Merge branch '274-email-activation-error' into develop

This commit is contained in:
ErickSkrauch 2016-12-23 01:23:51 +03:00
commit 0b85354917
8 changed files with 197 additions and 234 deletions

View File

@ -2,56 +2,53 @@
namespace api\models\authentication;
use api\models\AccountIdentity;
use api\models\base\KeyConfirmationForm;
use api\models\base\ApiForm;
use api\models\profile\ChangeUsernameForm;
use api\validators\EmailActivationKeyValidator;
use common\models\Account;
use common\models\EmailActivation;
use Yii;
use yii\base\ErrorException;
class ConfirmEmailForm extends KeyConfirmationForm {
class ConfirmEmailForm extends ApiForm {
public $key;
public function rules() {
return [
['key', EmailActivationKeyValidator::class, 'type' => EmailActivation::TYPE_REGISTRATION_EMAIL_CONFIRMATION],
];
}
/**
* @return \api\components\User\LoginResult|bool
* @throws ErrorException
*/
public function confirm() {
if (!$this->validate()) {
return false;
}
$confirmModel = $this->getActivationCodeModel();
if ($confirmModel->type !== EmailActivation::TYPE_REGISTRATION_EMAIL_CONFIRMATION) {
$confirmModel->delete();
// TODO: вот где-то здесь нужно ещё попутно сгенерировать соответствующую ошибку
return false;
}
$transaction = Yii::$app->db->beginTransaction();
try {
$account = $confirmModel->account;
$account->status = Account::STATUS_ACTIVE;
if (!$confirmModel->delete()) {
throw new ErrorException('Unable remove activation key.');
}
if (!$account->save()) {
throw new ErrorException('Unable activate user account.');
}
$changeUsernameForm = new ChangeUsernameForm();
$changeUsernameForm->createEventTask($account->id, $account->username, null);
$transaction->commit();
} catch (ErrorException $e) {
$transaction->rollBack();
if (YII_DEBUG) {
throw $e;
} else {
return false;
}
/** @var \common\models\confirmations\RegistrationConfirmation $confirmModel */
$confirmModel = $this->key;
$account = $confirmModel->account;
$account->status = Account::STATUS_ACTIVE;
if (!$confirmModel->delete()) {
throw new ErrorException('Unable remove activation key.');
}
/** @var \api\components\User\Component $component */
$component = Yii::$app->user;
if (!$account->save()) {
throw new ErrorException('Unable activate user account.');
}
return $component->login(new AccountIdentity($account->attributes), true);
$changeUsernameForm = new ChangeUsernameForm();
$changeUsernameForm->createEventTask($account->id, $account->username, null);
$transaction->commit();
return Yii::$app->user->login(new AccountIdentity($account->attributes), true);
}
}

View File

@ -2,26 +2,30 @@
namespace api\models\authentication;
use api\models\AccountIdentity;
use api\models\base\KeyConfirmationForm;
use api\models\base\ApiForm;
use api\validators\EmailActivationKeyValidator;
use common\helpers\Error as E;
use common\models\EmailActivation;
use common\validators\PasswordValidator;
use Yii;
use yii\base\ErrorException;
class RecoverPasswordForm extends KeyConfirmationForm {
class RecoverPasswordForm extends ApiForm {
public $key;
public $newPassword;
public $newRePassword;
public function rules() {
return array_merge(parent::rules(), [
return [
['key', EmailActivationKeyValidator::class, 'type' => EmailActivation::TYPE_FORGOT_PASSWORD_KEY],
['newPassword', 'required', 'message' => E::NEW_PASSWORD_REQUIRED],
['newRePassword', 'required', 'message' => E::NEW_RE_PASSWORD_REQUIRED],
['newPassword', PasswordValidator::class],
['newRePassword', 'validatePasswordAndRePasswordMatch'],
]);
];
}
public function validatePasswordAndRePasswordMatch($attribute) {
@ -32,46 +36,32 @@ class RecoverPasswordForm extends KeyConfirmationForm {
}
}
/**
* @return \api\components\User\LoginResult|bool
* @throws ErrorException
*/
public function recoverPassword() {
if (!$this->validate()) {
return false;
}
$confirmModel = $this->getActivationCodeModel();
if ($confirmModel->type !== EmailActivation::TYPE_FORGOT_PASSWORD_KEY) {
$confirmModel->delete();
// TODO: вот где-то здесь нужно ещё попутно сгенерировать соответствующую ошибку
return false;
}
$transaction = Yii::$app->db->beginTransaction();
try {
$account = $confirmModel->account;
$account->password = $this->newPassword;
if (!$confirmModel->delete()) {
throw new ErrorException('Unable remove activation key.');
}
if (!$account->save(false)) {
throw new ErrorException('Unable activate user account.');
}
$transaction->commit();
} catch (ErrorException $e) {
$transaction->rollBack();
if (YII_DEBUG) {
throw $e;
} else {
return false;
}
/** @var \common\models\confirmations\ForgotPassword $confirmModel */
$confirmModel = $this->key;
$account = $confirmModel->account;
$account->password = $this->newPassword;
if (!$confirmModel->delete()) {
throw new ErrorException('Unable remove activation key.');
}
// TODO: ещё было бы неплохо уведомить пользователя о том, что его пароль изменился
if (!$account->save(false)) {
throw new ErrorException('Unable activate user account.');
}
/** @var \api\components\User\Component $component */
$component = Yii::$app->user;
$transaction->commit();
return $component->login(new AccountIdentity($account->attributes), false);
return Yii::$app->user->login(new AccountIdentity($account->attributes), false);
}
}

View File

@ -1,33 +0,0 @@
<?php
namespace api\models\base;
use common\helpers\Error as E;
use api\validators\EmailActivationKeyValidator;
use common\models\EmailActivation;
class KeyConfirmationForm extends ApiForm {
public $key;
private $model;
public function rules() {
return [
// TODO: нужно провалидировать количество попыток ввода кода для определённого IP адреса и в случае чего запросить капчу
['key', 'required', 'message' => E::KEY_REQUIRED],
['key', EmailActivationKeyValidator::class],
];
}
/**
* @return EmailActivation|null
*/
public function getActivationCodeModel() {
if ($this->model === null) {
$this->model = EmailActivation::findOne($this->key);
}
return $this->model;
}
}

View File

@ -1,60 +1,60 @@
<?php
namespace api\models\profile\ChangeEmail;
use api\models\base\KeyConfirmationForm;
use api\models\base\ApiForm;
use api\validators\EmailActivationKeyValidator;
use common\helpers\Amqp;
use common\models\Account;
use common\models\amqp\EmailChanged;
use Exception;
use common\models\EmailActivation;
use PhpAmqpLib\Message\AMQPMessage;
use Yii;
use yii\base\ErrorException;
class ConfirmNewEmailForm extends KeyConfirmationForm {
class ConfirmNewEmailForm extends ApiForm {
public $key;
/**
* @var Account
*/
private $account;
public function __construct(Account $account, array $config = []) {
$this->account = $account;
parent::__construct($config);
public function rules() {
return [
['key', EmailActivationKeyValidator::class, 'type' => EmailActivation::TYPE_NEW_EMAIL_CONFIRMATION],
];
}
/**
* @return Account
*/
public function getAccount() : Account {
public function getAccount(): Account {
return $this->account;
}
public function changeEmail() : bool {
public function changeEmail(): bool {
if (!$this->validate()) {
return false;
}
$transaction = Yii::$app->db->beginTransaction();
try {
/** @var \common\models\confirmations\NewEmailConfirmation $activation */
$activation = $this->getActivationCodeModel();
$activation->delete();
$account = $this->getAccount();
$oldEmail = $account->email;
$account->email = $activation->newEmail;
if (!$account->save()) {
throw new ErrorException('Cannot save new account email value');
}
/** @var \common\models\confirmations\NewEmailConfirmation $activation */
$activation = $this->key;
$activation->delete();
$this->createTask($account->id, $account->email, $oldEmail);
$transaction->commit();
} catch (Exception $e) {
$transaction->rollBack();
throw $e;
$account = $this->getAccount();
$oldEmail = $account->email;
$account->email = $activation->newEmail;
if (!$account->save()) {
throw new ErrorException('Cannot save new account email value');
}
$this->createTask($account->id, $account->email, $oldEmail);
$transaction->commit();
return true;
}
@ -77,4 +77,9 @@ class ConfirmNewEmailForm extends KeyConfirmationForm {
Amqp::sendToEventsExchange('accounts.email-changed', $message);
}
public function __construct(Account $account, array $config = []) {
$this->account = $account;
parent::__construct($config);
}
}

View File

@ -1,17 +1,19 @@
<?php
namespace api\models\profile\ChangeEmail;
use api\models\base\KeyConfirmationForm;
use api\models\base\ApiForm;
use api\validators\EmailActivationKeyValidator;
use common\models\Account;
use common\models\confirmations\NewEmailConfirmation;
use common\models\EmailActivation;
use common\validators\EmailValidator;
use Yii;
use yii\base\ErrorException;
use yii\base\Exception;
use yii\base\InvalidConfigException;
class NewEmailForm extends KeyConfirmationForm {
class NewEmailForm extends ApiForm {
public $key;
public $email;
@ -20,39 +22,32 @@ class NewEmailForm extends KeyConfirmationForm {
*/
private $account;
public function __construct(Account $account, array $config = []) {
$this->account = $account;
parent::__construct($config);
}
public function rules() {
return array_merge(parent::rules(), [
return [
['key', EmailActivationKeyValidator::class, 'type' => EmailActivation::TYPE_CURRENT_EMAIL_CONFIRMATION],
['email', EmailValidator::class],
]);
];
}
public function getAccount() : Account {
public function getAccount(): Account {
return $this->account;
}
public function sendNewEmailConfirmation() {
public function sendNewEmailConfirmation(): bool {
if (!$this->validate()) {
return false;
}
$transaction = Yii::$app->db->beginTransaction();
try {
$previousActivation = $this->getActivationCodeModel();
$previousActivation->delete();
$activation = $this->createCode();
$this->sendCode($activation);
/** @var \common\models\confirmations\CurrentEmailConfirmation $previousActivation */
$previousActivation = $this->key;
$previousActivation->delete();
$transaction->commit();
} catch (Exception $e) {
$transaction->rollBack();
throw $e;
}
$activation = $this->createCode();
$this->sendCode($activation);
$transaction->commit();
return true;
}
@ -98,4 +93,9 @@ class NewEmailForm extends KeyConfirmationForm {
}
}
public function __construct(Account $account, array $config = []) {
$this->account = $account;
parent::__construct($config);
}
}

View File

@ -5,30 +5,54 @@ use common\helpers\Error as E;
use common\models\EmailActivation;
use yii\validators\Validator;
/**
* Валидатор для проверки полученного от пользователя кода активации.
* В случае успешной валидации подменяет значение поля на актуальную модель
*/
class EmailActivationKeyValidator extends Validator {
/**
* @var int тип ключа. Если не указан, то валидирует по всем ключам.
*/
public $type;
public $keyRequired = E::KEY_REQUIRED;
public $notExist = E::KEY_NOT_EXISTS;
public $expired = E::KEY_EXPIRE;
public function validateValue($value) {
if (($model = $this->findEmailActivationModel($value)) === null) {
return [$this->notExist, []];
public $skipOnEmpty = false;
public function validateAttribute($model, $attribute) {
$value = $model->$attribute;
if (empty($value)) {
$this->addError($model, $attribute, $this->keyRequired);
return;
}
if ($model->isExpired()) {
return [$this->expired, []];
$activation = $this->findEmailActivationModel($value, $this->type);
if ($activation === null) {
$this->addError($model, $attribute, $this->notExist);
return;
}
return null;
if ($activation->isExpired()) {
$this->addError($model, $attribute, $this->expired);
return;
}
$model->$attribute = $activation;
}
/**
* @param string $key
* @return null|EmailActivation
*/
protected function findEmailActivationModel($key) {
return EmailActivation::findOne($key);
protected function findEmailActivationModel(string $key, int $type = null): ?EmailActivation {
$query = EmailActivation::find();
$query->andWhere(['key' => $key]);
if ($type !== null) {
$query->andWhere(['type' => $type]);
}
return $query->one();
}
}

View File

@ -1,29 +0,0 @@
<?php
namespace tests\codeception\api\models\base;
use api\models\base\KeyConfirmationForm;
use Codeception\Specify;
use common\models\EmailActivation;
use tests\codeception\api\unit\TestCase;
use tests\codeception\common\fixtures\EmailActivationFixture;
class KeyConfirmationFormTest extends TestCase {
use Specify;
public function _fixtures() {
return [
'emailActivations' => EmailActivationFixture::class,
];
}
public function testGetActivationCodeModel() {
$model = new KeyConfirmationForm();
$model->key = $this->tester->grabFixture('emailActivations', 'freshRegistrationConfirmation')['key'];
$this->assertInstanceOf(EmailActivation::class, $model->getActivationCodeModel());
$model = new KeyConfirmationForm();
$model->key = 'this-is-invalid-key';
$this->assertNull($model->getActivationCodeModel());
}
}

View File

@ -3,71 +3,80 @@ namespace codeception\api\unit\validators;
use api\validators\EmailActivationKeyValidator;
use Codeception\Specify;
use common\helpers\Error as E;
use common\models\confirmations\ForgotPassword;
use common\models\EmailActivation;
use tests\codeception\api\unit\TestCase;
use tests\codeception\common\_support\ProtectedCaller;
use tests\codeception\common\fixtures\EmailActivationFixture;
use yii\base\Model;
class EmailActivationKeyValidatorTest extends TestCase {
use Specify;
use ProtectedCaller;
public function _fixtures() {
return [
'emailActivations' => EmailActivationFixture::class,
];
public function testValidateAttribute() {
/** @var Model $model */
$model = new class extends Model {
public $key;
};
/** @var EmailActivationKeyValidator|\PHPUnit_Framework_MockObject_MockObject $validator */
$validator = $this->getMockBuilder(EmailActivationKeyValidator::class)
->setMethods(['findEmailActivationModel'])
->getMock();
$expiredActivation = new ForgotPassword();
$expiredActivation->created_at = time() - $expiredActivation->expirationTimeout - 10;
$validActivation = new EmailActivation();
$validator->expects($this->exactly(3))
->method('findEmailActivationModel')
->willReturnOnConsecutiveCalls(null, $expiredActivation, $validActivation);
$validator->validateAttribute($model, 'key');
$this->assertEquals([E::KEY_REQUIRED], $model->getErrors('key'));
$this->assertNull($model->key);
$model->clearErrors();
$model->key = 'original value';
$validator->validateAttribute($model, 'key');
$this->assertEquals([E::KEY_NOT_EXISTS], $model->getErrors('key'));
$this->assertEquals('original value', $model->key);
$model->clearErrors();
$validator->validateAttribute($model, 'key');
$this->assertEquals([E::KEY_EXPIRE], $model->getErrors('key'));
$this->assertEquals('original value', $model->key);
$model->clearErrors();
$validator->validateAttribute($model, 'key');
$this->assertEmpty($model->getErrors('key'));
$this->assertEquals($validActivation, $model->key);
}
public function testFindEmailActivationModel() {
$this->specify('get EmailActivation model for exists key', function() {
$key = $this->tester->grabFixture('emailActivations', 'freshRegistrationConfirmation')['key'];
$model = new EmailActivationKeyValidator();
/** @var EmailActivation $result */
$result = $this->callProtected($model, 'findEmailActivationModel', $key);
expect($result)->isInstanceOf(EmailActivation::class);
expect($result->key)->equals($key);
});
$this->tester->haveFixtures(['emailActivations' => EmailActivationFixture::class]);
$this->specify('get null model for exists key', function() {
$model = new EmailActivationKeyValidator();
expect($this->callProtected($model, 'findEmailActivationModel', 'invalid-key'))->null();
});
}
$key = $this->tester->grabFixture('emailActivations', 'freshRegistrationConfirmation')['key'];
$model = new EmailActivationKeyValidator();
/** @var EmailActivation $result */
$result = $this->callProtected($model, 'findEmailActivationModel', $key);
$this->assertInstanceOf(EmailActivation::class, $result, 'valid key without specifying type must return model');
$this->assertEquals($key, $result->key);
public function testValidateValue() {
$this->specify('get error.key_not_exists with validation wrong key', function () {
/** @var EmailActivationKeyValidator $model */
$model = new class extends EmailActivationKeyValidator {
public function findEmailActivationModel($key) {
return null;
}
};
expect($this->callProtected($model, 'validateValue', null))->equals([$model->notExist, []]);
});
/** @var EmailActivation $result */
$result = $this->callProtected($model, 'findEmailActivationModel', $key, 0);
$this->assertInstanceOf(EmailActivation::class, $result, 'valid key with valid type must return model');
$this->specify('get error.key_expire if we use old key', function () {
/** @var EmailActivationKeyValidator $model */
$model = new class extends EmailActivationKeyValidator {
public function findEmailActivationModel($key) {
$codeModel = new ForgotPassword();
$codeModel->created_at = time() - $codeModel->expirationTimeout - 10;
/** @var EmailActivation $result */
$result = $this->callProtected($model, 'findEmailActivationModel', $key, 1);
$this->assertNull($result, 'valid key, but invalid type must return null');
return $codeModel;
}
};
expect($this->callProtected($model, 'validateValue', null))->equals([$model->expired, []]);
});
$this->specify('no errors, if model exists and not expired', function () {
/** @var EmailActivationKeyValidator $model */
$model = new class extends EmailActivationKeyValidator {
public function findEmailActivationModel($key) {
return new EmailActivation();
}
};
expect($this->callProtected($model, 'validateValue', null))->null();
});
$model = new EmailActivationKeyValidator();
$result = $this->callProtected($model, 'findEmailActivationModel', 'invalid-key');
$this->assertNull($result, 'invalid key must return null');
}
}