Add Reset Password (from Forgot Password flow) cms and page

[Xymmer]

master ticket: #349

• determine/update how the send reset password link is sent through email template that points to spartacus (I assume it's a combination of token + spartacus url inserted into email)
• add cms page for 'reset password' page, if it's not already there
• implement reset password page (button should be just 'reset password' not 'my'

Acceptance criteria:

• i go through forgot password flow and get a link
• clicking the link goes to reset password page (i should not be logged)
• the password form behaves like when we enter a password when registering
• button activates when password meets min criteria and they match
• submitting successfully redirects to the login page and displays a success message: "Success! You can now login using your new password."

[Xymmer]

note there is an issue with being able to reset the password without knowing the old password, we're investigating. Separate last bullet of acceptance criteria (being able to submit successfully) if required.

[tobi-or-not-tobi]

• we do not longer have page controlling logic, it's all done in components
• the page that is used to reset the password will be hardcoded for now
• the UpdatePasswordComponent is used both for requesting the reset password, as well as for setting it (just because it's the case right now).
• we already have a content page for Update Password, with the page-label updatePassword

To further decouple, we should consider additional changes in the future:

• provide a (backend) configuration for the loginPage, requestResetPasswordPage, resetPasswordPage,
• make all content of those pages cms driven (i.e. paragraph components, link components)

[WeizhengSap]

This ticket is blocked by #1270 and https://jira.hybris.com/browse/RAY-239. What I have done is:

1. create some email render template for site "electronics-spa".
2. create "reset password" cms page in "electronics-spa", and add one JspIncludeComponent "resetPassword". (This component will be replaced by a FlexCmsComponent when #1270 is done.)
3. remove "reset password" page and layout from SPA.
4. add cmsComponent config "ResetPassword", so this JspIncludeComponent can be found.

[WeizhengSap]

This is the email body we get (of course, the token is expired). You should be able to click the link then go to "reset password" page.

new.html.zip

[WeizhengSap]

backend PR is here: https://stash.hybris.com/projects/C3PO/repos/spacceleratorsamplesaddon/pull-requests/22/overview

SPA PR: https://github.com/SAP/cloud-commerce-spartacus-storefront/pull/1371

[WeizhengSap]

To code reviewer/tester:

The steps to make it work are:

1. uninstall the spacceleratorsampleaddon, and reinstall it

   ant addonuninstall -Daddonnames="spacceleratorsamplesaddon" -DaddonStorefront.yacceleratorstorefront="yacceleratorstorefront"

   ant addoninstall -Daddonnames="spacceleratorsamplesaddon" -DaddonStorefront.yacceleratorstorefront="yacceleratorstorefront"

2. replace the mail settings into local.properties (inside hybris/config)

   mail.smtp.server=smtp.gmail.com
   mail.smtp.port=587
   mail.smtp.user=spa.gladiators@gmail.com
   mail.smtp.password=hybris2019!
   mail.use.tls=true

   Or you can use Patrick's http://mockmail.plabadie.com/ to do it. Contact @plabadie for how to set it up.

3. rebuild the system, and start the hybris server

4. initialize the system

5. Go to forgot password page, then enter a valid user password.

6. You should able to get the email after a few seconds.

7. Click the link inside the email, you should see "reset password" page open. Enter new password.

8. We don't have the occ endpoint for "reset password". The the new password is not really reset. You should see the token and new password in browser's console.log.

9. You should be able to see the success message, and you are redirect to login page. But, you cannot login using your new password.

[KateChuen]

1) determine/update how the send reset password link is sent through email template that points to spartacus (I assume it's a combination of token + spartacus url inserted into email)

• [X] The link from the email goes to (which contains the spartacus url and token): http://dev-com-22.accdemo.b2c.ydev.hybris.com:4200/login/pw/change?token=ncfqaOMfYstdvL8hOYSgDjjdeAI29QdMn87DUBouLhmavcZvj7iMNdtdt0RzKLYsq3nqGGLwbjRWnJ88XIyvhL7rwFhHNoKpsScUBTfRKOLFjiztFar7jx9%2F3aUwmViTG3y%2BigiuD4x04dlQkKmu28nWw7YOXW3%2FH18v6%2B8%3D

2. add cms page for 'reset password' page, if it's not already there implement reset password page (button should be just 'reset password' not 'my'

• [X] Button is reset password.

3. i go through forgot password flow and get a link

• [X] This is the email received:

4. clicking the link goes to reset password page (i should not be logged)

• [X] Even if I was previously logged in, clicking on the link goes to reset password page and no user is logged in.

5. the password form behaves like when we enter a password when registering button activates when password meets min criteria and they match submitting successfully redirects to the login page and displays a success message: "Success! You can now login using your new password."

• [ ] The "Reset Password" button is active before the password meets the criteria. However, a validation is done when clicked on it.

• [X] Successfully submitting the new password redirects user to the login page and with the correct success message.

6. We don't have the occ endpoint for "reset password". The the new password is not really reset. You should see the token and new password in browser's console.log.

• [X] Can see token and new password in console.

7. You should be able to see the success message, and you are redirect to login page. But, you cannot login using your new password.

• [X] Now able to login with new password - which I think was done in ticket https://github.com/SAP/cloud-commerce-spartacus-storefront/issues/1412

[plabadie]

For point 5, For the submit button, we followed the form behaviour requirements described in the Wireframes: https://98qkkl.axshare.com/#g=1&p=main_action_on_form_pages The ticket description should have been updated.