Require password confirmation when reseting account
parent
a363d4914c
commit
2cc0bd50e5
|
@ -1,6 +1,15 @@
|
|||
module Devices
|
||||
class Reset < Mutations::Command
|
||||
required { model :device }
|
||||
include Users::PasswordHelpers
|
||||
|
||||
required do
|
||||
model :device
|
||||
string :password
|
||||
end
|
||||
|
||||
def validate
|
||||
confirm_password(user, password)
|
||||
end
|
||||
|
||||
def execute
|
||||
Device::SINGULAR_RESOURCES.keys.map do |resource|
|
||||
|
@ -13,5 +22,11 @@ module Devices
|
|||
|
||||
{ ok: "OK" }
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def user
|
||||
@user ||= User.find_by!(device: device)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
module Users
|
||||
class Destroy < Mutations::Command
|
||||
BAD_PASSWORD = "Password does not match"
|
||||
include Users::PasswordHelpers
|
||||
|
||||
required do
|
||||
model :user, class: User
|
||||
|
@ -8,18 +8,11 @@ module Users
|
|||
end
|
||||
|
||||
def validate
|
||||
confirm_password
|
||||
confirm_password(user, password)
|
||||
end
|
||||
|
||||
def execute
|
||||
user.delay.destroy!
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def confirm_password
|
||||
invalid = !user.valid_password?(password)
|
||||
add_error :password, :*, BAD_PASSWORD if invalid
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
module Users
|
||||
module PasswordHelpers
|
||||
BAD_PASSWORD = "Password does not match"
|
||||
|
||||
def confirm_password(user, password)
|
||||
invalid = !user.valid_password?(password)
|
||||
add_error :password, :*, BAD_PASSWORD if invalid
|
||||
end
|
||||
end
|
||||
end
|
|
@ -4,7 +4,8 @@ describe Api::DevicesController do
|
|||
include Devise::Test::ControllerHelpers
|
||||
|
||||
describe "#destroy" do
|
||||
let(:user) { FactoryBot.create(:user) }
|
||||
let(:password) { "password456" }
|
||||
let(:user) { FactoryBot.create(:user, password: password, password_confirmation: password) }
|
||||
|
||||
resources = %w(alert sensor peripheral log pin_binding generic_pointer
|
||||
tool_slot plant_template saved_garden sensor_reading
|
||||
|
@ -21,7 +22,7 @@ describe Api::DevicesController do
|
|||
expect(device.send(resource.pluralize).reload.count).to be > 0
|
||||
end
|
||||
|
||||
run_jobs_now { post :reset, params: {} }
|
||||
run_jobs_now { post :reset, params: { password: password } }
|
||||
|
||||
resources.map do |resource|
|
||||
expect(device.send(resource.pluralize).reload.count).to eq 0
|
||||
|
|
Loading…
Reference in New Issue