Some work

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

lib/eventos_web/controllers/event_controller.ex

@@ -19,12 +19,9 @@ defmodule EventosWeb.EventController do
   end
 
   def create(conn, %{"event" => event_params}) do
-    address = process_address(event_params["address"])
-    event_params = if is_nil address do
-      event_params
-    else
-      %{event_params | "address" => address}
-    end
+    event_params = process_event_address(event_params)
+    Logger.debug("creating event with")
+    Logger.debug(inspect event_params)
     with {:ok, %Event{} = event} <- Events.create_event(event_params) do
       conn
       |> put_status(:created)
@@ -33,15 +30,19 @@ defmodule EventosWeb.EventController do
     end
   end
 
-  defp process_address(address) do
-    geom = EventosWeb.AddressController.process_geom(address["geom"])
-    case geom do
-      nil ->
-        address
-      _ ->
-        %{address | "geom" => geom}
-      _ ->
-        address
+  defp process_event_address(event) do
+    if Map.has_key?(event, "address_type") && event["address_type"] === :physical do
+      address = event["physical_address"]
+      geom = EventosWeb.AddressController.process_geom(address["geom"])
+      address = case geom do
+        nil ->
+          address
+        _ ->
+          %{address | "geom" => geom}
+      end
+      %{event | "physical_address" => address}
+    else
+      event
     end
   end
 

lib/eventos_web/controllers/user_controller.ex

@@ -7,6 +7,7 @@ defmodule EventosWeb.UserController do
   alias Eventos.Actors
   alias Eventos.Actors.User
   alias Eventos.Repo
+  alias Eventos.Actors.Service.{Activation, ResetPassword}
 
   action_fallback EventosWeb.FallbackController
 
@@ -16,18 +17,80 @@ defmodule EventosWeb.UserController do
   end
 
   def register(conn, %{"username" => username, "email" => email, "password" => password}) do
-    with {:ok, %User{} = user} <- Actors.register(%{email: email, password: password, username: username}),
-        {:ok, token, _claims} <- EventosWeb.Guardian.encode_and_sign(user) do
-        conn
+    with {:ok, %User{} = user} <- Actors.register(%{email: email, password: password, username: username}) do
+      Activation.send_confirmation_email(user, "locale")
+      conn
         |> put_status(:created)
-        |> render("show_with_token.json", %{token: token, user: user})
+        |> render("confirmation.json", %{user: user})
+    end
+  end
+
+  def validate(conn, %{"token" => token}) do
+    with {:ok, %User{} = user} <- Activation.check_confirmation_token(token) do
+      {:ok, token, _claims} = EventosWeb.Guardian.encode_and_sign(user)
+      conn
+      |> put_resp_header("location", user_path(conn, :show_current_actor))
+      |> render("show_with_token.json", %{user: user, token: token})
+    else
+      {:error, msg} ->
+        conn
+        |> put_status(:not_found)
+        |> json(%{"error" => msg})
+    end
+  end
+
+  def resend_confirmation(conn, %{"email" => email}) do
+    with {:ok, %User{} = user} <- Actors.find_by_email(email),
+         false <- is_nil(user.confirmation_token),
+           true <- Timex.before?(Timex.shift(user.confirmation_sent_at, hours: 1), DateTime.utc_now()) do
+      Activation.resend_confirmation_email(user)
+      render(conn, "confirmation.json", %{user: user})
+    else
+      {:error, :not_found} ->
+        conn
+        |> put_status(:not_found)
+        |> json(%{"error" => "Unable to find an user with this email"})
+      _ ->
+        conn
+        |> put_status(:not_found)
+        |> json(%{"error" => "Unable to resend the validation token"})
+    end
+  end
+
+  def send_reset_password(conn, %{"email" => email}) do
+    with {:ok, %User{} = user} <- Actors.find_by_email(email),
+         {:ok, _} <- ResetPassword.send_password_reset_email(user) do
+      render(conn, "password_reset.json", %{user: user})
+    else
+      {:error, :not_found} ->
+        conn
+        |> put_status(:not_found)
+        |> json(%{"errors" => "Unable to find an user with this email"})
+      {:error, :email_too_soon} ->
+        conn
+        |> put_status(:not_found)
+        |> json(%{"errors" => "You requested a new reset password too early"})
+    end
+  end
+
+  def reset_password(conn, %{"password" => password, "token" => token}) do
+    with {:ok, %User{} = user} <- ResetPassword.check_reset_password_token(password, token) do
+      {:ok, token, _claims} = EventosWeb.Guardian.encode_and_sign(user)
+      render(conn, "show_with_token.json", %{user: user, token: token})
+    else
+      {:error, :invalid_token} ->
+        conn
+        |> put_status(:not_found)
+        |> json(%{"errors" => %{"token" => ["Wrong token for password reset"]}})
+      {:error, %Ecto.Changeset{} = changeset} ->
+        conn
+        |> put_status(:unprocessable_entity)
+        |> render(EventosWeb.ChangesetView, "error.json", changeset: changeset)
     end
   end
 
   def show_current_actor(conn, _params) do
-    user = Guardian.Plug.current_resource(conn)
-    user
-    |> Repo.preload(:actor)
+    user = Guardian.Plug.current_resource(conn) |> Repo.preload(:actor)
     render(conn, "show_simple.json", user: user)
   end
 

lib/eventos_web/controllers/user_session_controller.ex

@@ -7,18 +7,24 @@ defmodule EventosWeb.UserSessionController do
   alias Eventos.Actors
 
   def sign_in(conn, %{"email" => email, "password" => password}) do
-    case Actors.find_by_email(email) do
-      %User{} = user ->
-        # Attempt to authenticate the user
-        case Actors.authenticate(%{user: user, password: password}) do
-          {:ok, token, _claims} ->
+    with {:ok, %User{} = user} <- Actors.find_by_email(email),
+         {:ok, %User{} = _user} <- User.is_confirmed(user),
+         {:ok, token, _claims} <- Actors.authenticate(%{user: user, password: password}) do
             # Render the token
             render conn, "token.json", %{token: token, user: user}
-          _ ->
-            send_resp(conn, 400, Poison.encode!(%{"error_msg" => "Bad login", "display_error" => "session.error.bad_login", "error_code" => 400}))
-        end
-      _ ->
-        send_resp(conn, 400, Poison.encode!(%{"error_msg" => "No such user", "display_error" => "session.error.bad_login", "error_code" => 400}))
+    else
+      {:error, :not_found} ->
+        conn
+        |> put_status(401)
+        |> json(%{"error_msg" => "No such user", "display_error" => "session.error.bad_login"})
+      {:error, :unconfirmed} ->
+        conn
+        |> put_status(401)
+        |> json(%{"error_msg" => "User is not activated", "display_error" => "session.error.not_activated"})
+      {:error, :unauthorized} ->
+        conn
+        |> put_status(401)
+        |> json(%{"error_msg" => "Bad login", "display_error" => "session.error.bad_login"})
     end
   end
 

lib/eventos_web/router.ex

@@ -36,6 +36,12 @@ defmodule EventosWeb.Router do
     scope "/v1" do
 
       post "/users", UserController, :register
+      get "/users/validate/:token", UserController, :validate
+      post "/users/resend", UserController, :resend_confirmation
+
+      post "/users/password-reset/send", UserController, :send_reset_password
+      post "/users/password-reset/post", UserController, :reset_password
+
       post "/login", UserSessionController, :sign_in
       get "/groups", GroupController, :index
       get "/events", EventController, :index
@@ -119,6 +125,11 @@ defmodule EventosWeb.Router do
     post "/inbox", ActivityPubController, :inbox
   end
 
+  if Mix.env == :dev do
+    # If using Phoenix
+    forward "/sent_emails", Bamboo.SentEmailViewerPlug
+  end
+
   scope "/", EventosWeb do
     pipe_through :browser
 

lib/eventos_web/templates/email/email.html.eex

@@ -0,0 +1,10 @@
+<html>
+  <head>
+    <link rel="stylesheet" href="<%= static_url(EventosWeb.Endpoint, "/css/email.css") %>">
+  </head>
+  <body>
+    <%= render @view_module, @view_template, assigns %>
+
+    <p><%= gettext "An email sent by Eventos on %{instance}.", instance: @instance %></p>
+  </body>
+</html>

lib/eventos_web/templates/email/email.text.eex

@@ -0,0 +1,3 @@
+<%= render @view_module, @view_template, assigns %>
+
+<%= gettext "An email sent by Eventos on %{instance}.", instance: @instance %>

lib/eventos_web/templates/email/password_reset.html.eex

@@ -0,0 +1,5 @@
+<h1><%= gettext "Password reset" %></h1>
+<p><%= gettext "You requested a new password for your account on %{host}.", host: @instance  %></p>
+<p><%= gettext "If you didn't request this, please ignore this email. Your password won't change until you access the link below and create a new one." %></p>
+
+<p><%= link "Change password", to: EventosWeb.Endpoint.url() <> "/password-reset/#{@token}", target: "_blank" %></p>

lib/eventos_web/templates/email/password_reset.text.eex

@@ -0,0 +1,11 @@
+<%= gettext "Password reset" %>
+
+==
+
+<%= gettext "You requested a new password for your account on %{host}.", host: @instance %>
+
+<%= gettext "If you didn't request this, please ignore this email. Your password won't change until you access the link below and create a new one." %>
+
+<%= EventosWeb.Endpoint.url() <> "/password-reset/#{@token}" %>
+
+

lib/eventos_web/templates/email/registration_confirmation.html.eex

@@ -0,0 +1,4 @@
+<h1><%= gettext "Confirm the email address" %></h1>
+<p><%= gettext "You created an account on %{host} with this email address. You are one click away from activating it. If this wasn't you, please ignore this email.", host: @instance %></p>
+
+<p><%= link "Confirm your email address", to: EventosWeb.Endpoint.url() <> "/validate/#{@token}", target: "_blank" %></p>

lib/eventos_web/templates/email/registration_confirmation.text.eex

@@ -0,0 +1,9 @@
+<%= gettext "Confirm the email address" %>
+
+==
+
+<%= gettext "You created an account on %{host} with this email address. You are one click away from activating it. If this wasn't you, please ignore this email.", host: @instance %>
+
+<%= EventosWeb.Endpoint.url() <> "/validate/#{@token}" %>
+
+

lib/eventos_web/views/email_view.ex

@@ -0,0 +1,3 @@
+defmodule Eventos.EmailView do
+  use EventosWeb, :view
+end

lib/eventos_web/views/event_view.ex

@@ -20,7 +20,6 @@ defmodule EventosWeb.EventView do
   def render("event_for_actor.json", %{event: event}) do
     %{id: event.id,
       title: event.title,
-      slug: event.slug,
       uuid: event.uuid,
     }
   end
@@ -28,7 +27,6 @@ defmodule EventosWeb.EventView do
   def render("event_simple.json", %{event: event}) do
     %{id: event.id,
       title: event.title,
-      slug: event.slug,
       description: event.description,
       begins_on: event.begins_on,
       ends_on: event.ends_on,
@@ -39,6 +37,7 @@ defmodule EventosWeb.EventView do
         avatar: event.organizer_actor.avatar_url,
       },
       type: "Event",
+      address_type: event.address_type,
     }
   end
 
@@ -51,8 +50,9 @@ defmodule EventosWeb.EventView do
       uuid: event.uuid,
       organizer: render_one(event.organizer_actor, ActorView, "acccount_basic.json"),
       participants: render_many(event.participants, ActorView, "show_basic.json"),
-      address: render_one(event.address, AddressView, "address.json"),
+      physical_address: render_one(event.physical_address, AddressView, "address.json"),
       type: "Event",
+      address_type: event.address_type,
     }
   end
 end

lib/eventos_web/views/user_view.ex

@@ -45,4 +45,16 @@ defmodule EventosWeb.UserView do
       role: user.role,
     }
   end
+
+  def render("confirmation.json", %{user: user}) do
+    %{
+      email: user.email,
+    }
+  end
+
+  def render("password_reset.json", %{user: user}) do
+    %{
+      email: user.email,
+    }
+  end
 end