From 3c69bfa822362780226eb30787e111460b93fce1 Mon Sep 17 00:00:00 2001
From: "Chris Baudouin, Jr" <cjb5326@rit.edu>
Date: Fri, 8 Jan 2021 23:27:55 -0500
Subject: [PATCH] feature: Allows directors to reset passwords through admin
 portal

---
 app/controllers/manage/users_controller.rb    |  10 +-
 app/views/manage/users/edit.html.haml         |   1 +
 config/locales/en.yml                         |   3 +
 .../manage/users_controller_test.rb           | 138 +++++++++++-------
 4 files changed, 101 insertions(+), 51 deletions(-)

diff --git a/app/controllers/manage/users_controller.rb b/app/controllers/manage/users_controller.rb
index e5d743166..6ef31a54f 100644
--- a/app/controllers/manage/users_controller.rb
+++ b/app/controllers/manage/users_controller.rb
@@ -1,6 +1,6 @@
 class Manage::UsersController < Manage::ApplicationController
   before_action :require_director
-  before_action :find_user, only: [:show, :edit, :update, :destroy]
+  before_action :find_user, only: [:show, :edit, :update, :reset_password, :destroy]
 
   respond_to :html, :json
 
@@ -16,6 +16,14 @@ def staff_datatable
     render json: StaffDatatable.new(params, view_context: view_context)
   end
 
+  def reset_password
+    new_password = Devise.friendly_token(50)
+    @user.reset_password(new_password, new_password)
+    @user.send_reset_password_instructions
+    flash[:notice] = t(:reset_password_success, scope: 'pages.manage.users.edit', full_name: @user.full_name)
+    respond_with(:manage, @user, location: manage_users_path)
+  end
+
   def show
     respond_with(:manage, @user)
   end
diff --git a/app/views/manage/users/edit.html.haml b/app/views/manage/users/edit.html.haml
index f2f911fa0..0f517b3f6 100644
--- a/app/views/manage/users/edit.html.haml
+++ b/app/views/manage/users/edit.html.haml
@@ -1,6 +1,7 @@
 = render "layouts/manage/page_title", title: t(:title, scope: "pages.manage.users.edit", user_email: @user.email), subtitle: @user.email do
   .btn-group
     = link_to t(:cancel, scope: "pages.manage.users.edit"), manage_user_path(@user), class: 'btn btn-sm btn-outline-secondary'
+    = link_to t(:reset_password, scope: "pages.manage.users.edit"), reset_password_manage_user_path(@user), method: :patch, data: { confirm: t(:confirm_reset_password, scope: "pages.manage.users.edit", full_name: @user.full_name, first_name: @user.first_name)}, class: 'btn btn-sm btn-outline-secondary'
     = link_to t(:delete, scope: "pages.manage.users.edit"), manage_user_path(@user), method: :delete, data: { confirm: "Are you sure? #{@user.email} will be permanently deleted. This action is irreversible." }, class: 'btn btn-sm btn-outline-secondary'
 
 = render 'form'
diff --git a/config/locales/en.yml b/config/locales/en.yml
index e942e663f..6dd39b260 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -180,6 +180,9 @@ en:
           subtitle: "%{user_email}"
           cancel: Cancel
           delete: Delete
+          reset_password: Reset Password
+          confirm_reset_password: "Are you sure? %{full_name}'s password will be reset and %{first_name} will receive a recovery email."
+          reset_password_success: "Successfully reset password and sent recovery instructions to %{full_name}."
           form:
             active: Active
             inactive: Inactive
diff --git a/test/controllers/manage/users_controller_test.rb b/test/controllers/manage/users_controller_test.rb
index 2ea0cd3c9..e9cd18a1c 100644
--- a/test/controllers/manage/users_controller_test.rb
+++ b/test/controllers/manage/users_controller_test.rb
@@ -1,6 +1,8 @@
 require 'test_helper'
 
 class Manage::UsersControllerTest < ActionController::TestCase
+  include ActiveJob::TestHelper
+
   setup do
     @user = create(:user)
   end
@@ -12,6 +14,16 @@ class Manage::UsersControllerTest < ActionController::TestCase
       assert_redirected_to new_user_session_path
     end
 
+    should "not allow access to user_datatable" do
+      get :user_datatable
+      assert_redirected_to new_user_session_path
+    end
+
+    should "not allow access to staff_datatable" do
+      get :staff_datatable
+      assert_redirected_to new_user_session_path
+    end
+
     should "not allow access to manage_users user datatables api" do
       post :user_datatable, format: :json, params: { "columns[0][data]" => "" }
       assert_response 401
@@ -59,6 +71,16 @@ class Manage::UsersControllerTest < ActionController::TestCase
       assert_redirected_to root_path
     end
 
+    should "not allow access to user_datatable" do
+      get :user_datatable
+      assert_redirected_to root_path
+    end
+
+    should "not allow access to staff_datatable" do
+      get :staff_datatable
+      assert_redirected_to root_path
+    end
+
     should "not allow access to manage_users users datatables api" do
       post :user_datatable, format: :json, params: { "columns[0][data]" => "" }
       assert_response :redirect
@@ -108,6 +130,16 @@ class Manage::UsersControllerTest < ActionController::TestCase
       assert_redirected_to manage_checkins_path
     end
 
+    should "not allow access to user_datatable" do
+      get :user_datatable
+      assert_redirected_to manage_checkins_path
+    end
+
+    should "not allow access to staff_datatable" do
+      get :staff_datatable
+      assert_redirected_to manage_checkins_path
+    end
+
     should "not allow access to manage_users users datatables api" do
       post :user_datatable, format: :json, params: { "columns[0][data]" => "" }
       assert_redirected_to manage_checkins_path
@@ -154,6 +186,16 @@ class Manage::UsersControllerTest < ActionController::TestCase
       assert_redirected_to manage_root_path
     end
 
+    should "not allow access to user_datatable" do
+      get :user_datatable
+      assert_redirected_to manage_root_path
+    end
+
+    should "not allow access to staff_datatable" do
+      get :staff_datatable
+      assert_redirected_to manage_root_path
+    end
+
     should "not allow access to manage_users users datatables api" do
       post :user_datatable, format: :json, params: { "columns[0][data]" => "" }
       assert_redirected_to manage_root_path
@@ -200,55 +242,51 @@ class Manage::UsersControllerTest < ActionController::TestCase
       assert_response :success
     end
 
-    # TODO: Tests appear to be stalling Travis CI
-
-    # should "create a new admin" do
-    #   post :create, params: { user: { email: "test@example.com", role: 'admin' } }
-    #   assert_response :redirect
-    #   assert_redirected_to manage_users_path
-    #   assert assigns(:user).admin?, "new user should be an admin"
-    # end
-
-    # should "create a new limited access admin" do
-    #   post :create, params: { user: { email: "test@example.com", role: 'admin_limited_access' } }
-    #   assert_response :redirect
-    #   assert_redirected_to manage_users_path
-    #   assert !assigns(:user).admin?, "new user should not be an admin"
-    #   assert assigns(:user).admin_limited_access?, "new user should be a limited access admin"
-    # end
-
-    # should "not create an admin with duplicate emails" do
-    #   create(:user, email: "existing@example.com")
-    #   assert_difference('User.count', 0) do
-    #     post :create, params: { user: { email: "existing@example.com", role: 'admin' } }
-    #   end
-    # end
-
-    # should "allow access to manage_admins#new" do
-    #   get :new, params: { id: @user }
-    #   assert_response :success
-    # end
-
-    # should "allow access to manage_admins#show" do
-    #   get :show, params: { id: @user }
-    #   assert_response :success
-    # end
-
-    # should "allow access to manage_admins#edit" do
-    #   get :edit, params: { id: @user }
-    #   assert_response :success
-    # end
-
-    # should "update user" do
-    #   patch :update, params: { id: @user, user: { email: "test@example.coma" } }
-    #   assert_redirected_to manage_users_path
-    # end
-
-    # should "destroy user" do
-    #   assert_difference('User.count', -1) do
-    #     patch :destroy, params: { id: @user }
-    #   end
-    #   assert_redirected_to manage_users_path
-    # end
+    should "allow access to user_datatable" do
+      get :user_datatable
+      assert_response :success
+    end
+
+    should "allow access to staff_datatable" do
+      get :staff_datatable
+      assert_response :success
+    end
+
+    should "be able to reset a user's password" do
+      assert_difference "enqueued_jobs.size", 1 do
+        patch :reset_password, params: { id: @user }
+      end
+      assert_redirected_to manage_users_path
+    end
+
+    should "allow access to manage_users#show" do
+      get :show, params: { id: @user }
+      assert_response :success
+    end
+
+    should "allow access to manage_users#edit" do
+      get :edit, params: { id: @user }
+      assert_response :success
+    end
+
+    should "update user" do
+      patch :update, params: { id: @user, user: { email: "test@example.coma" } }
+      assert_redirected_to manage_users_path
+    end
+
+    should "destroy user" do
+      assert_difference('User.count', -1) do
+        patch :destroy, params: { id: @user }
+      end
+      assert_redirected_to manage_users_path
+    end
+
+    should "destroy user and user's questionnaire" do
+      @questionnaire = create(:questionnaire, user_id: @user.id)
+      assert_difference('Questionnaire.count', -1) do
+        patch :destroy, params: { id: @user }
+      end
+      assert_redirected_to manage_users_path
+    end
   end
 end