Add "Forgot Password" reset feature using Postmark

.rubocop.yml

@@ -15,15 +15,15 @@ AllCops:
   DisabledByDefault: true
   SuggestExtensions: false
   Exclude:
-    - '**/tmp/**/*'
-    - '**/vendor/**/*'
-    - '**/node_modules/**/*'
-    - 'bin/*'
-    - 'native/**/*'
+    - "**/tmp/**/*"
+    - "**/vendor/**/*"
+    - "**/node_modules/**/*"
+    - "bin/*"
+    - "native/**/*"
 
 Performance:
   Exclude:
-    - '**/test/**/*'
+    - "**/test/**/*"
 
 # Method definitions after `private` or `protected` isolated calls do NOT
 # need extra level of indentation.
@@ -39,7 +39,7 @@ Layout/IndentationWidth:
   Enabled: true
   Width: 2
   Exclude:
-    - '**/test/**/*'
+    - "**/test/**/*"
 
 # No spaces at the end of a line
 Layout/TrailingWhitespace:
@@ -54,22 +54,22 @@ Style/SymbolArray:
   Enabled: true
   EnforcedStyle: brackets
   Include:
-    - 'routes.rb'
-    - 'app/controllers/**/*'
+    - "routes.rb"
+    - "app/controllers/**/*"
 
 # Rules below this line are disabled
 
 # Prefer assert_not over assert !
 Rails/AssertNot:
   Enabled: false
   Include:
-    - '**/test/**/*'
+    - "**/test/**/*"
 
 # Prefer assert_not_x over refute_x
 Rails/RefuteMethods:
   Enabled: false
   Include:
-    - '**/test/**/*'
+    - "**/test/**/*"
 
 Rails/IndexBy:
   Enabled: false
@@ -246,7 +246,7 @@ Lint/DeprecatedClassMethods:
 Style/EvalWithLocation:
   Enabled: false
   Exclude:
-    - '**/test/**/*'
+    - "**/test/**/*"
 
 Style/ParenthesesAroundCondition:
   Enabled: false

Gemfile

@@ -45,6 +45,7 @@ gem "solid_queue", "~> 0.2.1"
 gem "name_of_person"
 gem "actioncable-enhanced-postgresql-adapter" # longer paylaods w/ postgresql actioncable
 gem "aws-sdk-s3", require: false
+gem "postmark-rails"
 
 gem "omniauth", "~> 2.1"
 gem "omniauth-google-oauth2", "~> 1.1"
@@ -81,4 +82,5 @@ group :test do
   gem "capybara"
   gem "selenium-webdriver"
   gem "minitest-stub_any_instance"
+  gem "rails-controller-testing"
 end

Gemfile.lock

@@ -233,6 +233,11 @@ GEM
       ast (~> 2.4.1)
       racc
     pg (1.5.6)
+    postmark (1.25.1)
+      json
+    postmark-rails (0.22.1)
+      actionmailer (>= 3.0.0)
+      postmark (>= 1.21.3, < 2.0)
     prism (0.19.0)
     protocol (2.0.0)
       ruby_parser (~> 3.0)
@@ -274,6 +279,10 @@ GEM
       activesupport (= 7.1.3.2)
       bundler (>= 1.15.0)
       railties (= 7.1.3.2)
+    rails-controller-testing (1.0.5)
+      actionpack (>= 5.0.1.rc1)
+      actionview (>= 5.0.1.rc1)
+      activesupport (>= 5.0.1.rc1)
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
@@ -448,10 +457,12 @@ DEPENDENCIES
   omniauth-google-oauth2 (~> 1.1)
   omniauth-rails_csrf_protection (~> 1.0.2)
   pg (~> 1.1)
+  postmark-rails
   pry-rails
   puma (>= 5.0)
   rack-cors
   rails (~> 7.1.3)
+  rails-controller-testing
   rails_heroicon (~> 2.2.0)
   redcarpet (~> 3.6.0)
   redis (>= 4.0.1)

app/controllers/password_credentials_controller.rb

@@ -0,0 +1,37 @@
+class PasswordCredentialsController < ApplicationController
+  allow_unauthenticated_access
+  before_action :ensure_manual_login_allowed
+
+  layout "public"
+
+  def edit
+    @user = find_signed_user(params[:token])
+  end
+
+  def update
+    user = find_signed_user(params[:token])
+
+    credential = user.credentials.find_or_initialize_by(type: "PasswordCredential")
+    credential.password = update_params[:password]
+
+    if credential.save
+      logout_current if Current.client
+      login_as user.person, credential: user.password_credential
+      redirect_to root_path, notice: "Your password was reset successfully."
+    else
+      render "edit", alert: "There was an error resetting your password"
+    end
+  end
+
+  private
+
+  def find_signed_user(token)
+    User.find_signed!(token, purpose: Email::PasswordReset::TOKEN_PURPOSE)
+  rescue ActiveSupport::MessageVerifier::InvalidSignature
+    redirect_to login_path, alert: "Your token has expired. Please try again."
+  end
+
+  def update_params
+    params.permit(:password)
+  end
+end

app/controllers/password_resets_controller.rb

@@ -0,0 +1,17 @@
+class PasswordResetsController < ApplicationController
+  allow_unauthenticated_access
+  before_action :ensure_manual_login_allowed
+
+  layout "public"
+
+  def new
+  end
+
+  def create
+    os = request.operating_system
+    browser = request.browser
+    SendResetPasswordEmailJob.perform_later(params[:email], os, browser) # queue as a job to avoid timing attacks
+
+    redirect_to login_path, notice: "If that email is valid, we just sent password reset email."
+  end
+end

app/helpers/password_credentials_helper.rb

@@ -0,0 +1,2 @@
+module PasswordCredentialsHelper
+end

app/helpers/password_resets_helper.rb

@@ -0,0 +1,2 @@
+module PasswordResetsHelper
+end

app/jobs/send_reset_password_email_job.rb

@@ -0,0 +1,11 @@
+class SendResetPasswordEmailJob < ApplicationJob
+  queue_as :default
+
+  def perform(email, os, browser)
+    person = Person.find_by_email(email)
+
+    if person&.user # make sure the user exists (i.e. user has not become a tombstone)
+      PasswordMailer.with(person: person, os: os, browser: browser).reset.deliver_now
+    end
+  end
+end

app/mailers/application_mailer.rb

@@ -1,4 +1,3 @@
 class ApplicationMailer < ActionMailer::Base
-  default from: "[email protected]"
-  layout "mailer"
+  default from: Setting.email_from
 end

app/mailers/password_mailer.rb

@@ -0,0 +1,21 @@
+class PasswordMailer < ApplicationMailer
+  def reset
+    person = params[:person]
+    @user = person.user
+    @os = params[:os]
+    @browser = params[:browser]
+
+    @token_ttl = Email::PasswordReset::TOKEN_TTL
+
+    token = @user.signed_id(
+      purpose: Email::PasswordReset::TOKEN_PURPOSE,
+      expires_in: @token_ttl
+    )
+    @edit_url = edit_password_credential_url(token: token)
+
+    mail(
+      to: person.email,
+      subject: "Set up a new password for #{Setting.product_name}",
+    )
+  end
+end

app/models/setting.rb

@@ -7,9 +7,21 @@ def settings
     end
 
     def method_missing(method_name, *arguments, &block)
+      if settings.keys.exclude?(method_name.to_sym)
+        abort "ERROR: no setting found for #{method_name}. Please check settings in options.yml"
+      end
+
       ActiveRecord::Type::ImmutableString.new.cast(
         settings.fetch(method_name.to_sym, nil)
       )
     end
+
+    def require_keys!(*keys)
+      keys.each do |key|
+        if send(key).blank?
+          abort "ERROR: Please set the #{key.upcase} environment variable or secret" # if we're missing a required setting then fail fast and don't start the app
+        end
+      end
+    end
   end
 end

app/views/authentications/new.html.erb

@@ -1,20 +1,47 @@
-<div class="flex flex-col items-center justify-center w-full h-full space-y-4">
+<% content_for :heading, "Welcome back" %>
+<% if Feature.registration? %>
+  <span class="text-sm text-center">
+    Don't have an account? <%= link_to "Sign up", register_path, class: "underline" %>
+  </span>
+<% end %>
 
-  <div class="p-3 bg-white border border-gray-100 rounded-full">
-    <%= image_tag("logo.svg", width: "24", height: "24", class: "text-gray-950") %>
-  </div>
+<% if Feature.google_authentication? %>
+  <%= button_to "Log In with Google", "/auth/google",
+    method: "post",
+    class: %|
+      text-white font-medium
+      bg-brand-blue dark:bg-gray-900
+      border border-white dark:border-gray-400
+      rounded-lg p-4 text-center
+      cursor-pointer
+      hover:opacity-95
+    |,
+    form_class: "flex flex-col space-y-4 w-80",
+    data: {
+      turbo: false,
+    }
+  %>
+  <span class="text-sm text-center <%= Feature.disabled?(:password_authentication) && 'hidden' %>">
+    - Or -
+  </span>
+<% end %>
 
-  <h2 class="text-3xl font-semibold">Welcome back</h2>
-
-  <% if Feature.registration? %>
-    <span class="text-sm text-center">
-      Don't have an account? <%= link_to "Sign up", register_path, class: "underline" %>
-    </span>
-  <% end %>
-
-  <% if Feature.google_authentication? %>
-    <%= button_to "Log In with Google", "/auth/google",
-      method: "post",
+<% if Feature.password_authentication? %>
+  <%= form_with(url: login_path, method: :post, class: "flex flex-col space-y-4 w-80") do |f| %>
+    <%= f.email_field :email,
+      value: params[:email],
+      id: "email",
+      autofocus: params[:email].present? ? false : true,
+      placeholder: "Email address",
+      class: "border border-gray-400 rounded p-3 dark:text-black"
+    %>
+    <%= f.password_field :password,
+      id: "password",
+      autofocus: params[:email].present? ? true : false,
+      placeholder: "Password",
+      class: "border border-gray-400 rounded p-3 dark:text-black"
+    %>
+    <%= f.submit "Log In",
       class: %|
         text-white font-medium
         bg-brand-blue dark:bg-gray-900
@@ -23,42 +50,12 @@
         cursor-pointer
         hover:opacity-95
       |,
-      form_class: "flex flex-col space-y-4 w-80",
-      data: {
-        turbo: false,
-      }
+      data: { turbo_submits_with: "Authenticating..." }
     %>
-    <span class="text-sm text-center <%= Feature.disabled?(:password_authentication) && 'hidden' %>">
-      - Or -
-    </span>
   <% end %>
-
-  <% if Feature.password_authentication? %>
-    <%= form_with(url: login_path, method: :post, class: "flex flex-col space-y-4 w-80") do |f| %>
-      <%= f.email_field :email,
-        value: params[:email],
-        id: "email",
-        autofocus: params[:email].present? ? false : true,
-        placeholder: "Email address",
-        class: "border border-gray-400 rounded p-3 dark:text-black"
-      %>
-      <%= f.password_field :password,
-        id: "password",
-        autofocus: params[:email].present? ? true : false,
-        placeholder: "Password",
-        class: "border border-gray-400 rounded p-3 dark:text-black"
-      %>
-      <%= f.submit "Log In",
-          class: %|
-            text-white font-medium
-            bg-brand-blue dark:bg-gray-900
-            border border-white dark:border-gray-400
-            rounded-lg p-4 text-center
-            cursor-pointer
-            hover:opacity-95
-          |,
-          data: { turbo_submits_with: "Authenticating..." }
-      %>
-    <% end %>
+  <% if Feature.password_reset_email? %>
+    <span class="text-sm text-center">
+      <%= link_to "Forgot your password?", new_password_reset_path, class: "underline" %>
+    </span>
   <% end %>
-</div>
+<% end %>

app/views/layouts/application.html.erb

@@ -1,4 +1,4 @@
-<% content_for :title, "HostedGPT" %>
+<% content_for :title, Setting.product_name %>
 <!DOCTYPE html>
 <html data-role="<%= Rails.env %>">
   <%= render "head" %>

app/views/layouts/public.html.erb

@@ -3,7 +3,15 @@
   <%= render "head" %>
   <body class="font-sans text-gray-950 dark:text-gray-100 system">
     <main class="flex bg-white dark:bg-gray-800  w-full dark:dark:text-gray-100">
-      <%= content_for?(:main) ? yield(:main) : yield %>
+      <div class="flex flex-col items-center justify-center w-full h-full space-y-4">
+        <div class="p-3 bg-white border border-gray-100 rounded-full">
+          <%= image_tag("logo.svg", width: "24", height: "24", class: "text-gray-950") %>
+        </div>
+
+        <h2 class='text-3xl font-semibold'><%= content_for?(:heading) ? yield(:heading) : "Welcome back" %></h2>
+
+        <%= content_for?(:main) ? yield(:main) : yield %>
+      </div>
     </main>
     <%= render "layouts/toast" %>
   </body>

app/views/layouts/settings.html.erb

@@ -1,4 +1,4 @@
-<% content_for :title, "Settings — HostedGPT" %>
+<% content_for :title, "Settings — #{Setting.product_name}" %>
 <% content_for :nav_column do %>
   <header class="pl-2 py-7 text-3xl relative">
     <%= link_to root_path, class: "inline-block cursor-pointer py-1 pt-0 align-middle" do %>