From 0bfab084a811d7dad1f1929ee7b5c2bc59015173 Mon Sep 17 00:00:00 2001
From: Vinnie Okada <vokada@mrvinn.com>
Date: Sun, 26 Apr 2015 22:04:33 -0600
Subject: [PATCH] Explain reset token expiration in emails

Tell new users when their password reset token expires and provide a
link to get a new one.
---
 CHANGELOG                                 |  1 +
 app/helpers/emails_helper.rb              | 19 ++++++++++
 app/views/notify/new_user_email.html.haml |  2 +
 app/views/notify/new_user_email.text.erb  |  2 +
 spec/helpers/emails_helper_spec.rb        | 46 +++++++++++++++++++++++
 spec/mailers/notify_spec.rb               |  5 +++
 6 files changed, 75 insertions(+)
 create mode 100644 spec/helpers/emails_helper_spec.rb

diff --git a/CHANGELOG b/CHANGELOG
index ade877feb9a..15bfe570f1a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -32,6 +32,7 @@ v 7.11.0 (unreleased)
   - Show Atom feed buttons everywhere where applicable.
   - Add project activity atom feed.
   - Don't crash when an MR from a fork has a cross-reference comment from the target project on one of its commits.
+  - Explain how to get a new password reset token in welcome emails
   - Include commit comments in MR from a forked project.
   - Fix adding new group members from admin area
   - Group milestones by title in the dashboard and all other issue views.
diff --git a/app/helpers/emails_helper.rb b/app/helpers/emails_helper.rb
index 0df3ecc90b7..12aa561a14e 100644
--- a/app/helpers/emails_helper.rb
+++ b/app/helpers/emails_helper.rb
@@ -35,4 +35,23 @@ module EmailsHelper
     lexer = Rugments::Lexers::Diff.new
     raw formatter.format(lexer.lex(diffcontent))
   end
+
+  def password_reset_token_valid_time
+    valid_hours = Devise.reset_password_within / 60 / 60
+    if valid_hours >= 24
+      unit = 'day'
+      valid_length = (valid_hours / 24).floor
+    else
+      unit = 'hour'
+      valid_length = valid_hours.floor
+    end
+
+    pluralize(valid_length, unit)
+  end
+
+  def reset_token_expire_message
+    link_tag = link_to('request a new one', new_user_password_url)
+    msg = "This link is valid for #{password_reset_token_valid_time}.  "
+    msg << "After it expires, you can #{link_tag}."
+  end
 end
diff --git a/app/views/notify/new_user_email.html.haml b/app/views/notify/new_user_email.html.haml
index ebbe98dd472..39cb01d4d29 100644
--- a/app/views/notify/new_user_email.html.haml
+++ b/app/views/notify/new_user_email.html.haml
@@ -12,3 +12,5 @@
 - if @user.created_by_id
   %p
     = link_to "Click here to set your password", edit_password_url(@user, :reset_password_token => @token)
+  %p
+    = reset_token_expire_message
diff --git a/app/views/notify/new_user_email.text.erb b/app/views/notify/new_user_email.text.erb
index 96b26879a77..dd9b71e3b84 100644
--- a/app/views/notify/new_user_email.text.erb
+++ b/app/views/notify/new_user_email.text.erb
@@ -5,4 +5,6 @@ The Administrator created an account for you. Now you are a member of the compan
 login.................. <%= @user.email %>
 <% if @user.created_by_id %>
   <%= link_to "Click here to set your password", edit_password_url(@user, :reset_password_token => @token) %>
+
+  <%= reset_token_expire_message %>
 <% end %>
diff --git a/spec/helpers/emails_helper_spec.rb b/spec/helpers/emails_helper_spec.rb
new file mode 100644
index 00000000000..7a3e38d7e63
--- /dev/null
+++ b/spec/helpers/emails_helper_spec.rb
@@ -0,0 +1,46 @@
+require 'spec_helper'
+
+describe EmailsHelper do
+  describe 'password_reset_token_valid_time' do
+    def validate_time_string(time_limit, expected_string)
+      Devise.reset_password_within = time_limit
+      expect(password_reset_token_valid_time).to eq(expected_string)
+    end
+
+    context 'when time limit is less than 2 hours' do
+      it 'should display the time in hours using a singular unit' do
+        validate_time_string(1.hour, '1 hour')
+      end
+    end
+
+    context 'when time limit is 2 or more hours' do
+      it 'should display the time in hours using a plural unit' do
+        validate_time_string(2.hours, '2 hours')
+      end
+    end
+
+    context 'when time limit contains fractions of an hour' do
+      it 'should round down to the nearest hour' do
+        validate_time_string(96.minutes, '1 hour')
+      end
+    end
+
+    context 'when time limit is 24 or more hours' do
+      it 'should display the time in days using a singular unit' do
+        validate_time_string(24.hours, '1 day')
+      end
+    end
+
+    context 'when time limit is 2 or more days' do
+      it 'should display the time in days using a plural unit' do
+        validate_time_string(2.days, '2 days')
+      end
+    end
+
+    context 'when time limit contains fractions of a day' do
+      it 'should round down to the nearest day' do
+        validate_time_string(57.hours, '2 days')
+      end
+    end
+  end
+end
diff --git a/spec/mailers/notify_spec.rb b/spec/mailers/notify_spec.rb
index dbcf7286e45..4da91eea98c 100644
--- a/spec/mailers/notify_spec.rb
+++ b/spec/mailers/notify_spec.rb
@@ -91,6 +91,11 @@ describe Notify do
     it 'includes a link to the site' do
       is_expected.to have_body_text /#{example_site_path}/
     end
+
+    it 'explains the reset link expiration' do
+      is_expected.to have_body_text(/This link is valid for \d+ (hours?|days?)/)
+      is_expected.to have_body_text(new_user_password_url)
+    end
   end