Merge branch '274-email-activation-error' into develop

This commit is contained in:
ErickSkrauch 2016-12-23 01:23:51 +03:00
commit 0b85354917
8 changed files with 197 additions and 234 deletions

View File

@ -2,29 +2,37 @@
namespace api\models\authentication; namespace api\models\authentication;
use api\models\AccountIdentity; use api\models\AccountIdentity;
use api\models\base\KeyConfirmationForm; use api\models\base\ApiForm;
use api\models\profile\ChangeUsernameForm; use api\models\profile\ChangeUsernameForm;
use api\validators\EmailActivationKeyValidator;
use common\models\Account; use common\models\Account;
use common\models\EmailActivation; use common\models\EmailActivation;
use Yii; use Yii;
use yii\base\ErrorException; use yii\base\ErrorException;
class ConfirmEmailForm extends KeyConfirmationForm { class ConfirmEmailForm extends ApiForm {
public $key;
public function rules() {
return [
['key', EmailActivationKeyValidator::class, 'type' => EmailActivation::TYPE_REGISTRATION_EMAIL_CONFIRMATION],
];
}
/**
* @return \api\components\User\LoginResult|bool
* @throws ErrorException
*/
public function confirm() { public function confirm() {
if (!$this->validate()) { if (!$this->validate()) {
return false; return false;
} }
$confirmModel = $this->getActivationCodeModel();
if ($confirmModel->type !== EmailActivation::TYPE_REGISTRATION_EMAIL_CONFIRMATION) {
$confirmModel->delete();
// TODO: вот где-то здесь нужно ещё попутно сгенерировать соответствующую ошибку
return false;
}
$transaction = Yii::$app->db->beginTransaction(); $transaction = Yii::$app->db->beginTransaction();
try {
/** @var \common\models\confirmations\RegistrationConfirmation $confirmModel */
$confirmModel = $this->key;
$account = $confirmModel->account; $account = $confirmModel->account;
$account->status = Account::STATUS_ACTIVE; $account->status = Account::STATUS_ACTIVE;
if (!$confirmModel->delete()) { if (!$confirmModel->delete()) {
@ -39,19 +47,8 @@ class ConfirmEmailForm extends KeyConfirmationForm {
$changeUsernameForm->createEventTask($account->id, $account->username, null); $changeUsernameForm->createEventTask($account->id, $account->username, null);
$transaction->commit(); $transaction->commit();
} catch (ErrorException $e) {
$transaction->rollBack();
if (YII_DEBUG) {
throw $e;
} else {
return false;
}
}
/** @var \api\components\User\Component $component */ return Yii::$app->user->login(new AccountIdentity($account->attributes), true);
$component = Yii::$app->user;
return $component->login(new AccountIdentity($account->attributes), true);
} }
} }

View File

@ -2,26 +2,30 @@
namespace api\models\authentication; namespace api\models\authentication;
use api\models\AccountIdentity; use api\models\AccountIdentity;
use api\models\base\KeyConfirmationForm; use api\models\base\ApiForm;
use api\validators\EmailActivationKeyValidator;
use common\helpers\Error as E; use common\helpers\Error as E;
use common\models\EmailActivation; use common\models\EmailActivation;
use common\validators\PasswordValidator; use common\validators\PasswordValidator;
use Yii; use Yii;
use yii\base\ErrorException; use yii\base\ErrorException;
class RecoverPasswordForm extends KeyConfirmationForm { class RecoverPasswordForm extends ApiForm {
public $key;
public $newPassword; public $newPassword;
public $newRePassword; public $newRePassword;
public function rules() { public function rules() {
return array_merge(parent::rules(), [ return [
['key', EmailActivationKeyValidator::class, 'type' => EmailActivation::TYPE_FORGOT_PASSWORD_KEY],
['newPassword', 'required', 'message' => E::NEW_PASSWORD_REQUIRED], ['newPassword', 'required', 'message' => E::NEW_PASSWORD_REQUIRED],
['newRePassword', 'required', 'message' => E::NEW_RE_PASSWORD_REQUIRED], ['newRePassword', 'required', 'message' => E::NEW_RE_PASSWORD_REQUIRED],
['newPassword', PasswordValidator::class], ['newPassword', PasswordValidator::class],
['newRePassword', 'validatePasswordAndRePasswordMatch'], ['newRePassword', 'validatePasswordAndRePasswordMatch'],
]); ];
} }
public function validatePasswordAndRePasswordMatch($attribute) { public function validatePasswordAndRePasswordMatch($attribute) {
@ -32,20 +36,19 @@ class RecoverPasswordForm extends KeyConfirmationForm {
} }
} }
/**
* @return \api\components\User\LoginResult|bool
* @throws ErrorException
*/
public function recoverPassword() { public function recoverPassword() {
if (!$this->validate()) { if (!$this->validate()) {
return false; return false;
} }
$confirmModel = $this->getActivationCodeModel();
if ($confirmModel->type !== EmailActivation::TYPE_FORGOT_PASSWORD_KEY) {
$confirmModel->delete();
// TODO: вот где-то здесь нужно ещё попутно сгенерировать соответствующую ошибку
return false;
}
$transaction = Yii::$app->db->beginTransaction(); $transaction = Yii::$app->db->beginTransaction();
try {
/** @var \common\models\confirmations\ForgotPassword $confirmModel */
$confirmModel = $this->key;
$account = $confirmModel->account; $account = $confirmModel->account;
$account->password = $this->newPassword; $account->password = $this->newPassword;
if (!$confirmModel->delete()) { if (!$confirmModel->delete()) {
@ -57,21 +60,8 @@ class RecoverPasswordForm extends KeyConfirmationForm {
} }
$transaction->commit(); $transaction->commit();
} catch (ErrorException $e) {
$transaction->rollBack();
if (YII_DEBUG) {
throw $e;
} else {
return false;
}
}
// TODO: ещё было бы неплохо уведомить пользователя о том, что его пароль изменился return Yii::$app->user->login(new AccountIdentity($account->attributes), false);
/** @var \api\components\User\Component $component */
$component = Yii::$app->user;
return $component->login(new AccountIdentity($account->attributes), false);
} }
} }

View File

@ -1,33 +0,0 @@
<?php
namespace api\models\base;
use common\helpers\Error as E;
use api\validators\EmailActivationKeyValidator;
use common\models\EmailActivation;
class KeyConfirmationForm extends ApiForm {
public $key;
private $model;
public function rules() {
return [
// TODO: нужно провалидировать количество попыток ввода кода для определённого IP адреса и в случае чего запросить капчу
['key', 'required', 'message' => E::KEY_REQUIRED],
['key', EmailActivationKeyValidator::class],
];
}
/**
* @return EmailActivation|null
*/
public function getActivationCodeModel() {
if ($this->model === null) {
$this->model = EmailActivation::findOne($this->key);
}
return $this->model;
}
}

View File

@ -1,43 +1,47 @@
<?php <?php
namespace api\models\profile\ChangeEmail; namespace api\models\profile\ChangeEmail;
use api\models\base\KeyConfirmationForm; use api\models\base\ApiForm;
use api\validators\EmailActivationKeyValidator;
use common\helpers\Amqp; use common\helpers\Amqp;
use common\models\Account; use common\models\Account;
use common\models\amqp\EmailChanged; use common\models\amqp\EmailChanged;
use Exception; use common\models\EmailActivation;
use PhpAmqpLib\Message\AMQPMessage; use PhpAmqpLib\Message\AMQPMessage;
use Yii; use Yii;
use yii\base\ErrorException; use yii\base\ErrorException;
class ConfirmNewEmailForm extends KeyConfirmationForm { class ConfirmNewEmailForm extends ApiForm {
public $key;
/** /**
* @var Account * @var Account
*/ */
private $account; private $account;
public function __construct(Account $account, array $config = []) { public function rules() {
$this->account = $account; return [
parent::__construct($config); ['key', EmailActivationKeyValidator::class, 'type' => EmailActivation::TYPE_NEW_EMAIL_CONFIRMATION],
];
} }
/** /**
* @return Account * @return Account
*/ */
public function getAccount() : Account { public function getAccount(): Account {
return $this->account; return $this->account;
} }
public function changeEmail() : bool { public function changeEmail(): bool {
if (!$this->validate()) { if (!$this->validate()) {
return false; return false;
} }
$transaction = Yii::$app->db->beginTransaction(); $transaction = Yii::$app->db->beginTransaction();
try {
/** @var \common\models\confirmations\NewEmailConfirmation $activation */ /** @var \common\models\confirmations\NewEmailConfirmation $activation */
$activation = $this->getActivationCodeModel(); $activation = $this->key;
$activation->delete(); $activation->delete();
$account = $this->getAccount(); $account = $this->getAccount();
@ -50,10 +54,6 @@ class ConfirmNewEmailForm extends KeyConfirmationForm {
$this->createTask($account->id, $account->email, $oldEmail); $this->createTask($account->id, $account->email, $oldEmail);
$transaction->commit(); $transaction->commit();
} catch (Exception $e) {
$transaction->rollBack();
throw $e;
}
return true; return true;
} }
@ -77,4 +77,9 @@ class ConfirmNewEmailForm extends KeyConfirmationForm {
Amqp::sendToEventsExchange('accounts.email-changed', $message); Amqp::sendToEventsExchange('accounts.email-changed', $message);
} }
public function __construct(Account $account, array $config = []) {
$this->account = $account;
parent::__construct($config);
}
} }

View File

@ -1,17 +1,19 @@
<?php <?php
namespace api\models\profile\ChangeEmail; namespace api\models\profile\ChangeEmail;
use api\models\base\KeyConfirmationForm; use api\models\base\ApiForm;
use api\validators\EmailActivationKeyValidator;
use common\models\Account; use common\models\Account;
use common\models\confirmations\NewEmailConfirmation; use common\models\confirmations\NewEmailConfirmation;
use common\models\EmailActivation; use common\models\EmailActivation;
use common\validators\EmailValidator; use common\validators\EmailValidator;
use Yii; use Yii;
use yii\base\ErrorException; use yii\base\ErrorException;
use yii\base\Exception;
use yii\base\InvalidConfigException; use yii\base\InvalidConfigException;
class NewEmailForm extends KeyConfirmationForm { class NewEmailForm extends ApiForm {
public $key;
public $email; public $email;
@ -20,39 +22,32 @@ class NewEmailForm extends KeyConfirmationForm {
*/ */
private $account; private $account;
public function __construct(Account $account, array $config = []) {
$this->account = $account;
parent::__construct($config);
}
public function rules() { public function rules() {
return array_merge(parent::rules(), [ return [
['key', EmailActivationKeyValidator::class, 'type' => EmailActivation::TYPE_CURRENT_EMAIL_CONFIRMATION],
['email', EmailValidator::class], ['email', EmailValidator::class],
]); ];
} }
public function getAccount() : Account { public function getAccount(): Account {
return $this->account; return $this->account;
} }
public function sendNewEmailConfirmation() { public function sendNewEmailConfirmation(): bool {
if (!$this->validate()) { if (!$this->validate()) {
return false; return false;
} }
$transaction = Yii::$app->db->beginTransaction(); $transaction = Yii::$app->db->beginTransaction();
try {
$previousActivation = $this->getActivationCodeModel(); /** @var \common\models\confirmations\CurrentEmailConfirmation $previousActivation */
$previousActivation = $this->key;
$previousActivation->delete(); $previousActivation->delete();
$activation = $this->createCode(); $activation = $this->createCode();
$this->sendCode($activation); $this->sendCode($activation);
$transaction->commit(); $transaction->commit();
} catch (Exception $e) {
$transaction->rollBack();
throw $e;
}
return true; return true;
} }
@ -98,4 +93,9 @@ class NewEmailForm extends KeyConfirmationForm {
} }
} }
public function __construct(Account $account, array $config = []) {
$this->account = $account;
parent::__construct($config);
}
} }

View File

@ -5,30 +5,54 @@ use common\helpers\Error as E;
use common\models\EmailActivation; use common\models\EmailActivation;
use yii\validators\Validator; use yii\validators\Validator;
/**
* Валидатор для проверки полученного от пользователя кода активации.
* В случае успешной валидации подменяет значение поля на актуальную модель
*/
class EmailActivationKeyValidator extends Validator { class EmailActivationKeyValidator extends Validator {
/**
* @var int тип ключа. Если не указан, то валидирует по всем ключам.
*/
public $type;
public $keyRequired = E::KEY_REQUIRED;
public $notExist = E::KEY_NOT_EXISTS; public $notExist = E::KEY_NOT_EXISTS;
public $expired = E::KEY_EXPIRE; public $expired = E::KEY_EXPIRE;
public function validateValue($value) { public $skipOnEmpty = false;
if (($model = $this->findEmailActivationModel($value)) === null) {
return [$this->notExist, []]; public function validateAttribute($model, $attribute) {
$value = $model->$attribute;
if (empty($value)) {
$this->addError($model, $attribute, $this->keyRequired);
return;
} }
if ($model->isExpired()) { $activation = $this->findEmailActivationModel($value, $this->type);
return [$this->expired, []]; if ($activation === null) {
$this->addError($model, $attribute, $this->notExist);
return;
} }
return null; if ($activation->isExpired()) {
$this->addError($model, $attribute, $this->expired);
return;
} }
/** $model->$attribute = $activation;
* @param string $key }
* @return null|EmailActivation
*/ protected function findEmailActivationModel(string $key, int $type = null): ?EmailActivation {
protected function findEmailActivationModel($key) { $query = EmailActivation::find();
return EmailActivation::findOne($key); $query->andWhere(['key' => $key]);
if ($type !== null) {
$query->andWhere(['type' => $type]);
}
return $query->one();
} }
} }

View File

@ -1,29 +0,0 @@
<?php
namespace tests\codeception\api\models\base;
use api\models\base\KeyConfirmationForm;
use Codeception\Specify;
use common\models\EmailActivation;
use tests\codeception\api\unit\TestCase;
use tests\codeception\common\fixtures\EmailActivationFixture;
class KeyConfirmationFormTest extends TestCase {
use Specify;
public function _fixtures() {
return [
'emailActivations' => EmailActivationFixture::class,
];
}
public function testGetActivationCodeModel() {
$model = new KeyConfirmationForm();
$model->key = $this->tester->grabFixture('emailActivations', 'freshRegistrationConfirmation')['key'];
$this->assertInstanceOf(EmailActivation::class, $model->getActivationCodeModel());
$model = new KeyConfirmationForm();
$model->key = 'this-is-invalid-key';
$this->assertNull($model->getActivationCodeModel());
}
}

View File

@ -3,71 +3,80 @@ namespace codeception\api\unit\validators;
use api\validators\EmailActivationKeyValidator; use api\validators\EmailActivationKeyValidator;
use Codeception\Specify; use Codeception\Specify;
use common\helpers\Error as E;
use common\models\confirmations\ForgotPassword; use common\models\confirmations\ForgotPassword;
use common\models\EmailActivation; use common\models\EmailActivation;
use tests\codeception\api\unit\TestCase; use tests\codeception\api\unit\TestCase;
use tests\codeception\common\_support\ProtectedCaller; use tests\codeception\common\_support\ProtectedCaller;
use tests\codeception\common\fixtures\EmailActivationFixture; use tests\codeception\common\fixtures\EmailActivationFixture;
use yii\base\Model;
class EmailActivationKeyValidatorTest extends TestCase { class EmailActivationKeyValidatorTest extends TestCase {
use Specify; use Specify;
use ProtectedCaller; use ProtectedCaller;
public function _fixtures() { public function testValidateAttribute() {
return [ /** @var Model $model */
'emailActivations' => EmailActivationFixture::class, $model = new class extends Model {
]; public $key;
};
/** @var EmailActivationKeyValidator|\PHPUnit_Framework_MockObject_MockObject $validator */
$validator = $this->getMockBuilder(EmailActivationKeyValidator::class)
->setMethods(['findEmailActivationModel'])
->getMock();
$expiredActivation = new ForgotPassword();
$expiredActivation->created_at = time() - $expiredActivation->expirationTimeout - 10;
$validActivation = new EmailActivation();
$validator->expects($this->exactly(3))
->method('findEmailActivationModel')
->willReturnOnConsecutiveCalls(null, $expiredActivation, $validActivation);
$validator->validateAttribute($model, 'key');
$this->assertEquals([E::KEY_REQUIRED], $model->getErrors('key'));
$this->assertNull($model->key);
$model->clearErrors();
$model->key = 'original value';
$validator->validateAttribute($model, 'key');
$this->assertEquals([E::KEY_NOT_EXISTS], $model->getErrors('key'));
$this->assertEquals('original value', $model->key);
$model->clearErrors();
$validator->validateAttribute($model, 'key');
$this->assertEquals([E::KEY_EXPIRE], $model->getErrors('key'));
$this->assertEquals('original value', $model->key);
$model->clearErrors();
$validator->validateAttribute($model, 'key');
$this->assertEmpty($model->getErrors('key'));
$this->assertEquals($validActivation, $model->key);
} }
public function testFindEmailActivationModel() { public function testFindEmailActivationModel() {
$this->specify('get EmailActivation model for exists key', function() { $this->tester->haveFixtures(['emailActivations' => EmailActivationFixture::class]);
$key = $this->tester->grabFixture('emailActivations', 'freshRegistrationConfirmation')['key']; $key = $this->tester->grabFixture('emailActivations', 'freshRegistrationConfirmation')['key'];
$model = new EmailActivationKeyValidator(); $model = new EmailActivationKeyValidator();
/** @var EmailActivation $result */ /** @var EmailActivation $result */
$result = $this->callProtected($model, 'findEmailActivationModel', $key); $result = $this->callProtected($model, 'findEmailActivationModel', $key);
expect($result)->isInstanceOf(EmailActivation::class); $this->assertInstanceOf(EmailActivation::class, $result, 'valid key without specifying type must return model');
expect($result->key)->equals($key); $this->assertEquals($key, $result->key);
});
/** @var EmailActivation $result */
$result = $this->callProtected($model, 'findEmailActivationModel', $key, 0);
$this->assertInstanceOf(EmailActivation::class, $result, 'valid key with valid type must return model');
/** @var EmailActivation $result */
$result = $this->callProtected($model, 'findEmailActivationModel', $key, 1);
$this->assertNull($result, 'valid key, but invalid type must return null');
$this->specify('get null model for exists key', function() {
$model = new EmailActivationKeyValidator(); $model = new EmailActivationKeyValidator();
expect($this->callProtected($model, 'findEmailActivationModel', 'invalid-key'))->null(); $result = $this->callProtected($model, 'findEmailActivationModel', 'invalid-key');
}); $this->assertNull($result, 'invalid key must return null');
}
public function testValidateValue() {
$this->specify('get error.key_not_exists with validation wrong key', function () {
/** @var EmailActivationKeyValidator $model */
$model = new class extends EmailActivationKeyValidator {
public function findEmailActivationModel($key) {
return null;
}
};
expect($this->callProtected($model, 'validateValue', null))->equals([$model->notExist, []]);
});
$this->specify('get error.key_expire if we use old key', function () {
/** @var EmailActivationKeyValidator $model */
$model = new class extends EmailActivationKeyValidator {
public function findEmailActivationModel($key) {
$codeModel = new ForgotPassword();
$codeModel->created_at = time() - $codeModel->expirationTimeout - 10;
return $codeModel;
}
};
expect($this->callProtected($model, 'validateValue', null))->equals([$model->expired, []]);
});
$this->specify('no errors, if model exists and not expired', function () {
/** @var EmailActivationKeyValidator $model */
$model = new class extends EmailActivationKeyValidator {
public function findEmailActivationModel($key) {
return new EmailActivation();
}
};
expect($this->callProtected($model, 'validateValue', null))->null();
});
} }
} }