Action Mailers - Password Reset

Objectives

  • Understand the concepts behind Action Mailers
  • Identify situations where emails will need to be sent by your application
  • Use ActionMailers to implement a password reset system

Getting Started

https://github.com/WDI-SEA/rails-password-reset

Use this starter code in order to have an app with user authentication. We'll be building upon this app in order to add the ability to reset passwords.

What are Action Mailers?

An Action Mailer is a class that allows you to send emails in Rails. They are very similar to controllers, where each mailer is a class with different methods. There are also views, which represent the content of the email.

Let's try creating a mailer and identify some components.

Creating a Mailer

We'll be creating a mailer in order to send users a password reset link.

rails g mailer UserMailer password_reset

Note how the generator created layouts, views, test files, and a base class for all mailers. Each mailer class inherits from ApplicationMailer, and mailer classes have methods that represent different emails.

These mailers can be called from the console, but in development, we need to setup email delivery. Or, we can use a gem called letter_opener to view emails in the browser. Let's do that for now.

Letter Opener

Install letter_opener to view emails in the browser. Add the gem to your gem file in the development group.

group :development do
  gem 'letter_opener'
end

Configure letter_opener by going to your configuration and adding this line to your config/environments/development.rb. While we're at it, we'll also configure the email URLs (which must be done manually).

config.action_mailer.delivery_method = :letter_opener
config.action_mailer.default_url_options = { host: 'http://localhost:3000' }

Now emails should appear in the browser. Right? Right. Try testing it by running rails c and call the mailer:

# in rails console
UserMailer.password_reset.deliver_now

Now that we've verified the functionality of letter_opener and our mailer, let's make some routes and a controller to add password reset functionality.

Create Routes and Controller

In routes.rb

get 'reset' => 'passwords#new'
post 'reset' => 'passwords#create'
get 'reset/:code' => 'passwords#edit', as: :reset_code
put 'reset/:code' => 'passwords#update'

The latter two routes will handle our reset code. Then...

rails g controller passwords new edit

Creating a Reset Password Form

In views/passwords/new.html.erb

<h1>Reset Password</h1>

<%= bootstrap_form_tag url: reset_path do |f| %>
  <%= f.email_field :email, placeholder: 'Enter your email' %>
  <%= f.primary 'Send Reset Email' %>
<% end %>

Add Columns for a Reset Code and Expiration

rails g migration AddResetToUsers reset_code expires_at:datetime

Note that Add<Attributes>To<Table Name> will create the migration we need. All we need is to specify the columns.

Let's also add a method to our User model to set the password reset functionality. We'll do this by generating a reset code, setting an expiration date, and saving the user.

def set_password_reset
  # this will ensure users with duplicate codes
  self.reset_code = loop do 
    code = SecureRandom.urlsafe_base64
    break code unless User.exists?(reset_code: code)
  end
  # set the expiration date with some handy date methods
  self.expires_at = 4.hours.from_now
  self.save
end

Update the Password Controller

Make sure that we can find the user and set a reset code if found.

def create
  user = User.find_by_email(params[:email])
  if user
    user.set_password_reset
    UserMailer.password_reset(user).deliver_now
  end
  flash[:warning] = 'Password reset sent if email exists'
  redirect_to root_path
end

Alter the Password Reset Mailer

Lastly, we need to alter our mailer so it accepts a user and prints out the right information to our mailer view.

Alter the action in app/mailers/user_mailer.rb

def password_reset(user)
  @user = user
  mail(to: user.email, subject: 'Password Reset')
end

Make sure to alter the views as well.

In app/views/user_mailer/password_reset.html.erb

<h1>Reset Password</h1>

<p>
  Hi <%= @user.name %>. You've requested a password reset. Go to this link to do so:
</p>

<%= link_to 'Password Reset', reset_code_url(@user.reset_code) %>

But what about the reset? Now we need an edit form and update action to handle the new password.

In passwords_controller.rb

def edit
  @code = params[:code]
end

def update
  user = User.find_by_reset_code(params[:code])
  valid_code = user.expires_at > Time.now.utc
  if user && valid_code && params[:password]
    user.update(password: params[:password], reset_code: nil, expires_at: nil)
    flash[:success] = 'Reset successful, login!'
    redirect_to login_path
  else
    flash[:danger] = 'Invalid reset code and/or password'
    redirect_to root_path
  end
end

In views/passwords/edit.html.erb

<h1>Enter New Password</h1>

<%= bootstrap_form_tag url: reset_code_path(@code), method: :put do |f| %>
  <%= f.password_field :password %>
  <%= f.primary 'Reset Password' %>
<% end %>

Sendmail

If you would like to test actually sending mail from your local machine, you can use a binary included with MacOSX/Linux called sendmail. In order to set up sendmail, you will need to set up some additional configuration in your project.

In your config/environments/ folder, there are three environments files which are used for configuration depending on your current environment (dev/test for your machine or prod for deployment on, say, Heroku).

For now, we'll just edit the development.rb file. Append the following within the do block:

  config.action_mailer.delivery_method = :sendmail
  # Defaults to:
  # config.action_mailer.sendmail_settings = {
  #   location: '/usr/sbin/sendmail',
  #   arguments: '-i -t'
  # }
  config.action_mailer.perform_deliveries = true
  config.action_mailer.raise_delivery_errors = true
  config.action_mailer.default_options = {from: 'no-reply@example.com'}

You can see there are some additional parameters you can change, along with some comments on where the sendmail binary should be located, but the main gist of this config is the first line where we specify the sendmail binary as how our machine will send mail.

Simply calling UserMailer.password_reset.deliver_now will fire off an email to the address provided! Be sure to configure your from email address in app/mailes/application_mailer.rb.

Heroku

Sendmail, however, is not present on Heroku and you will need to use some external service for sending mail. More information can be found here.

Additional Notes

If you look in your console when you send an email, you'll notice a couple things. Sending the basic pre-generated email will display something like the following:

Sent mail to test@example.com (36.1ms)
Date: Wed, 13 Jul 2016 16:32:31 -0700
From: test@example.com
To: test@example.com
Message-ID: <5786cf8fe5adc_4fb3fed92d1901091979@my-macbook.local.mail>
Subject: test subject
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="--==_mimepart_5786cf8fe4ad1_4fb3fed92d1901091861";
 charset=UTF-8
Content-Transfer-Encoding: 7bit


----==_mimepart_5786cf8fe4ad1_4fb3fed92d1901091861
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

UserMailer#test_email

Hi, find me in app/views/user_mailer/test_email.text.erb

----==_mimepart_5786cf8fe4ad1_4fb3fed92d1901091861
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<h1>UserMailer#test_email</h1>

<p>
  Hi, find me in app/views/user_mailer/test_email.html.erb
</p>

----==_mimepart_5786cf8fe4ad1_4fb3fed92d1901091861--

Notice how the email has both the plaintext and html sections? This is so the email client itself can determine what to display to the client. So if you edit your email, be sure to edit both the html and plain text file!

results matching ""

    No results matching ""