Merge pull request #301 from metabase/ag-nicer-password-reset-email

password reset email is now the same as it was in django

src/metabase/api/session.clj

@@ -7,7 +7,7 @@
             [korma.core :as korma]
             [metabase.api.common :refer :all]
             [metabase.db :refer :all]
-            [metabase.email :as email]
+            [metabase.email.messages :as email]
             (metabase.models [user :refer [User set-user-password]]
                              [session :refer [Session]])
             [metabase.util.password :as password]))
@@ -38,7 +38,7 @@
 
 (defendpoint POST "/forgot_password"
   "Send a reset email when user has forgotten their password."
-  [:as {{:keys [email]} :body, {:strs [origin]} :headers}]
+  [:as {:keys [server-name] {:keys [email]} :body, {:strs [origin]} :headers}]
   ;; Use the `origin` header, which looks like `http://localhost:3000`, as the base of the reset password URL.
   ;; (Currently, there's no other way to get this info)
   ;;
@@ -46,15 +46,12 @@
   ;; a forgotten password email to another User, and take them to some sort of phishing site. Although not sure
   ;; what you could phish from them since they already forgot their password.
   {email [Required Email]}
-  (let [{user-id :id user-name :common_name} (sel :one User :email email)
+  (let [{user-id :id} (sel :one User :email email)
         reset-token (java.util.UUID/randomUUID)
         password-reset-url (str origin "/auth/reset_password/" reset-token)]
     (check-404 user-id)
     (upd User user-id :reset_token reset-token :reset_triggered (System/currentTimeMillis))
-    (email/send-message "Metabase Password Reset" {email user-name}
-                        :html (html [:p "Hey, " user-name ", sorry you forgot your password :'(."]
-                                    [:p [:a {:href password-reset-url} "Click here to reset it!"]]
-                                    [:p "<3"]))
+    (email/send-password-reset-email email server-name password-reset-url)
     (log/info password-reset-url)))
 
 

src/metabase/email/messages.clj

@@ -27,6 +27,24 @@
     ;; return the message body we sent
     message-body))
 
+(defn send-password-reset-email
+  "Format and Send an email informing the user how to reset their password."
+  [email hostname password-reset-url]
+  {:pre [(string? email)
+         (u/is-email? email)
+         (string? hostname)
+         (string? password-reset-url)]}
+  (let [message-body (html [:html
+                            [:body
+                             [:p (str (format "You're receiving this e-mail because you or someone else has requested a password for your user account at %s. " hostname)
+                                      "It can be safely ignored if you did not request a password reset. Click the link below to reset your password.")]
+                             [:p [:a {:href password-reset-url} password-reset-url]]]])]
+    (email/send-message
+      "[Metabase] Password Reset Request"
+      {email email}
+      :html message-body)
+    ;; return the message body we sent
+    message-body))
 
 (defn send-email-report
   "Format and Send an `EmailReport` email."

test/metabase/email/messages_test.clj

@@ -2,10 +2,17 @@
   (:require [expectations :refer :all]
             [metabase.email.messages :refer :all]))
 
-
+;; new user email
 (expect
   (str "<html><body><p>Welcome to Metabase test!</p>"
     "<p>Your account is setup and ready to go, you just need to set a password so you can login.  "
     "Follow the link below to reset your account password.</p>"
     "<p><a href=\"http://localhost/some/url\">http://localhost/some/url</a></p></body></html>")
   (send-new-user-email "test" "test@test.com" "http://localhost/some/url"))
+
+;; password reset email
+(expect
+  (str "<html><body><p>You're receiving this e-mail because you or someone else has requested a password for your user account at test.domain.com. "
+    "It can be safely ignored if you did not request a password reset. Click the link below to reset your password.</p>"
+    "<p><a href=\"http://localhost/some/url\">http://localhost/some/url</a></p></body></html>")
+  (send-password-reset-email "test@test.com" "test.domain.com" "http://localhost/some/url"))