Adds recovery code to user account

Related with pixelated/pixelated-user-agent#924 With @aarni
leapcode · Mar 10, 2017 · 4178189 · 4178189
1 parent 6782459
commit 4178189
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 0 deletions.
diff --git a/app/models/account.rb b/app/models/account.rb
@@ -62,6 +62,9 @@ def update(attrs)
       update_login(attrs[:login])
       @user.update_attributes attrs.slice(:password_verifier, :password_salt)
     end
+    if attrs[:recovery_code_verifier].present?
+      @user.update_attributes attrs.slice(:recovery_code_verifier, :recovery_code_salt)
+    end
     # TODO: move into identity controller
     key = update_pgp_key(attrs[:public_key])
     @user.errors.set :public_key, key.errors.full_messages

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -8,6 +8,8 @@ class User < CouchRest::Model::Base
   property :login, String, :accessible => true
   property :password_verifier, String, :accessible => true
   property :password_salt, String, :accessible => true
+  property :recovery_code_verifier, String, :accessible => true
+  property :recovery_code_salt, String, :accessible => true
   property :contact_email, String, :accessible => true
   property :contact_email_key, String, :accessible => true
   property :invite_code, String, :accessible => true

diff --git a/test/integration/api/update_account_test.rb b/test/integration/api/update_account_test.rb
@@ -28,6 +28,12 @@ class UpdateAccountTest < SrpTest
     assert server_auth["M2"]
   end
 
+  test "update recovery code via api" do
+    authenticate
+    update_user recovery_code_verifier: "123", recovery_code_salt: "456"
+    assert last_response.successful?
+  end
+
   test "change login with password_verifier" do
     authenticate
     new_login = 'zaph'

diff --git a/test/unit/account_test.rb b/test/unit/account_test.rb
@@ -96,6 +96,42 @@ class AccountTest < ActiveSupport::TestCase
     user.account.destroy
   end
 
+  test "create recovery code if it does not exist" do
+    user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code))
+    user.account.update(:recovery_code_verifier => "abc", :recovery_code_salt => "123")
+    user.reload
+
+    assert_equal "abc", user.recovery_code_verifier
+    assert_equal "123", user.recovery_code_salt
+
+    user.account.destroy
+  end
+
+  test "update recovery code that already exists" do
+    user = Account.create(FactoryGirl.attributes_for(:user,
+      :invite_code => @testcode.invite_code,
+      :recovery_code_verifier => "000",
+      :recovery_code_salt => "111"))
+
+    user.account.update(:recovery_code_verifier => "abc", :recovery_code_salt => "123")
+    user.reload
+
+    assert_equal "abc", user.recovery_code_verifier
+    assert_equal "123", user.recovery_code_salt
+
+    user.account.destroy
+  end
+
+  test "update password" do
+    user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code))
+    user.account.update(:password_verifier => "551A8B", :password_salt => "551A8B")
+
+    assert_equal "551A8B", user.password_verifier
+    assert_equal "551A8B", user.password_salt
+
+    user.account.destroy
+  end
+
   test "Invite code count goes up by 1 when the invite code is entered" do
     with_config invite_required: true do
       user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code))