Reset Password API v2 endpoints

spree · May 21, 2020 · 1956196 · 1956196
1 parent 5d1b24e
commit 1956196
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 0 deletions.
diff --git a/app/controllers/spree/api/v2/storefront/passwords_controller.rb b/app/controllers/spree/api/v2/storefront/passwords_controller.rb
@@ -0,0 +1,33 @@
+module Spree
+  module Api
+    module V2
+      module Storefront
+        class PasswordsController < ::Devise::PasswordsController
+          def create
+            user = Spree.user_class.find_by(email: params[:user][:email])
+
+            if user&.send_reset_password_instructions
+              head :ok
+            else
+              head :not_found
+            end
+          end
+
+          def update
+            user = Spree.user_class.reset_password_by_token(
+              password: params[:user][:password],
+              password_confirmation: params[:user][:password_confirmation],
+              reset_password_token: params[:id]
+            )
+
+            if user.errors.empty?
+              head :ok
+            else
+              render json: { error: user.errors.full_messages.to_sentence }, status: :unprocessable_entity
+            end
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
@@ -49,6 +49,7 @@
     namespace :v2 do
       namespace :storefront do
         resource :account, controller: :account, only: %i[show create update]
+        resources :passwords, controller: :passwords, only: %i[create update]
       end
     end
   end

diff --git a/spec/controllers/spree/api/v2/storefront/passwords_controller_spec.rb b/spec/controllers/spree/api/v2/storefront/passwords_controller_spec.rb
@@ -0,0 +1,62 @@
+RSpec.describe Spree::Api::V2::Storefront::PasswordsController, type: :controller do
+  let(:user) { create(:user) }
+  let(:password) { 'new_password' }
+
+  describe 'POST create' do
+    before { post :create, params: params }
+
+    context 'when the user email has not been specified' do
+      let(:params) { { user: { email: '' } } }
+      it 'responds with not found status' do
+        expect(response.code).to eq('404')
+      end
+    end
+
+    context 'when the user email not found' do
+      let(:params) { { user: { email: '[email protected]' } } }
+      it 'responds with not found status' do
+        expect(response.code).to eq('404')
+      end
+    end
+
+    context 'when the user email has been specified' do
+      let(:params) { { user: { email: user.email } } }
+      it_behaves_like 'returns 200 HTTP status'
+    end
+  end
+
+  describe 'PATCH update' do
+    before { patch :update, params: params }
+
+    context 'when updating password with blank password' do
+      let(:params) {
+        {
+          id: user.send_reset_password_instructions,
+          user: {
+            password: '',
+            password_confirmation: ''
+          }
+        }
+      }
+
+      it 'responds with error' do
+        expect(response.code).to eq('422')
+        expect(JSON.parse(response.body)['error']).to eq("Password can't be blank")
+      end
+    end
+
+    context 'when updating password with specified password' do
+      let(:params) {
+        {
+          id: user.send_reset_password_instructions,
+          user: {
+            password: password,
+            password_confirmation: password
+          }
+        }
+      }
+
+      it_behaves_like 'returns 200 HTTP status'
+    end
+  end
+end