Merge remote-tracking branch 'origin/master' into finish-page

This commit is contained in:
SleepWalker 2016-03-14 07:07:00 +02:00
commit 8b1c3a477a
19 changed files with 427 additions and 84 deletions

View File

@ -36,10 +36,16 @@ class AuthenticationController extends Controller {
$model = new LoginForm();
$model->load(Yii::$app->request->post());
if (($jwt = $model->login()) === false) {
return [
$data = [
'success' => false,
'errors' => $this->normalizeModelErrors($model->getErrors()),
];
if (ArrayHelper::getValue($data['errors'], 'login') === 'error.account_not_activated') {
$data['data']['email'] = $model->getAccount()->email;
}
return $data;
}
return [

View File

@ -2,6 +2,7 @@
namespace api\controllers;
use api\models\ConfirmEmailForm;
use api\models\RepeatAccountActivationForm;
use api\models\RegistrationForm;
use Yii;
use yii\filters\AccessControl;
@ -12,13 +13,13 @@ class SignupController extends Controller {
public function behaviors() {
return ArrayHelper::merge(parent::behaviors(), [
'authenticator' => [
'except' => ['index', 'confirm'],
'except' => ['index', 'repeat-message', 'confirm'],
],
'access' => [
'class' => AccessControl::class,
'rules' => [
[
'actions' => ['index', 'confirm'],
'actions' => ['index', 'repeat-message', 'confirm'],
'allow' => true,
'roles' => ['?'],
],
@ -31,6 +32,7 @@ class SignupController extends Controller {
return [
'register' => ['POST'],
'confirm' => ['POST'],
'new-message' => ['POST'],
];
}
@ -49,6 +51,31 @@ class SignupController extends Controller {
];
}
public function actionRepeatMessage() {
$model = new RepeatAccountActivationForm();
$model->load(Yii::$app->request->post());
if (!$model->sendRepeatMessage()) {
$response = [
'success' => false,
'errors' => $this->normalizeModelErrors($model->getErrors()),
];
if ($response['errors']['email'] === 'error.recently_sent_message') {
$activeActivation = $model->getActiveActivation();
$response['data'] = [
'canRepeatIn' => $activeActivation->created_at - time() + RepeatAccountActivationForm::REPEAT_FREQUENCY,
'repeatFrequency' => RepeatAccountActivationForm::REPEAT_FREQUENCY,
];
}
return $response;
}
return [
'success' => true,
];
}
public function actionConfirm() {
$model = new ConfirmEmailForm();
$model->load(Yii::$app->request->post());

View File

@ -0,0 +1,6 @@
<?php
namespace api\exceptions;
class Exception extends \Exception {
}

View File

@ -0,0 +1,11 @@
<?php
namespace api\exceptions;
/**
* Исключение можно использовать для тех кейсов, где вроде указанных исход не продполагается,
* но теоретически может произойти. Целью является отлавливание таких участков и доработка логики,
* если такие ситуации всё же будут иметь место случаться.
*/
class ThisShouldNotHaveHappenedException extends Exception {
}

View File

@ -11,6 +11,7 @@ class BaseKeyConfirmationForm extends BaseApiForm {
public function rules() {
return [
// TODO: нужно провалидировать количество попыток ввода кода для определённого IP адреса и в случае чего запросить капчу
['key', 'required', 'message' => 'error.key_is_required'],
['key', 'validateKey'],
];

View File

@ -68,7 +68,7 @@ class LoginForm extends BaseApiForm {
/**
* @return Account|null
*/
protected function getAccount() {
public function getAccount() {
if ($this->_account === NULL) {
$attribute = strpos($this->login, '@') ? 'email' : 'username';
$this->_account = Account::findOne([$attribute => $this->login]);

View File

@ -82,25 +82,7 @@ class RegistrationForm extends BaseApiForm {
throw new ErrorException('Unable save email-activation model.');
}
/** @var \yii\swiftmailer\Mailer $mailer */
$mailer = Yii::$app->mailer;
/** @var \yii\swiftmailer\Message $message */
$message = $mailer->compose(
[
'html' => '@app/mails/registration-confirmation-html',
'text' => '@app/mails/registration-confirmation-text',
],
[
'key' => $emailActivation->key,
]
)
->setTo([$account->email => $account->username])
->setFrom([Yii::$app->params['fromEmail'] => 'Ely.by Accounts'])
->setSubject('Ely.by Account registration');
if (!$message->send()) {
throw new ErrorException('Unable send email with activation code.');
}
$this->sendMail($emailActivation, $account);
$transaction->commit();
} catch (ErrorException $e) {
@ -111,4 +93,24 @@ class RegistrationForm extends BaseApiForm {
return $account;
}
// TODO: подумать, чтобы вынести этот метод в какую-то отдельную конструкцию, т.к. используется и внутри NewAccountActivationForm
public function sendMail(EmailActivation $emailActivation, Account $account) {
/** @var \yii\swiftmailer\Mailer $mailer */
$mailer = Yii::$app->mailer;
/** @var \yii\swiftmailer\Message $message */
$message = $mailer->compose([
'html' => '@app/mails/registration-confirmation-html',
'text' => '@app/mails/registration-confirmation-text',
], [
'key' => $emailActivation->key,
])
->setTo([$account->email => $account->username])
->setFrom([Yii::$app->params['fromEmail'] => 'Ely.by Accounts'])
->setSubject('Ely.by Account registration');
if (!$message->send()) {
throw new ErrorException('Unable send email with activation code.');
}
}
}

View File

@ -0,0 +1,101 @@
<?php
namespace api\models;
use common\components\UserFriendlyRandomKey;
use common\models\Account;
use common\models\EmailActivation;
use Yii;
use yii\base\ErrorException;
class RepeatAccountActivationForm extends BaseApiForm {
// Частота повтора отправки нового письма
const REPEAT_FREQUENCY = 5 * 60;
public $email;
public function rules() {
return [
['email', 'filter', 'filter' => 'trim'],
['email', 'required', 'message' => 'error.email_required'],
['email', 'validateEmailForAccount'],
['email', 'validateExistsActivation'],
];
}
public function validateEmailForAccount($attribute) {
if (!$this->hasErrors($attribute)) {
$account = $this->getAccount();
if ($account === null) {
$this->addError($attribute, "error.{$attribute}_not_found");
} elseif ($account->status === Account::STATUS_ACTIVE) {
$this->addError($attribute, "error.account_already_activated");
} elseif ($account->status !== Account::STATUS_REGISTERED) {
// TODO: такие аккаунты следует логировать за попытку к саботажу
$this->addError($attribute, "error.account_cannot_resend_message");
}
}
}
public function validateExistsActivation($attribute) {
if (!$this->hasErrors($attribute)) {
if ($this->getActiveActivation() !== null) {
$this->addError($attribute, 'error.recently_sent_message');
}
}
}
public function sendRepeatMessage() {
if (!$this->validate()) {
return false;
}
$account = $this->getAccount();
$transaction = Yii::$app->db->beginTransaction();
try {
EmailActivation::deleteAll([
'account_id' => $account->id,
'type' => EmailActivation::TYPE_REGISTRATION_EMAIL_CONFIRMATION,
]);
$activation = new EmailActivation();
$activation->account_id = $account->id;
$activation->type = EmailActivation::TYPE_REGISTRATION_EMAIL_CONFIRMATION;
$activation->key = UserFriendlyRandomKey::make();
if (!$activation->save()) {
throw new ErrorException('Unable save email-activation model.');
}
$regForm = new RegistrationForm();
$regForm->sendMail($activation, $account);
$transaction->commit();
} catch (ErrorException $e) {
$transaction->rollBack();
throw $e;
}
return true;
}
/**
* @return Account|null
*/
public function getAccount() {
return Account::find()
->andWhere(['email' => $this->email])
->one();
}
/**
* @return EmailActivation|null
*/
public function getActiveActivation() {
return $this->getAccount()
->getEmailActivations()
->andWhere(['type' => EmailActivation::TYPE_REGISTRATION_EMAIL_CONFIRMATION])
->andWhere(['>=', 'created_at', time() - self::REPEAT_FREQUENCY])
->one();
}
}

View File

@ -189,7 +189,7 @@ class Account extends ActiveRecord implements IdentityInterface {
}
public function getEmailActivations() {
return $this->hasMany(EmailActivation::class, ['id' => 'account_id']);
return $this->hasMany(EmailActivation::class, ['account_id' => 'id']);
}
public function getSessions() {
@ -206,9 +206,9 @@ class Account extends ActiveRecord implements IdentityInterface {
* @return bool
*/
public function canAutoApprove(OauthClient $client, array $scopes = []) {
//if ($client->is_trusted) {
// return true;
//}
if ($client->is_trusted) {
return true;
}
/** @var OauthSession|null $session */
$session = $this->getSessions()->andWhere(['client_id' => $client->id])->one();

View File

@ -1,19 +0,0 @@
<?php
namespace tests\codeception\api\_pages;
use yii\codeception\BasePage;
/**
* @property \tests\codeception\api\FunctionalTester $actor
*/
class EmailConfirmRoute extends BasePage {
public $route = ['signup/confirm'];
public function confirm($key = '') {
$this->actor->sendPOST($this->getUrl(), [
'key' => $key,
]);
}
}

View File

@ -1,17 +0,0 @@
<?php
namespace tests\codeception\api\_pages;
use yii\codeception\BasePage;
/**
* @property \tests\codeception\api\FunctionalTester $actor
*/
class RegisterRoute extends BasePage {
public $route = ['signup/index'];
public function send(array $registrationData) {
$this->actor->sendPOST($this->getUrl(), $registrationData);
}
}

View File

@ -0,0 +1,28 @@
<?php
namespace tests\codeception\api\_pages;
use yii\codeception\BasePage;
/**
* @property \tests\codeception\api\FunctionalTester $actor
*/
class SignupRoute extends BasePage {
public function register(array $registrationData) {
$this->route = ['signup/index'];
$this->actor->sendPOST($this->getUrl(), $registrationData);
}
public function sendRepeatMessage($email = '') {
$this->route = ['signup/repeat-message'];
$this->actor->sendPOST($this->getUrl(), ['email' => $email]);
}
public function confirm($key = '') {
$this->route = ['signup/confirm'];
$this->actor->sendPOST($this->getUrl(), [
'key' => $key,
]);
}
}

View File

@ -1,12 +1,12 @@
<?php
namespace tests\codeception\api;
use tests\codeception\api\_pages\EmailConfirmRoute;
use tests\codeception\api\_pages\SignupRoute;
class EmailConfirmationCest {
public function testLoginEmailOrUsername(FunctionalTester $I) {
$route = new EmailConfirmRoute($I);
$route = new SignupRoute($I);
$I->wantTo('see error.key_is_required expected if key is not set');
$route->confirm();
@ -28,7 +28,7 @@ class EmailConfirmationCest {
}
public function testLoginByEmailCorrect(FunctionalTester $I) {
$route = new EmailConfirmRoute($I);
$route = new SignupRoute($I);
$I->wantTo('confirm my email using correct activation key');
$route->confirm('HABGCABHJ1234HBHVD');

View File

@ -43,6 +43,7 @@ class LoginCest {
'login' => 'error.account_not_activated',
],
]);
$I->canSeeResponseJsonMatchesJsonPath('$.data.email');
$I->wantTo('don\'t see errors on login field if username is correct and exists in database');
$route->login('Admin');

View File

@ -3,7 +3,7 @@ namespace tests\codeception\api\functional;
use Codeception\Specify;
use common\models\Account;
use tests\codeception\api\_pages\RegisterRoute;
use tests\codeception\api\_pages\SignupRoute;
use tests\codeception\api\FunctionalTester;
class RegisterCest {
@ -16,10 +16,10 @@ class RegisterCest {
}
public function testIncorrectRegistration(FunctionalTester $I) {
$route = new RegisterRoute($I);
$route = new SignupRoute($I);
$I->wantTo('get error.you_must_accept_rules if we don\'t accept rules');
$route->send([
$route->register([
'username' => 'ErickSkrauch',
'email' => 'erickskrauch@ely.by',
'password' => 'some_password',
@ -33,7 +33,7 @@ class RegisterCest {
]);
$I->wantTo('don\'t see error.you_must_accept_rules if we accept rules');
$route->send([
$route->register([
'rulesAgreement' => true,
]);
$I->cantSeeResponseContainsJson([
@ -43,7 +43,7 @@ class RegisterCest {
]);
$I->wantTo('see error.username_required if username is not set');
$route->send([
$route->register([
'username' => '',
'email' => '',
'password' => '',
@ -58,7 +58,7 @@ class RegisterCest {
]);
$I->wantTo('don\'t see error.username_required if username is not set');
$route->send([
$route->register([
'username' => 'valid_nickname',
'email' => '',
'password' => '',
@ -72,7 +72,7 @@ class RegisterCest {
]);
$I->wantTo('see error.email_required if email is not set');
$route->send([
$route->register([
'username' => 'valid_nickname',
'email' => '',
'password' => '',
@ -87,7 +87,7 @@ class RegisterCest {
]);
$I->wantTo('see error.email_invalid if email is set, but invalid');
$route->send([
$route->register([
'username' => 'valid_nickname',
'email' => 'invalid@email',
'password' => '',
@ -102,7 +102,7 @@ class RegisterCest {
]);
$I->wantTo('see error.email_invalid if email is set, valid, but domain doesn\'t exist or don\'t have mx record');
$route->send([
$route->register([
'username' => 'valid_nickname',
'email' => 'invalid@govnomail.com',
'password' => '',
@ -117,7 +117,7 @@ class RegisterCest {
]);
$I->wantTo('see error.email_not_available if email is set, fully valid, but not available for registration');
$route->send([
$route->register([
'username' => 'valid_nickname',
'email' => 'admin@ely.by',
'password' => '',
@ -132,7 +132,7 @@ class RegisterCest {
]);
$I->wantTo('don\'t see errors on email if all valid');
$route->send([
$route->register([
'username' => 'valid_nickname',
'email' => 'erickskrauch@ely.by',
'password' => '',
@ -142,7 +142,7 @@ class RegisterCest {
$I->cantSeeResponseJsonMatchesJsonPath('$.errors.email');
$I->wantTo('see error.password_required if password is not set');
$route->send([
$route->register([
'username' => 'valid_nickname',
'email' => 'erickskrauch@ely.by',
'password' => '',
@ -157,7 +157,7 @@ class RegisterCest {
]);
$I->wantTo('see error.password_too_short before it will be compared with rePassword');
$route->send([
$route->register([
'username' => 'valid_nickname',
'email' => 'correct-email@ely.by',
'password' => 'short',
@ -173,7 +173,7 @@ class RegisterCest {
$I->cantSeeResponseJsonMatchesJsonPath('$.errors.rePassword');
$I->wantTo('see error.rePassword_required if password valid and rePassword not set');
$route->send([
$route->register([
'username' => 'valid_nickname',
'email' => 'correct-email@ely.by',
'password' => 'valid-password',
@ -188,7 +188,7 @@ class RegisterCest {
]);
$I->wantTo('see error.rePassword_does_not_match if password valid and rePassword donen\'t match it');
$route->send([
$route->register([
'username' => 'valid_nickname',
'email' => 'correct-email@ely.by',
'password' => 'valid-password',
@ -205,10 +205,10 @@ class RegisterCest {
}
public function testUserCorrectRegistration(FunctionalTester $I) {
$route = new RegisterRoute($I);
$route = new SignupRoute($I);
$I->wantTo('ensure that signup works');
$route->send([
$route->register([
'username' => 'some_username',
'email' => 'some_email@example.com',
'password' => 'some_password',

View File

@ -0,0 +1,71 @@
<?php
namespace tests\codeception\api\functional;
use Codeception\Specify;
use tests\codeception\api\_pages\SignupRoute;
use tests\codeception\api\FunctionalTester;
class RepeatAccountActivationCest {
public function testInvalidEmailOrAccountState(FunctionalTester $I) {
$route = new SignupRoute($I);
$I->wantTo('error.email_required on empty for submitting');
$route->sendRepeatMessage();
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'success' => false,
'errors' => [
'email' => 'error.email_required',
],
]);
$I->wantTo('error.email_not_found if email is not presented in db');
$route->sendRepeatMessage('im-not@exists.net');
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'success' => false,
'errors' => [
'email' => 'error.email_not_found',
],
]);
$I->wantTo('error.account_already_activated if passed email matches with already activated account');
$route->sendRepeatMessage('admin@ely.by');
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'success' => false,
'errors' => [
'email' => 'error.account_already_activated',
],
]);
$I->wantTo('error.recently_sent_message if last message was send too recently');
$route->sendRepeatMessage('achristiansen@gmail.com');
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'success' => false,
'errors' => [
'email' => 'error.recently_sent_message',
],
]);
$I->canSeeResponseJsonMatchesJsonPath('$.data.canRepeatIn');
$I->canSeeResponseJsonMatchesJsonPath('$.data.repeatFrequency');
}
public function testSuccess(FunctionalTester $I) {
$route = new SignupRoute($I);
$I->wantTo('successfully resend account activation message');
$route->sendRepeatMessage('jon@ely.by');
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson(['success' => true]);
$I->cantSeeResponseJsonMatchesJsonPath('$.errors');
}
}

View File

@ -0,0 +1,106 @@
<?php
namespace tests\codeception\api\models;
use api\models\RepeatAccountActivationForm;
use Codeception\Specify;
use tests\codeception\api\unit\DbTestCase;
use tests\codeception\common\fixtures\AccountFixture;
use tests\codeception\common\fixtures\EmailActivationFixture;
use Yii;
/**
* @property array $accounts
* @property array $activations
*/
class RepeatAccountActivationFormTest extends DbTestCase {
use Specify;
public function setUp() {
parent::setUp();
/** @var \yii\swiftmailer\Mailer $mailer */
$mailer = Yii::$app->mailer;
$mailer->fileTransportCallback = function () {
return 'testing_message.eml';
};
}
protected function tearDown() {
if (file_exists($this->getMessageFile())) {
unlink($this->getMessageFile());
}
parent::tearDown();
}
public function fixtures() {
return [
'accounts' => [
'class' => AccountFixture::class,
'dataFile' => '@tests/codeception/common/fixtures/data/accounts.php',
],
'activations' => [
'class' => EmailActivationFixture::class,
'dataFile' => '@tests/codeception/common/fixtures/data/email-activations.php',
],
];
}
public function testValidateEmailForAccount() {
$this->specify('error.email_not_found if passed valid email, but it don\'t exists in database', function() {
$model = new RepeatAccountActivationForm(['email' => 'me-is-not@exists.net']);
$model->validateEmailForAccount('email');
expect($model->getErrors('email'))->equals(['error.email_not_found']);
});
$this->specify('error.account_already_activated if passed valid email, but account already activated', function() {
$model = new RepeatAccountActivationForm(['email' => $this->accounts['admin']['email']]);
$model->validateEmailForAccount('email');
expect($model->getErrors('email'))->equals(['error.account_already_activated']);
});
$this->specify('no errors if passed valid email for not activated account', function() {
$model = new RepeatAccountActivationForm(['email' => $this->accounts['not-activated-account']['email']]);
$model->validateEmailForAccount('email');
expect($model->getErrors('email'))->isEmpty();
});
}
public function testValidateExistsActivation() {
$this->specify('error.recently_sent_message if passed email has recently sent message', function() {
$model = new RepeatAccountActivationForm(['email' => $this->accounts['not-activated-account']['email']]);
$model->validateExistsActivation('email');
expect($model->getErrors('email'))->equals(['error.recently_sent_message']);
});
$this->specify('no errors if passed email has expired activation message', function() {
$email = $this->accounts['not-activated-account-with-expired-message']['email'];
$model = new RepeatAccountActivationForm(['email' => $email]);
$model->validateExistsActivation('email');
expect($model->getErrors('email'))->isEmpty();
});
}
public function testSendRepeatMessage() {
$this->specify('no magic if we don\'t pass validation', function() {
$model = new RepeatAccountActivationForm();
expect($model->sendRepeatMessage())->false();
expect_file($this->getMessageFile())->notExists();
});
$this->specify('successfully send new message if previous message has expired', function() {
$email = $this->accounts['not-activated-account-with-expired-message']['email'];
$model = new RepeatAccountActivationForm(['email' => $email]);
expect($model->sendRepeatMessage())->true();
expect($model->getActiveActivation())->notNull();
expect_file($this->getMessageFile())->exists();
});
}
private function getMessageFile() {
/** @var \yii\swiftmailer\Mailer $mailer */
$mailer = Yii::$app->mailer;
return Yii::getAlias($mailer->fileTransportPath) . '/testing_message.eml';
}
}

View File

@ -38,5 +38,18 @@ return [
'status' => \common\models\Account::STATUS_REGISTERED,
'created_at' => 1453146616,
'updated_at' => 1453146616,
]
],
'not-activated-account-with-expired-message' => [
'id' => 4,
'uuid' => '58a7bfdc-ad0f-44c3-9197-759cb9220895',
'username' => 'Jon',
'email' => 'jon@ely.by',
'password_hash' => '$2y$13$2rYkap5T6jG8z/mMK8a3Ou6aZxJcmAaTha6FEuujvHEmybSHRzW5e', # password_0
'password_hash_strategy' => \common\models\Account::PASS_HASH_STRATEGY_YII2,
'password_reset_token' => null,
'auth_key' => '45DsaEQ7U8lU9umIyCWk5iCnpdPvZ8Up',
'status' => \common\models\Account::STATUS_REGISTERED,
'created_at' => 1457890086,
'updated_at' => 1457890086,
],
];

View File

@ -6,4 +6,10 @@ return [
'type' => \common\models\EmailActivation::TYPE_REGISTRATION_EMAIL_CONFIRMATION,
'created_at' => time(),
],
[
'key' => 'H23HBDCHHAG2HGHGHS',
'account_id' => 4,
'type' => \common\models\EmailActivation::TYPE_REGISTRATION_EMAIL_CONFIRMATION,
'created_at' => time() - \api\models\RepeatAccountActivationForm::REPEAT_FREQUENCY - 10,
],
];