Commit 0bfab084 authored by Vinnie Okada's avatar Vinnie Okada

Explain reset token expiration in emails

Tell new users when their password reset token expires and provide a
link to get a new one.
parent 35729671
...@@ -32,6 +32,7 @@ v 7.11.0 (unreleased) ...@@ -32,6 +32,7 @@ v 7.11.0 (unreleased)
- Show Atom feed buttons everywhere where applicable. - Show Atom feed buttons everywhere where applicable.
- Add project activity atom feed. - Add project activity atom feed.
- Don't crash when an MR from a fork has a cross-reference comment from the target project on one of its commits. - Don't crash when an MR from a fork has a cross-reference comment from the target project on one of its commits.
- Explain how to get a new password reset token in welcome emails
- Include commit comments in MR from a forked project. - Include commit comments in MR from a forked project.
- Fix adding new group members from admin area - Fix adding new group members from admin area
- Group milestones by title in the dashboard and all other issue views. - Group milestones by title in the dashboard and all other issue views.
......
...@@ -35,4 +35,23 @@ module EmailsHelper ...@@ -35,4 +35,23 @@ module EmailsHelper
lexer = Rugments::Lexers::Diff.new lexer = Rugments::Lexers::Diff.new
raw formatter.format(lexer.lex(diffcontent)) raw formatter.format(lexer.lex(diffcontent))
end end
def password_reset_token_valid_time
valid_hours = Devise.reset_password_within / 60 / 60
if valid_hours >= 24
unit = 'day'
valid_length = (valid_hours / 24).floor
else
unit = 'hour'
valid_length = valid_hours.floor
end
pluralize(valid_length, unit)
end
def reset_token_expire_message
link_tag = link_to('request a new one', new_user_password_url)
msg = "This link is valid for #{password_reset_token_valid_time}. "
msg << "After it expires, you can #{link_tag}."
end
end end
...@@ -12,3 +12,5 @@ ...@@ -12,3 +12,5 @@
- if @user.created_by_id - if @user.created_by_id
%p %p
= link_to "Click here to set your password", edit_password_url(@user, :reset_password_token => @token) = link_to "Click here to set your password", edit_password_url(@user, :reset_password_token => @token)
%p
= reset_token_expire_message
...@@ -5,4 +5,6 @@ The Administrator created an account for you. Now you are a member of the compan ...@@ -5,4 +5,6 @@ The Administrator created an account for you. Now you are a member of the compan
login.................. <%= @user.email %> login.................. <%= @user.email %>
<% if @user.created_by_id %> <% if @user.created_by_id %>
<%= link_to "Click here to set your password", edit_password_url(@user, :reset_password_token => @token) %> <%= link_to "Click here to set your password", edit_password_url(@user, :reset_password_token => @token) %>
<%= reset_token_expire_message %>
<% end %> <% end %>
require 'spec_helper'
describe EmailsHelper do
describe 'password_reset_token_valid_time' do
def validate_time_string(time_limit, expected_string)
Devise.reset_password_within = time_limit
expect(password_reset_token_valid_time).to eq(expected_string)
end
context 'when time limit is less than 2 hours' do
it 'should display the time in hours using a singular unit' do
validate_time_string(1.hour, '1 hour')
end
end
context 'when time limit is 2 or more hours' do
it 'should display the time in hours using a plural unit' do
validate_time_string(2.hours, '2 hours')
end
end
context 'when time limit contains fractions of an hour' do
it 'should round down to the nearest hour' do
validate_time_string(96.minutes, '1 hour')
end
end
context 'when time limit is 24 or more hours' do
it 'should display the time in days using a singular unit' do
validate_time_string(24.hours, '1 day')
end
end
context 'when time limit is 2 or more days' do
it 'should display the time in days using a plural unit' do
validate_time_string(2.days, '2 days')
end
end
context 'when time limit contains fractions of a day' do
it 'should round down to the nearest day' do
validate_time_string(57.hours, '2 days')
end
end
end
end
...@@ -91,6 +91,11 @@ describe Notify do ...@@ -91,6 +91,11 @@ describe Notify do
it 'includes a link to the site' do it 'includes a link to the site' do
is_expected.to have_body_text /#{example_site_path}/ is_expected.to have_body_text /#{example_site_path}/
end end
it 'explains the reset link expiration' do
is_expected.to have_body_text(/This link is valid for \d+ (hours?|days?)/)
is_expected.to have_body_text(new_user_password_url)
end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment