5 files changed, 59 insertions, 2 deletions

diff --git a/app/models/account.rb b/app/models/account.rb
index d722caa..0731cac 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -62,6 +62,9 @@ class Account
       update_login(attrs[:login])
       @user.update_attributes attrs.slice(:password_verifier, :password_salt)
     end
+    if attrs[:recovery_code_verifier].present?
+      @user.update_attributes attrs.slice(:recovery_code_verifier, :recovery_code_salt)
+    end
     # TODO: move into identity controller
     key = update_pgp_key(attrs[:public_key])
     @user.errors.set :public_key, key.errors.full_messages
diff --git a/app/models/user.rb b/app/models/user.rb
index 259778b..f8869cd 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -8,6 +8,8 @@ class User < CouchRest::Model::Base
   property :login, String, :accessible => true
   property :password_verifier, String, :accessible => true
   property :password_salt, String, :accessible => true
+  property :recovery_code_verifier, String, :accessible => true
+  property :recovery_code_salt, String, :accessible => true
   property :contact_email, String, :accessible => true
   property :contact_email_key, String, :accessible => true
   property :invite_code, String, :accessible => true
@@ -33,8 +35,8 @@ class User < CouchRest::Model::Base
 
   validate :identity_is_valid
 
-  validates :password_salt, :password_verifier,
-    :format => { :with => /\A[\dA-Fa-f]+\z/, :message => "Only hex numbers allowed" }
+  validates :password_salt, :password_verifier, :recovery_code_verifier, :recovery_code_salt,
+    :format => { :with => /\A[\h]*\z/, :message => "Only hex numbers allowed" }
 
   validates :password, :presence => true,
     :confirmation => true,
diff --git a/test/integration/api/update_account_test.rb b/test/integration/api/update_account_test.rb
index 1492006..108f05d 100644
--- a/test/integration/api/update_account_test.rb
+++ b/test/integration/api/update_account_test.rb
@@ -28,6 +28,12 @@ class UpdateAccountTest < SrpTest
     assert server_auth["M2"]
   end
 
+  test "update recovery code via api" do
+    authenticate
+    update_user recovery_code_verifier: "123", recovery_code_salt: "456"
+    assert last_response.successful?
+  end
+
   test "change login with password_verifier" do
     authenticate
     new_login = 'zaph'
diff --git a/test/unit/account_test.rb b/test/unit/account_test.rb
index e00e589..058e196 100644
--- a/test/unit/account_test.rb
+++ b/test/unit/account_test.rb
@@ -96,6 +96,42 @@ class AccountTest < ActiveSupport::TestCase
     user.account.destroy
   end
 
+  test "create recovery code if it does not exist" do
+    user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code))
+    user.account.update(:recovery_code_verifier => "abc", :recovery_code_salt => "123")
+    user.reload
+
+    assert_equal "abc", user.recovery_code_verifier
+    assert_equal "123", user.recovery_code_salt
+
+    user.account.destroy
+  end
+
+  test "update recovery code that already exists" do
+    user = Account.create(FactoryGirl.attributes_for(:user,
+      :invite_code => @testcode.invite_code,
+      :recovery_code_verifier => "000",
+      :recovery_code_salt => "111"))
+
+    user.account.update(:recovery_code_verifier => "abc", :recovery_code_salt => "123")
+    user.reload
+
+    assert_equal "abc", user.recovery_code_verifier
+    assert_equal "123", user.recovery_code_salt
+
+    user.account.destroy
+  end
+
+  test "update password" do
+    user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code))
+    user.account.update(:password_verifier => "551A8B", :password_salt => "551A8B")
+
+    assert_equal "551A8B", user.password_verifier
+    assert_equal "551A8B", user.password_salt
+
+    user.account.destroy
+  end
+
   test "Invite code count goes up by 1 when the invite code is entered" do
     with_config invite_required: true do
       user = Account.create(FactoryGirl.attributes_for(:user, :invite_code => @testcode.invite_code))
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index 02e94df..e181765 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -28,6 +28,16 @@ class UserTest < ActiveSupport::TestCase
     assert !@user.valid?
   end
 
+  test "validates hex for recovery_code_verifier" do
+    @user.recovery_code_verifier = "1234567abcdef"
+    assert @user.valid?
+  end
+
+  test "validates recovery_code_verifier with non hex chars" do
+    @user.recovery_code_verifier = "gkpq"
+    assert !@user.valid?
+  end
+
   test "test require alphanumerical for login" do
     @user.login = "qw#r"
     assert !@user.valid?