Getting the invite password setting done with validation, almost there

2017-06-15 00:05:12 +02:00
parent c13b2fae4b
commit 6d22f7f86f
8 changed files with 130 additions and 56 deletions
--- a/src/Umbraco.Web.UI.Client/src/common/resources/auth.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/auth.resource.js
@@ -86,7 +86,7 @@ function authResource($q, $http, umbRequestHelper, angularHelper) {
          }),
        'Login failed for user ' + username);
    },
-
+
    /**
     * There are not parameters for this since when the user has clicked on their invite email they will be partially
     * logged in (but they will not be approved) so we need to use this method to verify the non approved logged in user's details.
@@ -196,6 +196,21 @@ function authResource($q, $http, umbRequestHelper, angularHelper) {
        'Password reset code validation failed for userId ' + userId + ', code' + resetCode);
    },

+    performSetInvitedUserPassword: function (newPassword) {
+
+      if (!newPassword) {
+        return angularHelper.rejectedPromise({ errorMsg: 'newPassword cannot be empty' });
+      }
+
+      return umbRequestHelper.resourcePromise(
+        $http.post(
+          umbRequestHelper.getApiUrl(
+            "authenticationApiBaseUrl",
+            "PostSetInvitedUserPassword"),
+          angular.toJson(newPassword)),
+        'Failed to change password');
+    },
+
    /**
     * @ngdoc method
     * @name umbraco.resources.authResource#performSetPassword
--- a/src/Umbraco.Web.UI.Client/src/common/resources/currentuser.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/currentuser.resource.js
@@ -7,47 +7,47 @@
    **/
 function currentUserResource($q, $http, umbRequestHelper) {

-    //the factory object returned
-    return {
-     
-        /**
-         * @ngdoc method
-         * @name umbraco.resources.currentUserResource#changePassword
-         * @methodOf umbraco.resources.currentUserResource
-         *
-         * @description
-         * Changes the current users password
-         * 
-         * @returns {Promise} resourcePromise object containing the user array.
-         *
-         */
-        changePassword: function (changePasswordArgs) {
-            return umbRequestHelper.resourcePromise(
-               $http.post(
-                   umbRequestHelper.getApiUrl(
-                       "currentUserApiBaseUrl",
-                       "PostChangePassword"),
-                       changePasswordArgs),
-               'Failed to change password');
-        },
-        
-        /**
-         * @ngdoc method
-         * @name umbraco.resources.currentUserResource#getMembershipProviderConfig
-         * @methodOf umbraco.resources.currentUserResource
-         *
-         * @description
-         * Gets the configuration of the user membership provider which is used to configure the change password form         
-         */
-        getMembershipProviderConfig: function () {
-            return umbRequestHelper.resourcePromise(
-               $http.get(
-                   umbRequestHelper.getApiUrl(
-                       "currentUserApiBaseUrl",
-                       "GetMembershipProviderConfig")),
-               'Failed to retrieve membership provider config');
-        },
-    };
+  //the factory object returned
+  return {
+
+    /**
+     * @ngdoc method
+     * @name umbraco.resources.currentUserResource#changePassword
+     * @methodOf umbraco.resources.currentUserResource
+     *
+     * @description
+     * Changes the current users password
+     * 
+     * @returns {Promise} resourcePromise object containing the user array.
+     *
+     */
+    changePassword: function (changePasswordArgs) {
+      return umbRequestHelper.resourcePromise(
+        $http.post(
+          umbRequestHelper.getApiUrl(
+            "currentUserApiBaseUrl",
+            "PostChangePassword"),
+          changePasswordArgs),
+        'Failed to change password');
+    },    
+
+    /**
+     * @ngdoc method
+     * @name umbraco.resources.currentUserResource#getMembershipProviderConfig
+     * @methodOf umbraco.resources.currentUserResource
+     *
+     * @description
+     * Gets the configuration of the user membership provider which is used to configure the change password form         
+     */
+    getMembershipProviderConfig: function () {
+      return umbRequestHelper.resourcePromise(
+        $http.get(
+          umbRequestHelper.getApiUrl(
+            "currentUserApiBaseUrl",
+            "GetMembershipProviderConfig")),
+        'Failed to retrieve membership provider config');
+    },
+  };
 }

 angular.module('umbraco.resources').factory('currentUserResource', currentUserResource);
--- a/src/Umbraco.Web.UI.Client/src/common/services/contenteditinghelper.service.js
+++ b/src/Umbraco.Web.UI.Client/src/common/services/contenteditinghelper.service.js
@@ -28,7 +28,8 @@ function contentEditingHelper(fileManager, $q, $location, $routeParams, notifica

    return {

-        /** Used by the content editor and mini content editor to perform saving operations */
+        /** Used by the content editor and mini content editor to perform saving operations */
+        //TODO: Make this a more helpful/reusable method for other form operations! we can simplify this form most forms
        contentEditorPerformSave: function (args) {
            if (!angular.isObject(args)) {
                throw "args must be an object";
--- a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js
@@ -1,7 +1,11 @@
 angular.module("umbraco").controller("Umbraco.Dialogs.LoginController",
-  function ($scope, $cookies, $location, localizationService, userService, externalLoginInfo, resetPasswordCodeInfo, $timeout, authResource, dialogService) {
+  function ($scope, $cookies, $location, currentUserResource, formHelper, localizationService, userService, externalLoginInfo, resetPasswordCodeInfo, $timeout, authResource, dialogService) {

    $scope.invitedUser = null;
+    $scope.invitedUserPasswordModel = {
+      password: "",
+      confirmPassword: ""
+    }

    function init() {
      // Check if it is a new user
@@ -17,11 +21,31 @@
      }
    }

-    $scope.inviteSavePassword = function () {
+    $scope.inviteSavePassword = function () {

+      if (formHelper.submitForm({ scope: $scope, statusMessage: "Saving..." })) {
+
+        $scope.inviteChangePasswordButtonState = "busy";

-      $scope.inviteSetPassword = false;
-      $scope.inviteSetAvatar = true;
+        authResource.performSetInvitedUserPassword($scope.invitedUserPasswordModel.password)
+          .then(function (data) {
+
+            //success
+            formHelper.resetForm({ scope: $scope, notifications: data.notifications });
+            $scope.inviteChangePasswordButtonState = "success";
+
+            $scope.inviteSetPassword = false;
+            $scope.inviteSetAvatar = true;
+
+          }, function(err) {
+
+            //error
+            formHelper.handleError(err);
+            
+            $scope.inviteChangePasswordButtonState = "error";
+
+          });
+      }      
    };

    var setFieldFocus = function (form, field) {
@@ -212,7 +236,8 @@
      if ($scope.setPasswordForm.$invalid) {
        return;
      }
-
+
+      //TODO: All of this logic can/should be shared! We should do validation the nice way instead of all of this manual stuff, see: inviteSavePassword
      authResource.performSetPassword($scope.resetPasswordCodeInfo.resetCodeModel.userId, password, confirmPassword, $scope.resetPasswordCodeInfo.resetCodeModel.resetCode)
        .then(function () {
          $scope.showSetPasswordConfirmation = true;
--- a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.html
+++ b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.html
@@ -10,7 +10,7 @@

    <div ng-show="invitedUser != null" class="umb-login-container">

-      <form novalidate="" ng-submit="inviteSavePassword()">
+      <form name="inviteUserPasswordForm" novalidate="" ng-submit="inviteSavePassword()" val-form-manager>
        <div class="form" ng-if="inviteSetPassword">
          <h1 style="margin-bottom: 10px; text-align: left;">Hi, {{invitedUser.name}}</h1>
          <p style="line-height: 1.6; margin-bottom: 25px;">Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non libero vel turpis ultrices pharetra.</p>
@@ -18,20 +18,23 @@
          <div class="control-group" ng-class="{error: setPasswordForm.password.$invalid}">
            <label>
              <localize key="user_newPassword">New password</localize>
-              <small style="font-size: 13px;">Some hint here about the new password</small>
+              <small style="font-size: 13px;">Lorem ipsum dolor sit amet (Some hint here about the new password)</small>
            </label>
-            <input type="password" ng-model="password" name="password" class="-full-width-input" umb-auto-focus required />
+            <input type="password" ng-model="invitedUserPasswordModel.password" name="password" class="-full-width-input" umb-auto-focus required val-server-field="value" autocomplete="off" />
+            <span class="help-inline" val-msg-for="password" val-toggle-msg="required"><localize key="general_required">Required</localize></span>
+            <span class="help-inline" val-msg-for="password" val-toggle-msg="valServerField"></span>     
          </div>

          <div class="control-group" ng-class="{error: setPasswordForm.confirmPassword.$invalid}">
            <label><localize key="user_confirmNewPassword">Confirm new password</localize></label>
-            <input type="password" ng-model="confirmPassword" name="confirmPassword" class="-full-width-input" required />
+            <input type="password" ng-model="invitedUserPasswordModel.confirmPassword" name="confirmPassword" class="-full-width-input" required val-compare="password" autocomplete="off"/>
+            <span class="help-inline" val-msg-for="confirmPassword" val-toggle-msg="required"><localize key="general_required">Required</localize></span>
          </div>

          <div class="flex justify-between items-center">
-            <umb-button type="button"
+            <umb-button type="submit"
                        button-style="success"
-                        action=""
+                        state="inviteChangePasswordButtonState"
                        label="Save password">
            </umb-button>
          </div>
--- a/src/Umbraco.Web.UI.Client/src/views/users/views/users/users.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/users/views/users/users.controller.js
@@ -280,7 +280,9 @@

            contentEditingHelper.contentEditorPerformSave({
                statusMessage: localizeSaving,
-                saveMethod: usersResource.inviteUser,
+                saveMethod: function(obj, isCreate, files) {
+                  usersResource.inviteUser(a, b, c);
+                },
                scope: $scope,
                content: vm.newUser,
                // We do not redirect on failure for users - this is because it is not possible to actually save a user
--- a/src/Umbraco.Web/Editors/AuthenticationController.cs
+++ b/src/Umbraco.Web/Editors/AuthenticationController.cs
@@ -357,6 +357,34 @@ namespace Umbraco.Web.Editors
            }
        }

+        /// <summary>
+        /// When a user is invited and they click on the invitation link, they will be partially logged in
+        /// where they can set their username/password
+        /// </summary>
+        /// <param name="newPassword"></param>
+        /// <returns></returns>
+        /// <remarks>
+        /// This only works when the user is logged in (partially)
+        /// </remarks>
+        [WebApi.UmbracoAuthorize(requireApproval: false)]
+        public async Task<HttpResponseMessage> PostSetInvitedUserPassword([FromBody]string newPassword)
+        {
+            var result = await UserManager.AddPasswordAsync(Security.GetUserId(), newPassword);
+
+            if (result.Succeeded == false)
+            {
+                //it wasn't successful, so add the change error to the model state, we've name the property alias _umb_password on the form
+                // so that is why it is being used here.
+                ModelState.AddModelError(
+                    "value",
+                    string.Join(", ", result.Errors));
+
+                throw new HttpResponseException(Request.CreateValidationErrorResponse(ModelState));
+            }
+
+            return Request.CreateResponse(HttpStatusCode.OK);
+        }
+
        /// <summary>
        /// Processes a set password request.  Validates the request and sets a new password.
        /// </summary>
--- a/src/Umbraco.Web/WebApi/Filters/EnableOverrideAuthorizationAttribute.cs
+++ b/src/Umbraco.Web/WebApi/Filters/EnableOverrideAuthorizationAttribute.cs
@@ -11,6 +11,6 @@ namespace Umbraco.Web.WebApi.Filters
    [AttributeUsage(AttributeTargets.Class, Inherited = true, AllowMultiple = true)]
    public sealed class EnableOverrideAuthorizationAttribute : Attribute
    {
-        
+        //TODO: Can we remove this and use the System.Web.Http.OverrideAuthorizationAttribute which uses IOverrideFilter instead?
    }
 }