Add reset password flow

backend-rails/.env.sample

@@ -1,7 +1,9 @@
-SERVER_HOST=localhost
-PASSWORD_RESET_URL=http://127.0.0.1:3000
-SENDGRID_API_KEY=
 AWS_ACCESS_KEY_ID=
+AWS_BUCKET_REGION=
 AWS_SECRET_ACCESS_KEY=
+BROWSER=/dev/null
+LAUNCHY_DRY_RUN=true
+PASSWORD_RESET_URL=http://localhost:3000/auth/reset_password
+RESEND_API_KEY=
+SERVER_HOST=localhost
 S3_BUCKET_NAME=
-AWS_BUCKET_REGION=

backend-rails/Gemfile

@@ -15,6 +15,7 @@ gem 'devise_token_auth', '~> 1.2', git: 'https://github.com/lynndylanhurley/devi
 gem 'draper', '~> 4.0', '>= 4.0.1'
 gem 'exception_hunter', '~> 1.0', '>= 1.0.1'
 gem 'jbuilder', '~> 2.10'
+gem 'jquery-rails'
 gem 'matrix', '~> 0.4.2'
 gem 'oj', '~> 3.9', '>= 3.9.2'
 gem 'pagy', '~> 3.7', '>= 3.7.5'
@@ -24,10 +25,11 @@ gem 'prawn'
 gem 'puma', '~> 5.6'
 gem 'pundit', '~> 2.1'
 gem 'rack-cors', '~> 1.0', '>= 1.0.6'
+gem 'resend'
 gem 'sass-rails', '~> 6.0.0'
-gem 'sendgrid', '~> 1.2.4'
 gem 'sprockets', '~> 3.7.2'
 gem 'yaaf', '~> 2.2'
+
 # Use Redis adapter to run Action Cable in production
 # gem 'redis', '~> 4.0'
 # Use Active Model has_secure_password

backend-rails/Gemfile.lock

@@ -178,6 +178,9 @@ GEM
       activesupport (>= 5.2)
     hashdiff (1.0.1)
     highline (2.1.0)
+    httparty (0.19.1)
+      mime-types (~> 3.0)
+      multi_xml (>= 0.5.2)
     i18n (1.12.0)
       concurrent-ruby (~> 1.0)
     i18n-tasks (0.9.37)
@@ -236,10 +239,14 @@ GEM
     marcel (1.0.2)
     matrix (0.4.2)
     method_source (1.0.0)
+    mime-types (3.4.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2023.0218.1)
     mini_mime (1.1.2)
     mini_portile2 (2.8.1)
     minitest (5.17.0)
     msgpack (1.6.0)
+    multi_xml (0.6.0)
     mustache (1.1.1)
     net-imap (0.3.4)
       date
@@ -341,6 +348,8 @@ GEM
     request_store (1.5.1)
       rack (>= 1.4)
     require_all (3.0.0)
+    resend (0.5.0)
+      httparty (~> 0.19.1)
     responders (3.1.0)
       actionpack (>= 5.2)
       railties (>= 5.2)
@@ -400,8 +409,6 @@ GEM
       sprockets (> 3.0)
       sprockets-rails
       tilt
-    sendgrid (1.2.4)
-      json
     sexp_processor (4.16.1)
     shoulda-matchers (4.5.1)
       activesupport (>= 4.2.0)
@@ -468,6 +475,7 @@ DEPENDENCIES
   faker (~> 2.13)
   i18n-tasks (~> 0.9.30)
   jbuilder (~> 2.10)
+  jquery-rails
   letter_opener (~> 1.7)
   listen (~> 3.2)
   matrix (~> 0.4.2)
@@ -484,12 +492,12 @@ DEPENDENCIES
   rails (~> 7.0.3)
   rails_best_practices (~> 1.20)
   reek (~> 6.1, >= 6.1.1)
+  resend
   rspec-rails (~> 4.1)
   rspec_api_documentation (~> 6.1.0)
   rubocop-rails (~> 2.16, >= 2.16.1)
   rubocop-rootstrap (~> 1.2)
   sass-rails (~> 6.0.0)
-  sendgrid (~> 1.2.4)
   shoulda-matchers (~> 4.1, >= 4.1.2)
   simplecov (~> 0.13.0)
   spring (~> 4.0)

backend-rails/app/assets/javascripts/application.js

@@ -0,0 +1,2 @@
+// require_self
+// require_tree.

backend-rails/app/assets/javascripts/jquery_init.js

@@ -0,0 +1,2 @@
+//= require jquery
+//= require jquery_ujs

backend-rails/app/assets/javascripts/reset_password.js

@@ -0,0 +1,31 @@
+//= require_self
+
+$(document).ready(function () {
+  $('#reset_password_form').submit(function (event) {
+    event.preventDefault();
+
+    const params = $(this).data('params')
+
+    const headers = {
+      uid: params.uid,
+      client: params.client,
+      'access-token': params['access-token']
+    }
+
+    $.ajax({
+      headers,
+      url: $(this).attr('action'),
+      type: "PUT",
+      datatype: "application/js",
+      data: $(this).serialize(),
+      success: function (response) {
+        alert(response.message)
+      },
+      error: function (_XMLHttpRequest, textStatus, errorThrown) {
+        alert("Status: " + textStatus); alert("Error: " + errorThrown);
+      }
+    })
+
+    return false;
+  });
+})

backend-rails/app/controllers/auth_controller.rb

@@ -0,0 +1,9 @@
+class AuthController < ApplicationController
+  def reset_password; end
+
+  private
+
+  def auth_params
+    params.permit('access-token', :client, :client_id, :token, :uid)
+  end
+end

backend-rails/app/views/auth/reset_password.html.erb

@@ -0,0 +1,19 @@
+<%= javascript_include_tag "jquery_init" %>
+<%= javascript_include_tag "reset_password", "data-turbolinks-track" => true  %>
+
+<div style="margin: auto; width: 50%; height: 50%; padding: 10px;">
+  <h2>Reset your password</h2>
+
+  <%= form_with url: user_password_path,
+      local: false, method: :put,  html: { id: "reset_password_form", data: { params: params} } do |form| %>
+    <div class="field">
+      <%= form.label :password %>
+      <%= form.password_field :password %>
+    </div>
+    <div class="field">
+      <%= form.label :password_confirmation %>
+      <%= form.password_field :password_confirmation %>
+    </div>
+    <%= form.submit 'Reset Password', style: 'margin-top: 24px; padding: 12px;' %>
+  <% end %>
+</div>

backend-rails/app/views/devise/mailer/confirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+<p><%= t(:welcome).capitalize + ' ' + @email %>!</p>
+
+<p><%= t '.confirm_link_msg' %> </p>
+
+<p><%= link_to t('.confirm_account_link'), user_confirmation_url(@resource, {confirmation_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']}).html_safe %></p>

backend-rails/app/views/devise/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+<p><%= t(:hello).capitalize %> <%= @resource.email %>!</p>
+
+<p><%= t '.request_reset_link_msg' %></p>
+
+<p><%= link_to t('.password_change_link'), edit_user_password_url(@resource, reset_password_token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url'].to_s).html_safe %></p>
+
+<p><%= t '.ignore_mail_msg' %></p>
+<p><%= t '.no_changes_msg' %></p>

backend-rails/app/views/layouts/application.html.erb

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>My App</title>
+    <meta name="viewport" content="width=device-width,initial-scale=1">
+    <%= csrf_meta_tags %>
+    <%= csp_meta_tag %>
+
+    <%= stylesheet_link_tag "application", "data-turbo-track": "reload" %>
+    <%= javascript_include_tag "application", "data-turbo-track": "reload", defer: true %>
+  </head>
+
+  <body>
+    <%= yield %>
+  </body>
+</html>

backend-rails/config/application.rb

@@ -34,15 +34,6 @@ class Application < Rails::Application
 
     config.add_autoload_paths_to_load_path = false
 
-    ActionMailer::Base.smtp_settings = {
-      address: 'smtp.sendgrid.net',
-      authentication: :plain,
-      domain: ENV.fetch('SERVER_HOST', nil),
-      enable_starttls_auto: true,
-      password: ENV.fetch('SENDGRID_API_KEY', nil),
-      port: 587,
-      user_name: 'apikey'
-    }
     config.action_mailer.default_url_options = { host: ENV.fetch('SERVER_HOST', nil),
                                                  port: ENV.fetch('PORT', 3000) }
     config.action_mailer.default_options = {

backend-rails/config/environments/development.rb

@@ -42,9 +42,12 @@
   # Don't care if the mailer can't send.
   config.action_mailer.raise_delivery_errors = true
   config.action_mailer.delivery_method = :letter_opener
-
+  config.action_mailer.perform_deliveries = true
+  config.action_mailer.default_options = { from: '[email protected]' }
   config.action_mailer.perform_caching = false
 
+  config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
+
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
 

backend-rails/config/environments/production.rb

@@ -73,6 +73,10 @@
   # Ignore bad email addresses and do not raise email delivery errors.
   # Set this to true and configure the email server for immediate delivery to raise delivery errors.
   # config.action_mailer.raise_delivery_errors = false
+  config.action_mailer.delivery_method = :resend
+  config.action_mailer.resend_settings = {
+    api_key: ENV.fetch('RESEND_API_KEY', nil)
+  }
 
   # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
   # the I18n.default_locale when a translation cannot be found).

backend-rails/config/initializers/assets.rb

@@ -11,4 +11,4 @@
 # Precompile additional assets.
 # application.js, application.css, and all non-JS/CSS in the app/assets
 # folder are already added.
-Rails.application.config.assets.precompile += %w[active_admin.js active_admin.css]
+Rails.application.config.assets.precompile += %w[active_admin.js active_admin.css reset_password.js jquery_init.js]

backend-rails/config/initializers/devise.rb

@@ -188,7 +188,7 @@
   # ==> Configuration for :recoverable
   #
   # Defines which key will be used when recovering the password for an account
-  # config.reset_password_keys = [:email]
+  config.reset_password_keys = [:email]
 
   # Time interval you can reset your password with a reset password key.
   # Don't put a too small interval or your users won't have the time to

backend-rails/config/initializers/mailer.rb

@@ -0,0 +1 @@
+Resend.api_key = ENV.fetch('RESEND_API_KEY', nil)

backend-rails/config/routes.rb

@@ -2,12 +2,15 @@
   devise_for :admin_users, ActiveAdmin::Devise.config
   ActiveAdmin.routes(self)
   ExceptionHunter.routes(self)
+
   mount_devise_token_auth_for 'User', at: '/api/v1/users', controllers: {
     registrations: 'api/v1/registrations',
     sessions: 'api/v1/sessions',
     passwords: 'api/v1/passwords'
   }
 
+  get 'auth/reset_password', to: 'auth#reset_password'
+
   namespace :api do
     namespace :v1, defaults: { format: :json } do
       resources :daily_habits, only: %i[index create]