Merge pull request #15 from TeTiRoss/fix_password_recovery_validation

Fix password recovery validation

Author: DmytroStepaniuk

app/controllers/api_session_recovering/session_recovering/reset_passwords/validates_controller.rb

@@ -0,0 +1,24 @@
+class ApiSessionRecovering::SessionRecovering::RestorePassword::ValidationsController < ApiSessionRecovering::BaseController
+  attr_reader :resource
+
+  def create
+    super
+
+    ApiSessionRecovering::RestorePassword.find_by_token! resource_params[:token]
+
+    head :no_content
+  end
+
+  private
+
+  def build_resource
+    @resource = ApiSessionRecovering::ResetPasswordValidation.new \
+      email: resource_params[:email],
+      token: resource_params[:token],
+      remote_ip: request.geocoder_spoofable_ip.to_s
+  end
+
+  def resource_params
+    params.require(:restore_password).permit :token, :email
+  end
+end

app/controllers/api_session_recovering/session_recovering/restore_password/validations_controller.rb

@@ -1,11 +1,11 @@
 ApiSessionRecovering::Engine.routes.draw do
   namespace :session_recovering do
-    resource :restore_password, only: :create
-
-    namespace :reset_passwords do
-      resource :validate, only: :create
+    namespace :restore_password do
+      resource :validation, only: :create
     end
 
-    resource :reset_password,   only: :create
+    resource :restore_password, only: :create
+
+    resource :reset_password, only: :create
   end
 end

config/routes.rb

@@ -4,9 +4,8 @@ class ApiSessionRecovering::ResetPasswordDocs
 
   swagger_path '/session_recovering/reset_password' do
     operation :post do
-      key :description, 'reset_password'
       key :summary, '2nd step of password recovering.'
-      key :tags, ['Reset password']
+      key :tags, ['restore password']
       key :consumes, ['multipart/form-data']
       security do
         key :api_key, []
@@ -37,22 +36,18 @@ class ApiSessionRecovering::ResetPasswordDocs
         key :type, :string
         key :format, :password
       end
-
-      response '204' do
+      response 204 do
         key :description, 'Success without body'
       end
-
-      response '404' do
-        key :description, 'NotFound'
+      response 404 do
+        key :description, 'Not Found'
       end
-
-      response '422' do
-        key :description, 'UnprocessableEntity'
+      response 422 do
+        key :description, 'Unprocessable Entity'
         schema do
           key :'$ref', :UnprocessableEntity
         end
       end
     end
   end
 end
-

lib/apidocs/reset_password_docs.rb

@@ -4,9 +4,8 @@ class ApiSessionRecovering::RestorePasswordDocs
 
   swagger_path '/session_recovering/restore_password' do
     operation :post do
-      key :description, 'restore_password'
       key :summary, '1st step of password recovering. Generates the code and sends it to user.'
-      key :tags, ['Restore password']
+      key :tags, ['restore password']
       key :consumes, ['multipart/form-data']
       security do
         key :api_key, []
@@ -23,46 +22,51 @@ class ApiSessionRecovering::RestorePasswordDocs
         key :required, false
         key :type, :string
       end
-
-      response '204' do
+      response 204 do
         key :description, 'Success without body'
       end
-
-      response '404' do
-        key :description, 'NotFound'
+      response 404 do
+        key :description, 'Not Found'
       end
-
-      response '422' do
-        key :description, 'UnprocessableEntity'
+      response 422 do
+        key :description, 'Unprocessable Entity'
         schema do
           key :'$ref', :UnprocessableEntity
         end
       end
     end
   end
 
-  swagger_path '/session_recovering/restore_passwords/{token}' do
-    operation :get do
-      key :description, 'Validate restore token'
+  swagger_path '/session_recovering/restore_password/validation' do
+    operation :post do
       key :summary, 'validate restore token'
-      key :tags, ['Restore password']
-      key :consumes, ['multipart/form-data']
+      key :tags, ['restore password']
       security do
         key :api_key, []
       end
       parameter do
-        key :name, :token
-        key :in, :frontend_path
+        key :name, 'restore_password[token]'
+        key :in, :formData
         key :required, true
         key :type, :string
       end
-
-      response '204' do
+      parameter do
+        key :name, 'restore_password[email]'
+        key :in, :formData
+        key :required, true
+        key :type, :string
+      end
+      response 204 do
         key :description, 'Success without body'
       end
-
-      response '404' do
-        key :description, 'NotFound'
+      response 404 do
+        key :description, 'Not Found'
+      end
+      response 422 do
+        key :description, 'Unprocessable Entity'
+        schema do
+          key :'$ref', :UnprocessableEntity
+        end
       end
     end
   end

lib/apidocs/restore_password_docs.rb

@@ -5,6 +5,12 @@ class ApiSessionRecovering::UnprocessableEntity
 
   swagger_schema :UnprocessableEntity do
     property :errors do
+      key :'$ref', :Errors
+    end
+  end
+
+  swagger_schema :Errors do
+    property :error_field do
       key :type, :array
       items do
         key :type, :string

lib/apidocs/unprocessable_entity.rb

@@ -14,13 +14,15 @@
 
   let!(:restore_password) { create :restore_password, user: user }
 
-  let(:path) { '/api/session_recovering/reset_passwords/validate' }
+  let(:path) { '/api/session_recovering/restore_password/validation' }
 
   context 'valid restore token' do
     let(:params) do
       {
-        "token": restore_password.token,
-        "email": restore_password.email
+        restore_password: {
+          token: restore_password.token,
+          email: restore_password.email
+        }
       }
     end
 
@@ -34,7 +36,9 @@
   context 'not valid restore token' do
     let(:params) do
       {
-        "token": '12345678'
+        restore_password: {
+          token: '12345678'
+        }
       }
     end
 

spec/dummy/spec/requests/reset_password_validation_request_spec.rb

@@ -1,9 +1,9 @@
 FactoryBot.define do
   factory :reset_password, class: ApiSessionRecovering::ResetPassword do
-    frontend_path Faker::Internet.url
-    remote_ip     Faker::Internet.ip_v4_address
-    email         Faker::Internet.email
-    token         SecureRandom.urlsafe_base64
-    expire_at     1.day.from_now.utc
+    frontend_path { Faker::Internet.url }
+    remote_ip     { Faker::Internet.ip_v4_address }
+    email         { Faker::Internet.email }
+    token         { SecureRandom.urlsafe_base64 }
+    expire_at     { 1.day.from_now.utc }
   end
 end

spec/factories/reset_password_factory.rb

@@ -2,10 +2,10 @@
   factory :restore_password, class: ApiSessionRecovering::RestorePassword do
     user
 
-    frontend_path Faker::Internet.url
-    remote_ip     Faker::Internet.ip_v4_address
-    email         Faker::Internet.email
-    token         SecureRandom.urlsafe_base64
-    expire_at     1.day.from_now.utc
+    frontend_path { Faker::Internet.url }
+    remote_ip     { Faker::Internet.ip_v4_address }
+    email         { Faker::Internet.email }
+    token         { SecureRandom.urlsafe_base64 }
+    expire_at     { 1.day.from_now.utc }
   end
 end

spec/factories/restore_password_factory.rb

@@ -1,7 +1,6 @@
 FactoryBot.define do
   factory :user, class: ApiSessionRecovering::User do
-    password Faker::Internet.password
-
-    email    Faker::Internet.email
+    password { Faker::Internet.password }
+    email    { Faker::Internet.email }
   end
 end