the reset password token is valid for only 1 hour + use the name of the id/password field for the auth error messages
did
committed Dec 06, 2016
commit aa49f3101bd77163077d5c927bfcaddc418441b9
Showing 2
changed files with
6 additions
and 6 deletions
locomotive/steam/services/auth_service.rb b/lib/locomotive/steam/services/auth_service.rb
+4
-4
| @@ | @@ -4,7 +4,7 @@ module Locomotive |
| class AuthService | |
| MIN_PASSWORD_LENGTH = 6 | |
| - | RESET_TOKEN_LIFETIME = 6 * 3600 # 6 hours in seconds |
| + | RESET_TOKEN_LIFETIME = 1 * 3600 # 6 hours in seconds |
| attr_accessor_initialize :entries, :email_service | |
| @@ | @@ -31,7 +31,7 @@ module Locomotive |
| entry = entries.all(options.type, options.id_field => options.id).first | |
| if entry.nil? | |
| - | :wrong_email |
| + | :"wrong_#{options.id_field}" |
| else | |
| entries.update_decorated_entry(entry, { | |
| '_auth_reset_token' => SecureRandom.hex, | |
| @@ | @@ -43,7 +43,7 @@ module Locomotive |
| send_reset_password_instructions(options, context) | |
| - | :reset_password_instructions_sent |
| + | :"reset_#{options.password_field}_instructions_sent" |
| end | |
| end | |
| @@ | @@ -64,7 +64,7 @@ module Locomotive |
| '_auth_reset_sent_at' => nil | |
| }) | |
| - | return [:password_reset, entry] |
| + | return [:"#{options.password_field}_reset", entry] |
| end | |
| end | |
spec/unit/services/auth_service_spec.rb
+2
-2
| @@ | @@ -97,7 +97,7 @@ describe Locomotive::Steam::AuthService do |
| context 'expired auth token' do | |
| it 'returns :invalid_token' do | |
| - | entry = instance_double('Account', :[] => (Time.zone.now - 7.hours).iso8601) |
| + | entry = instance_double('Account', :[] => (Time.zone.now - 3.hours).iso8601) |
| expect(entries).to receive(:all).with('accounts', { '_auth_reset_token' => '42' }).and_return([entry]) | |
| is_expected.to eq :invalid_token | |
| end | |
| @@ | @@ -107,7 +107,7 @@ describe Locomotive::Steam::AuthService do |
| context 'valid auth token and password' do | |
| it 'returns :password_reset and entry' do | |
| - | entry = instance_double('Account', :[] => (Time.zone.now - 5.hours).iso8601) |
| + | entry = instance_double('Account', :[] => (Time.zone.now - 1.hours).iso8601) |
| expect(entries).to receive(:all).with('accounts', { '_auth_reset_token' => '42' }).and_return([entry]) | |
| expect(BCrypt::Password).to receive(:create).with('easyone').and_return('hashedeasyone') | |
| expect(entries).to receive(:update_decorated_entry).with(entry, { 'password_hash' => 'hashedeasyone', '_auth_reset_token' => nil, '_auth_reset_sent_at' => nil }) | |