diff --git a/assets/js/app.js b/assets/js/app.js
index 4906c49f..b9765dae 100644
--- a/assets/js/app.js
+++ b/assets/js/app.js
@@ -11,12 +11,16 @@ import "../node_modules/bootstrap-icons/icons/person-circle.svg"; // accounts me
import "../node_modules/bootstrap-icons/icons/person-plus.svg"; // new user / register
import "../node_modules/bootstrap-icons/icons/box-arrow-in-left.svg"; // log in
import "../node_modules/bootstrap-icons/icons/box-arrow-right.svg"; // log out
+import "../node_modules/bootstrap-icons/icons/sliders.svg"; // new user / register
// forms etc
import "../node_modules/bootstrap-icons/icons/at.svg";
import "../node_modules/bootstrap-icons/icons/key.svg";
import "../node_modules/bootstrap-icons/icons/key-fill.svg";
+import "../node_modules/bootstrap-icons/icons/lock.svg";
import "../node_modules/bootstrap-icons/icons/shield-lock.svg";
import "../node_modules/bootstrap-icons/icons/arrow-repeat.svg";
+import "../node_modules/bootstrap-icons/icons/door-open.svg"; // log in
+import "../node_modules/@mdi/svg/svg/head-question-outline.svg"; // brand
// webpack automatically bundles all modules in your
// entry points. Those entry points can be configured
diff --git a/lib/bones73k_web/controllers/user_auth.ex b/lib/bones73k_web/controllers/user_auth.ex
index cd0de8ee..c7c280e1 100644
--- a/lib/bones73k_web/controllers/user_auth.ex
+++ b/lib/bones73k_web/controllers/user_auth.ex
@@ -1,6 +1,7 @@
defmodule Bones73kWeb.UserAuth do
import Plug.Conn
import Phoenix.Controller
+ import Phoenix.HTML
alias Bones73k.Accounts
alias Bones73kWeb.Router.Helpers, as: Routes
@@ -28,14 +29,17 @@ defmodule Bones73kWeb.UserAuth do
"""
def log_in_user(conn, user, params \\ %{}) do
token = Accounts.generate_user_session_token(user)
- user_return_to = get_session(conn, :user_return_to)
conn
|> renew_session()
|> put_session(:user_token, token)
|> put_session(:live_socket_id, "users_sessions:#{Base.url_encode64(token)}")
|> maybe_write_remember_me_cookie(token, params)
- |> redirect(to: user_return_to || signed_in_path(conn))
+ |> put_flash(
+ :info,
+ raw("Welcome back, #{user.email} — you were logged in successfuly.")
+ )
+ |> redirect(to: get_session(conn, :user_return_to) || signed_in_path(conn))
end
defp maybe_write_remember_me_cookie(conn, token, %{"remember_me" => "true"}) do
diff --git a/lib/bones73k_web/controllers/user_reset_password_controller.ex b/lib/bones73k_web/controllers/user_reset_password_controller.ex
index 3ff6dcd2..d7d289b5 100644
--- a/lib/bones73k_web/controllers/user_reset_password_controller.ex
+++ b/lib/bones73k_web/controllers/user_reset_password_controller.ex
@@ -1,9 +1,10 @@
defmodule Bones73kWeb.UserResetPasswordController do
use Bones73kWeb, :controller
+ import Phoenix.LiveView.Controller
alias Bones73k.Accounts
- plug(:get_user_by_reset_password_token when action in [:edit, :update])
+ plug(:get_user_by_reset_password_token when action in [:edit])
def new(conn, _params) do
render(conn, "new.html")
@@ -21,34 +22,20 @@ defmodule Bones73kWeb.UserResetPasswordController do
conn
|> put_flash(
:info,
- "If your email is in our system, you will receive instructions to reset your password shortly."
+ "If your email is in our system, you'll receive instructions to reset your password shortly."
)
|> redirect(to: "/")
end
def edit(conn, _params) do
- render(conn, "edit.html", changeset: Accounts.change_user_password(conn.assigns.user))
- end
-
- # Do not log in the user after reset password to avoid a
- # leaked token giving the user access to the account.
- def update(conn, %{"user" => user_params}) do
- case Accounts.reset_user_password(conn.assigns.user, user_params) do
- {:ok, _} ->
- conn
- |> put_flash(:info, "Password reset successfully.")
- |> redirect(to: Routes.user_session_path(conn, :new))
-
- {:error, changeset} ->
- render(conn, "edit.html", changeset: changeset)
- end
+ live_render(conn, Bones73kWeb.UserLive.ResetPassword)
end
defp get_user_by_reset_password_token(conn, _opts) do
%{"token" => token} = conn.params
if user = Accounts.get_user_by_reset_password_token(token) do
- conn |> assign(:user, user) |> assign(:token, token)
+ put_session(conn, "user_id", user.id)
else
conn
|> put_flash(:error, "Reset password link is invalid or it has expired.")
diff --git a/lib/bones73k_web/controllers/user_session_controller.ex b/lib/bones73k_web/controllers/user_session_controller.ex
index fe5f61f8..ecc84365 100644
--- a/lib/bones73k_web/controllers/user_session_controller.ex
+++ b/lib/bones73k_web/controllers/user_session_controller.ex
@@ -6,7 +6,6 @@ defmodule Bones73kWeb.UserSessionController do
alias Bones73kWeb.UserAuth
def new(conn, _params) do
- # IO.inspect(conn.private, label: "session_new conn.private :")
render(conn, "new.html", error_message: nil)
end
diff --git a/lib/bones73k_web/live/user/registration.html.leex b/lib/bones73k_web/live/user/registration.html.leex
index c2c73688..a03ccbdb 100644
--- a/lib/bones73k_web/live/user/registration.html.leex
+++ b/lib/bones73k_web/live/user/registration.html.leex
@@ -20,7 +20,6 @@
class: input_class(f, :email, "form-control"),
placeholder: "e.g., babka@73k.us",
maxlength: User.max_email,
- required: true,
autofocus: true,
phx_debounce: "blur",
aria_describedby: error_id(f, :email)
@@ -38,7 +37,6 @@
<%= password_input f, :password,
value: input_value(f, :password),
class: input_class(f, :password, "form-control"),
- minlength: User.min_password,
maxlength: User.max_password,
required: true,
phx_debounce: "200",
diff --git a/lib/bones73k_web/live/user/reset_password.ex b/lib/bones73k_web/live/user/reset_password.ex
new file mode 100644
index 00000000..c3c9f041
--- /dev/null
+++ b/lib/bones73k_web/live/user/reset_password.ex
@@ -0,0 +1,40 @@
+defmodule Bones73kWeb.UserLive.ResetPassword do
+ use Bones73kWeb, :live_view
+
+ alias Bones73k.Accounts
+ alias Bones73k.Accounts.User
+
+ @impl true
+ def mount(_params, session, socket) do
+ user = Accounts.get_user!(session["user_id"])
+
+ socket
+ |> assign_defaults(session)
+ |> assign(page_title: "Reset password")
+ |> assign(changeset: Accounts.change_user_password(user))
+ |> assign(user: user)
+ |> live_okreply()
+ end
+
+ @impl true
+ def handle_event("validate", %{"user" => user_params}, socket) do
+ cs = Accounts.change_user_password(socket.assigns.user, user_params)
+ {:noreply, socket |> assign(changeset: %{cs | action: :update})}
+ end
+
+ def handle_event("save", %{"user" => user_params}, socket) do
+ case Accounts.reset_user_password(socket.assigns.user, user_params) do
+ {:ok, _} ->
+ {:noreply,
+ socket
+ |> put_flash(:success, "Password reset successfully.")
+ |> redirect(to: Routes.user_session_path(socket, :new))}
+
+ {:error, changeset} ->
+ {:noreply,
+ socket
+ |> put_flash(:error, "Please check the errors below.")
+ |> assign(changeset: %{changeset | action: :update})}
+ end
+ end
+end
diff --git a/lib/bones73k_web/live/user/reset_password.html.leex b/lib/bones73k_web/live/user/reset_password.html.leex
new file mode 100644
index 00000000..ad0bc238
--- /dev/null
+++ b/lib/bones73k_web/live/user/reset_password.html.leex
@@ -0,0 +1,57 @@
+<div class="row justify-content-center">
+ <div class="col-sm-9 col-md-7 col-lg-5 col-xl-4 ">
+
+ <h3>
+ <%= icon_div @socket, "bi-shield-lock", [class: "icon baseline"] %>
+ Reset password
+ </h3>
+ <p class="lead">Hi <%= @user.email %> — What new word of passage will confirm you are who you say you are?</p>
+
+ <%= form_for @changeset, "#", [phx_change: :validate, phx_submit: :save, novalidate: true, id: "pw_reset_form"], fn f -> %>
+
+ <div class="mb-3" phx-feedback-for="<%= input_id(f, :password) %>">
+ <%= label f, :password, "New password", class: "form-label" %>
+ <div class="input-group has-validation">
+ <span class="input-group-text">
+ <%= icon_div @socket, "bi-key", [class: "icon fs-5"] %>
+ </span>
+ <%= password_input f, :password,
+ value: input_value(f, :password),
+ class: input_class(f, :password, "form-control"),
+ maxlength: User.max_password,
+ autofocus: true,
+ aria_describedby: error_id(f, :password)
+ %>
+ <%= error_tag f, :password %>
+ </div>
+ </div>
+
+ <div class="mb-3" phx-feedback-for="<%= input_id(f, :password_confirmation) %>">
+ <%= label f, :password_confirmation, "Confirm new password", class: "form-label" %>
+ <div class="input-group has-validation">
+ <span class="input-group-text">
+ <%= icon_div @socket, "bi-key-fill", [class: "icon fs-5"] %>
+ </span>
+ <%= password_input f, :password_confirmation,
+ value: input_value(f, :password_confirmation),
+ class: input_class(f, :password_confirmation, "form-control"),
+ maxlength: User.max_password,
+ aria_describedby: error_id(f, :password_confirmation)
+ %>
+ <%= error_tag f, :password_confirmation %>
+ </div>
+ </div>
+
+ <div class="mb-3">
+ <%= submit "Reset password", disabled: !@changeset.valid?, class: "btn btn-primary", phx_disable_with: "Saving..." %>
+ </div>
+
+ <% end %>
+
+ <p class="mt-3 is-pulled-right">
+ <%= link "Register", to: Routes.user_registration_path(@socket, :new) %> |
+ <%= link "Log in", to: Routes.user_session_path(@socket, :new) %>
+ </p>
+
+ </div>
+</div>
diff --git a/lib/bones73k_web/router.ex b/lib/bones73k_web/router.ex
index d3b55dbb..b7d3cfc8 100644
--- a/lib/bones73k_web/router.ex
+++ b/lib/bones73k_web/router.ex
@@ -60,19 +60,12 @@ defmodule Bones73kWeb.Router do
scope "/", Bones73kWeb do
pipe_through([:browser, :redirect_if_user_is_authenticated])
- # # liveview user auth routes
- # live "/users/reset_password", UserLive.ResetPassword, :new
- # live "/users/reset_password/:token", UserLive.ResetPassword, :edit
-
- # original user auth routes from phx.gen.auth
get("/users/register", UserRegistrationController, :new)
get("/users/log_in", UserSessionController, :new)
post("/users/log_in", UserSessionController, :create)
- # TODO:
get("/users/reset_password", UserResetPasswordController, :new)
post("/users/reset_password", UserResetPasswordController, :create)
get("/users/reset_password/:token", UserResetPasswordController, :edit)
- put("/users/reset_password/:token", UserResetPasswordController, :update)
end
scope "/", Bones73kWeb do
diff --git a/lib/bones73k_web/templates/layout/navbar/_user_menu.html.eex b/lib/bones73k_web/templates/layout/navbar/_user_menu.html.eex
index 6fa6b948..f15a368d 100644
--- a/lib/bones73k_web/templates/layout/navbar/_user_menu.html.eex
+++ b/lib/bones73k_web/templates/layout/navbar/_user_menu.html.eex
@@ -13,6 +13,7 @@
<li><hr class="dropdown-divider"></li>
<li>
<%= link nav_link_opts(@conn, to: Routes.user_settings_path(@conn, :edit), class: "dropdown-item") do %>
+ <%= icon_div @conn, "bi-sliders", [class: "icon baseline me-1"] %>
Settings
<% end %>
</li>
diff --git a/lib/bones73k_web/templates/user_confirmation/new.html.eex b/lib/bones73k_web/templates/user_confirmation/new.html.eex
index 3ce96081..1d6e7245 100644
--- a/lib/bones73k_web/templates/user_confirmation/new.html.eex
+++ b/lib/bones73k_web/templates/user_confirmation/new.html.eex
@@ -5,7 +5,7 @@
<%= icon_div @conn, "bi-arrow-repeat", [class: "icon baseline"] %>
Resend confirmation instructions
</h3>
- <p class="lead">We'll send you another email with a link to confirm your email address.</p>
+ <p class="lead">We'll send you another email with instructions to confirm your email address.</p>
<%= form_for :user, Routes.user_confirmation_path(@conn, :create), [class: "needs-validation", novalidate: true], fn f -> %>
diff --git a/lib/bones73k_web/templates/user_reset_password/edit.html.eex b/lib/bones73k_web/templates/user_reset_password/edit.html.eex
deleted file mode 100644
index 94a550a4..00000000
--- a/lib/bones73k_web/templates/user_reset_password/edit.html.eex
+++ /dev/null
@@ -1,26 +0,0 @@
-<h1>Reset password</h1>
-
-<%= form_for @changeset, Routes.user_reset_password_path(@conn, :update, @token), fn f -> %>
- <%= if @changeset.action do %>
- <div class="alert alert-danger">
- <p>Oops, something went wrong! Please check the errors below.</p>
- </div>
- <% end %>
-
- <%= label f, :password, "New password" %>
- <%= password_input f, :password, required: true %>
- <%= error_tag f, :password %>
-
- <%= label f, :password_confirmation, "Confirm new password" %>
- <%= password_input f, :password_confirmation, required: true %>
- <%= error_tag f, :password_confirmation %>
-
- <div>
- <%= submit "Reset password" %>
- </div>
-<% end %>
-
-<p>
- <%= link "Register", to: Routes.user_registration_path(@conn, :new) %> |
- <%= link "Log in", to: Routes.user_session_path(@conn, :new) %>
-</p>
diff --git a/lib/bones73k_web/templates/user_reset_password/new.html.eex b/lib/bones73k_web/templates/user_reset_password/new.html.eex
index 619c535c..891b97af 100644
--- a/lib/bones73k_web/templates/user_reset_password/new.html.eex
+++ b/lib/bones73k_web/templates/user_reset_password/new.html.eex
@@ -1,15 +1,38 @@
-<h1>Forgot your password?</h1>
+<div class="row justify-content-center">
+ <div class="col-sm-9 col-md-7 col-lg-5 col-xl-4 ">
-<%= form_for :user, Routes.user_reset_password_path(@conn, :create), fn f -> %>
- <%= label f, :email %>
- <%= email_input f, :email, required: true %>
+ <h3>
+ <%= icon_div @conn, "mdi-head-question-outline", [class: "icon baseline"] %>
+ Forgot your password?
+ </h3>
+ <p class="lead">We'll send you an email with instructions to reset your password.</p>
+
+ <%= form_for :user, Routes.user_reset_password_path(@conn, :create), [class: "needs-validation", novalidate: true], fn f -> %>
+
+ <%= label f, :email, class: "form-label" %>
+ <div class="input-group has-validation mb-3">
+ <span class="input-group-text">
+ <%= icon_div @conn, "bi-at", [class: "icon fs-5"] %>
+ </span>
+ <%= email_input f, :email,
+ placeholder: "e.g., babka@73k.us",
+ class: "form-control",
+ maxlength: User.max_email,
+ required: true,
+ autofocus: true
+ %>
+ <span class="invalid-feedback">must be a valid email address</span>
+ </div>
+
+ <div class="mb-3">
+ <%= submit "Send instructions to reset password", class: "btn btn-primary" %>
+ </div>
+ <% end %>
+
+ <p>
+ <%= link "Register", to: Routes.user_registration_path(@conn, :new) %> |
+ <%= link "Log in", to: Routes.user_session_path(@conn, :new) %>
+ </p>
- <div>
- <%= submit "Send instructions to reset password" %>
</div>
-<% end %>
-
-<p>
- <%= link "Register", to: Routes.user_registration_path(@conn, :new) %> |
- <%= link "Log in", to: Routes.user_session_path(@conn, :new) %>
-</p>
+</div>
diff --git a/lib/bones73k_web/templates/user_session/new.html.eex b/lib/bones73k_web/templates/user_session/new.html.eex
index 995a0be8..f251bf39 100644
--- a/lib/bones73k_web/templates/user_session/new.html.eex
+++ b/lib/bones73k_web/templates/user_session/new.html.eex
@@ -2,7 +2,7 @@
<div class="col-sm-9 col-md-7 col-lg-5 col-xl-4 ">
<h3>
- <%= icon_div @conn, "bi-box-arrow-in-left", [class: "icon baseline"] %>
+ <%= icon_div @conn, "bi-door-open", [class: "icon baseline"] %>
Log in
</h3>
<p class="lead">Who goes there?</p>
@@ -32,7 +32,7 @@
<%= label f, :password, class: "form-label" %>
<div class="input-group has-validation mb-3">
<span class="input-group-text">
- <%= icon_div @conn, "bi-shield-lock", [class: "icon fs-5"] %>
+ <%= icon_div @conn, "bi-lock", [class: "icon fs-5"] %>
</span>
<%= password_input f, :password,
class: "form-control",
diff --git a/lib/bones73k_web/views/user_reset_password_view.ex b/lib/bones73k_web/views/user_reset_password_view.ex
index c8a1f908..a2c1d190 100644
--- a/lib/bones73k_web/views/user_reset_password_view.ex
+++ b/lib/bones73k_web/views/user_reset_password_view.ex
@@ -1,3 +1,4 @@
defmodule Bones73kWeb.UserResetPasswordView do
use Bones73kWeb, :view
+ alias Bones73k.Accounts.User
end
diff --git a/test/bones73k_web/controllers/user_reset_password_controller_test.exs b/test/bones73k_web/controllers/user_reset_password_controller_test.exs
index 1b429b8e..9a7de0ec 100644
--- a/test/bones73k_web/controllers/user_reset_password_controller_test.exs
+++ b/test/bones73k_web/controllers/user_reset_password_controller_test.exs
@@ -13,7 +13,7 @@ defmodule Bones73kWeb.UserResetPasswordControllerTest do
test "renders the reset password page", %{conn: conn} do
conn = get(conn, Routes.user_reset_password_path(conn, :new))
response = html_response(conn, 200)
- assert response =~ "<h1>Forgot your password?</h1>"
+ assert response =~ "Forgot your password?\n </h3>"
end
end
@@ -52,9 +52,10 @@ defmodule Bones73kWeb.UserResetPasswordControllerTest do
%{token: token}
end
- test "renders reset password", %{conn: conn, token: token} do
+ test "renders reset password with user_id in session", %{conn: conn, token: token, user: user} do
conn = get(conn, Routes.user_reset_password_path(conn, :edit, token))
- assert html_response(conn, 200) =~ "<h1>Reset password</h1>"
+ assert get_session(conn, "user_id") == user.id
+ assert html_response(conn, 200) =~ "Reset password\n </h3>"
end
test "does not render reset password with invalid token", %{conn: conn} do
@@ -73,41 +74,5 @@ defmodule Bones73kWeb.UserResetPasswordControllerTest do
%{token: token}
end
-
- test "resets password once", %{conn: conn, user: user, token: token} do
- conn =
- put(conn, Routes.user_reset_password_path(conn, :update, token), %{
- "user" => %{
- "password" => "new valid password",
- "password_confirmation" => "new valid password"
- }
- })
-
- assert redirected_to(conn) == Routes.user_session_path(conn, :new)
- refute get_session(conn, :user_token)
- assert get_flash(conn, :info) =~ "Password reset successfully"
- assert Accounts.get_user_by_email_and_password(user.email, "new valid password")
- end
-
- test "does not reset password on invalid data", %{conn: conn, token: token} do
- conn =
- put(conn, Routes.user_reset_password_path(conn, :update, token), %{
- "user" => %{
- "password" => "too short",
- "password_confirmation" => "does not match"
- }
- })
-
- response = html_response(conn, 200)
- assert response =~ "<h1>Reset password</h1>"
- assert response =~ "should be at least 12 character(s)"
- assert response =~ "does not match password"
- end
-
- test "does not reset password with invalid token", %{conn: conn} do
- conn = put(conn, Routes.user_reset_password_path(conn, :update, "oops"))
- assert redirected_to(conn) == "/"
- assert get_flash(conn, :error) =~ "Reset password link is invalid or it has expired"
- end
end
end
diff --git a/test/bones73k_web/live/user/registration_test.ex b/test/bones73k_web/live/user/registration_test.exs
similarity index 94%
rename from test/bones73k_web/live/user/registration_test.ex
rename to test/bones73k_web/live/user/registration_test.exs
index 06f3a6a1..76b72a2a 100644
--- a/test/bones73k_web/live/user/registration_test.ex
+++ b/test/bones73k_web/live/user/registration_test.exs
@@ -1,8 +1,6 @@
defmodule Bones73kWeb.UserLive.RegistrationTest do
use Bones73kWeb.ConnCase
- # import Plug.Conn
- # import Phoenix.ConnTest
import Phoenix.LiveViewTest
import Bones73k.AccountsFixtures
@@ -34,10 +32,11 @@ defmodule Bones73kWeb.UserLive.RegistrationTest do
assert html =~ "Register\n </h3>"
assert html =~ "must be a valid email address"
assert html =~ "should be at least #{User.min_password()} character(s)"
+ assert html =~ "type=\"submit\" disabled=\"disabled\""
end
@tag :capture_log
- test "creates account and sets login params_token and phx-trigger-action", %{
+ test "creates account, sets login token & phx-trigger-action", %{
conn: conn,
user_return_to: user_return_to
} do
diff --git a/test/bones73k_web/live/user/reset_password_test.exs b/test/bones73k_web/live/user/reset_password_test.exs
new file mode 100644
index 00000000..afab58d1
--- /dev/null
+++ b/test/bones73k_web/live/user/reset_password_test.exs
@@ -0,0 +1,57 @@
+defmodule Bones73kWeb.UserLive.ResetPasswordTest do
+ use Bones73kWeb.ConnCase
+
+ import Phoenix.LiveViewTest
+ import Bones73k.AccountsFixtures
+
+ alias Bones73k.Repo
+ alias Bones73k.Accounts
+ alias Bones73k.Accounts.User
+ alias Bones73k.Accounts.UserToken
+
+ setup %{conn: conn} do
+ user = user_fixture()
+ conn = init_test_session(conn, %{"user_id" => user.id})
+ %{conn: conn, user: user}
+ end
+
+ test "displays registration form", %{conn: conn, user: user} do
+ {:ok, _view, html} = live_isolated(conn, Bones73kWeb.UserLive.ResetPassword)
+
+ assert html =~ "Reset password\n </h3>"
+ assert html =~ user.email
+ assert html =~ "New password</label>"
+ end
+
+ test "render errors for invalid data", %{conn: conn} do
+ {:ok, view, _html} = live_isolated(conn, Bones73kWeb.UserLive.ResetPassword)
+
+ form_data = %{"user" => %{"password" => "abc", "password_confirmation" => "def"}}
+ html = form(view, "#pw_reset_form", form_data) |> render_change()
+
+ assert html =~ "Reset password\n </h3>"
+ assert html =~ "should be at least #{User.min_password()} character(s)"
+ assert html =~ "does not match password"
+ assert html =~ "type=\"submit\" disabled=\"disabled\""
+ end
+
+ @tag :capture_log
+ test "saves new password once", %{conn: conn, user: user} do
+ {:ok, view, _html} = live_isolated(conn, Bones73kWeb.UserLive.ResetPassword)
+
+ # Render submitting a new password
+ new_pw = "valid_new_pass_123"
+ form_data = %{"user" => %{"password" => new_pw, "password_confirmation" => new_pw}}
+ _html = form(view, "#pw_reset_form", form_data) |> render_submit()
+
+ # Confirm redirected
+ flash = assert_redirected(view, Routes.user_session_path(conn, :new))
+ assert flash["success"] == "Password reset successfully."
+
+ # Confirm password was updated
+ assert Accounts.get_user_by_email_and_password(user.email, new_pw)
+
+ # Tokens have been deleted
+ assert [] == Repo.all(UserToken.user_and_contexts_query(user, :all))
+ end
+end