/Web/lib/MJB/Web/Controller/Auth.pm index b68af83..1081537 100644 --- a/Web/lib/MJB/Web/Controller/Auth.pm +++ b/Web/lib/MJB/Web/Controller/Auth.pm @@ -2,9 +2,6 @@ package MJB::Web::Controller::Auth; use Mojo::Base 'Mojolicious::Controller', -signatures; use Try::Tiny; use DateTime; -use Email::Sender::Simple qw( sendmail ); -use Email::Sender::Transport::SMTP; -use Email::MIME::Kit; #== # GET /register | show_register | templates/auth/register.html.ep @@ -194,44 +191,49 @@ sub do_logout ( $c ) { #== sub forgot ( $c ) { } +#== +# POST /forgot | do_forgot +# email | The email address to reset the password for +# +# When a user requests their password be reset, a token is created +# that can be used to reset the password. +# +# This token is sent to the user via email as a link they can click +# to go to the reset page. +#== sub do_forgot ( $c ) { - $c->stash->{template} = 'auth/forgot'; - - my $email = $c->stash->{form_email} = $c->param('email'); + my $email = $c->stash->{form}->{email} = $c->param('email'); my $person = $c->db->resultset('Person')->find( { email => $email } ) or push @{$c->stash->{errors}}, "There is no account with that email address."; - return 0 if $c->stash->{errors}; + return $c->redirect_error( 'show_forgot' ) + if $c->stash->{errors}; # Make a token & send the email TODO my $token = $person->create_auth_token( 'forgot' ); - my $mkit_path = $c->config->{mkit_path}; - my $transport = Email::Sender::Transport::SMTP->new(%{$c->config->{smtp}}); - - my $kit = Email::MIME::Kit->new({ source => "$mkit_path/forgot_password.mkit" } ); - - my $message = $kit->assemble( { - send_to => $email, - link => 'https://' . $c->config->{domain} . "/reset/$token" - }); - - sendmail( $message, { transport => $transport } ); + #$c->send_email( 'forgot_password', { + # send_to => $email, + # link => 'https://' . $c->config->{domain} . "/reset/$token" + #}); # Let the user know the next steps. - $c->stash->{success} = 1; - $c->stash->{success_message} = 'Please check your email for a password reset link.';; - - # Clear the form. - $c->stash->{form_email} = ''; + $c->flash( confirmation => 'Please check your email for a password reset link.' ); + $c->redirect_to( $c->url_for( 'show_forgot' ) ); } sub reset ( $c ) { } +#== +# POST /reset/:token +# password | The new password for the user +# password_confirm | The new password for the user, again +# +# This route is used to reset a password when somebody has a token for +# a password reset on an account. +#== sub do_reset ( $c ) { - $c->stash->{template} = 'auth/reset'; - my $token = $c->param('token'); my $password = $c->stash->{form_password} = $c->param('password'); my $confirm = $c->stash->{form_password_confirm} = $c->param('password_confirm'); @@ -239,7 +241,8 @@ sub do_reset ( $c ) { push @{$c->stash->{errors}}, "Password is required" unless $password; push @{$c->stash->{errors}}, "Confirm Password is required" unless $confirm; - return if $c->stash->{errors}; + return $c->redirect_error( 'show_reset', { token => $token } ) + if $c->stash->{errors}; push @{$c->stash->{errors}}, "Password and confirm password must match" unless $confirm eq $password; @@ -247,7 +250,8 @@ sub do_reset ( $c ) { push @{$c->stash->{errors}}, "Password must be at least 8 characters" unless length($password) >= 8; - return if $c->stash->{errors}; + return $c->redirect_error( 'show_reset', { token => $token } ) + if $c->stash->{errors}; my $lower_time = DateTime->now; $lower_time->subtract( minutes => 60 ); @@ -261,7 +265,8 @@ sub do_reset ( $c ) { push @{$c->stash->{errors}}, "This token is not valid." unless $record; - return 0 if $c->stash->{errors}; + return $c->redirect_error( 'show_reset', { token => $token } ) + if $c->stash->{errors}; # Change the user's password. $record->person->auth_password->update_password( $password ); @@ -277,6 +282,3 @@ sub do_reset ( $c ) { } 1; - - - diff --git a/Web/lib/MJB/Web/Plugin/Email.pm b/Web/lib/MJB/Web/Plugin/Email.pm new file mode 100644 index 0000000..db5be07 --- /dev/null +++ b/Web/lib/MJB/Web/Plugin/Email.pm @@ -0,0 +1,19 @@ +package MJB::Web::Plugin::Email; +use Mojo::Base 'Mojolicious::Plugin', -signatures; +use Email::Sender::Simple qw( sendmail ); +use Email::Sender::Transport::SMTP; +use Email::MIME::Kit; + +sub register ( $self, $app, $config ) { + + $app->helper( send_email => sub ($c, $template, $options ) { + my $transport = Email::Sender::Transport::SMTP->new(%{$c->config->{smtp}}); + my $mkit_path = $c->home->child('mkits')->to_string; + + my $kit = Email::MIME::Kit->new({ source => sprintf( "%s/%s.mkit", $mkit_path, $template ) } ); + + my $message = $kid->assemble( $options ); + + sendmail( $message, { transport => $transport } ); + }); +} diff --git a/Web/templates/auth/forgot.html.ep b/Web/templates/auth/forgot.html.ep index ab18767..00152f5 100644 --- a/Web/templates/auth/forgot.html.ep +++ b/Web/templates/auth/forgot.html.ep @@ -11,7 +11,7 @@ <%= include '_base/form/input', type => 'email', name => 'email', title => 'Email Address', help => '', - value => $c->stash->{form_email} + value => $c->stash->{form}->{email} %>