From dc9005068e2a138d65a4f99f1bef8a9b94f220b0 Mon Sep 17 00:00:00 2001
From: Jamil Bou Kheir <jamil@elbii.com>
Date: Thu, 21 May 2020 23:48:24 -0700
Subject: [PATCH 1/6] Checkpoint

---
 apps/fg_http/lib/fg_http/password_resets.ex   | 104 ++++++++++++++++++
 .../fg_http/password_resets/password_reset.ex |  64 +++++++++++
 apps/fg_http/lib/fg_http/users.ex             |   4 -
 apps/fg_http/lib/fg_http/users/user.ex        |   2 -
 .../controllers/password_reset_controller.ex  |  29 ++---
 apps/fg_http/lib/fg_http_web/router.ex        |   2 +
 .../fg_http_web/templates/layout/app.html.eex |  13 ++-
 .../templates/password_reset/edit.html.eex    |   5 +
 .../templates/password_reset/form.html.eex    |  19 ++++
 .../templates/password_reset/index.html.eex   |  28 +++++
 .../templates/password_reset/new.html.eex     |   5 +
 .../templates/password_reset/show.html.eex    |  18 +++
 .../lib/fg_http_web/views/layout_view.ex      |  17 +++
 .../fg_http_web/views/password_reset_view.ex  |   3 +
 .../20200225005454_create_users.exs           |   2 -
 .../20200521154921_create_password_resets.exs |  16 +++
 .../test/fg_http/password_resets_test.exs     |  87 +++++++++++++++
 .../controllers/device_controller_test.exs    |   4 +-
 .../password_reset_controller_test.exs        |  20 ++++
 apps/fg_http/test/support/conn_case.ex        |   6 +-
 apps/fg_http/test/support/fixtures.ex         |  30 +++--
 21 files changed, 433 insertions(+), 45 deletions(-)
 create mode 100644 apps/fg_http/lib/fg_http/password_resets.ex
 create mode 100644 apps/fg_http/lib/fg_http/password_resets/password_reset.ex
 create mode 100644 apps/fg_http/lib/fg_http_web/templates/password_reset/edit.html.eex
 create mode 100644 apps/fg_http/lib/fg_http_web/templates/password_reset/form.html.eex
 create mode 100644 apps/fg_http/lib/fg_http_web/templates/password_reset/index.html.eex
 create mode 100644 apps/fg_http/lib/fg_http_web/templates/password_reset/new.html.eex
 create mode 100644 apps/fg_http/lib/fg_http_web/templates/password_reset/show.html.eex
 create mode 100644 apps/fg_http/lib/fg_http_web/views/password_reset_view.ex
 create mode 100644 apps/fg_http/priv/repo/migrations/20200521154921_create_password_resets.exs
 create mode 100644 apps/fg_http/test/fg_http/password_resets_test.exs
 create mode 100644 apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs

diff --git a/apps/fg_http/lib/fg_http/password_resets.ex b/apps/fg_http/lib/fg_http/password_resets.ex
new file mode 100644
index 000000000..6093b786f
--- /dev/null
+++ b/apps/fg_http/lib/fg_http/password_resets.ex
@@ -0,0 +1,104 @@
+defmodule FgHttp.PasswordResets do
+  @moduledoc """
+  The PasswordResets context.
+  """
+
+  import Ecto.Query, warn: false
+  alias FgHttp.Repo
+
+  alias FgHttp.PasswordResets.PasswordReset
+
+  @doc """
+  Returns the list of password_resets.
+
+  ## Examples
+
+      iex> list_password_resets()
+      [%PasswordReset{}, ...]
+
+  """
+  def list_password_resets do
+    Repo.all(PasswordReset)
+  end
+
+  @doc """
+  Gets a single password_reset.
+
+  Raises `Ecto.NoResultsError` if the Password reset does not exist.
+
+  ## Examples
+
+      iex> get_password_reset!(123)
+      %PasswordReset{}
+
+      iex> get_password_reset!(456)
+      ** (Ecto.NoResultsError)
+
+  """
+  def get_password_reset!(id), do: Repo.get!(PasswordReset, id)
+
+  @doc """
+  Creates a password_reset.
+
+  ## Examples
+
+      iex> create_password_reset(%{field: value})
+      {:ok, %PasswordReset{}}
+
+      iex> create_password_reset(%{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def create_password_reset(attrs \\ %{}) do
+    %PasswordReset{}
+    |> PasswordReset.create_changeset(attrs)
+    |> Repo.insert()
+  end
+
+  @doc """
+  Updates a password_reset.
+
+  ## Examples
+
+      iex> update_password_reset(password_reset, %{field: new_value})
+      {:ok, %PasswordReset{}}
+
+      iex> update_password_reset(password_reset, %{field: bad_value})
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def update_password_reset(%PasswordReset{} = password_reset, attrs) do
+    password_reset
+    |> PasswordReset.update_changeset(attrs)
+    |> Repo.update()
+  end
+
+  @doc """
+  Deletes a password_reset.
+
+  ## Examples
+
+      iex> delete_password_reset(password_reset)
+      {:ok, %PasswordReset{}}
+
+      iex> delete_password_reset(password_reset)
+      {:error, %Ecto.Changeset{}}
+
+  """
+  def delete_password_reset(%PasswordReset{} = password_reset) do
+    Repo.delete(password_reset)
+  end
+
+  @doc """
+  Returns an `%Ecto.Changeset{}` for tracking password_reset changes.
+
+  ## Examples
+
+      iex> change_password_reset(password_reset)
+      %Ecto.Changeset{data: %PasswordReset{}}
+
+  """
+  def change_password_reset(%PasswordReset{} = password_reset, attrs \\ %{}) do
+    PasswordReset.changeset(password_reset, attrs)
+  end
+end
diff --git a/apps/fg_http/lib/fg_http/password_resets/password_reset.ex b/apps/fg_http/lib/fg_http/password_resets/password_reset.ex
new file mode 100644
index 000000000..fe9ad877c
--- /dev/null
+++ b/apps/fg_http/lib/fg_http/password_resets/password_reset.ex
@@ -0,0 +1,64 @@
+defmodule FgHttp.PasswordResets.PasswordReset do
+  @moduledoc """
+  Schema for PasswordReset
+  """
+
+  use Ecto.Schema
+  import Ecto.Changeset
+
+  alias FgHttp.{Users, Users.User}
+
+  @token_num_bytes 8
+
+  schema "password_resets" do
+    field :reset_sent_at, :utc_datetime
+    field :reset_token, :string
+    field :user_email, :string, virtual: true
+    belongs_to :user, User
+
+    timestamps()
+  end
+
+  @doc false
+  def changeset(password_reset, attrs) do
+    password_reset
+    |> cast(attrs, [:user_id, :user_email, :reset_sent_at, :reset_token])
+  end
+
+  @doc false
+  def create_changeset(password_reset, attrs) do
+    password_reset
+    |> cast(attrs, [:user_id, :user_email, :reset_sent_at, :reset_token])
+    |> load_user_from_email()
+    |> generate_reset_token()
+    |> validate_required([:reset_token, :user_id])
+    |> unique_constraint(:reset_token)
+  end
+
+  @doc false
+  def update_changeset(password_reset, attrs) do
+    password_reset
+    |> cast(attrs, [:user_id, :user_email, :reset_sent_at, :reset_token])
+    |> validate_required([:reset_token])
+  end
+
+  defp load_user_from_email(
+         %Ecto.Changeset{
+           valid?: true,
+           changes: %{user_email: user_email}
+         } = changeset
+       ) do
+    user = Users.get_user!(email: user_email)
+    put_change(changeset, :user_id, user.id)
+  end
+
+  defp load_user_from_email(changeset), do: changeset
+
+  defp generate_reset_token(%Ecto.Changeset{valid?: true} = changeset) do
+    random_bytes = :crypto.strong_rand_bytes(@token_num_bytes)
+    random_string = Base.url_encode64(random_bytes)
+    put_change(changeset, :reset_token, random_string)
+  end
+
+  defp generate_reset_token(changeset), do: changeset
+end
diff --git a/apps/fg_http/lib/fg_http/users.ex b/apps/fg_http/lib/fg_http/users.ex
index 323dd66b3..08f0a2b85 100644
--- a/apps/fg_http/lib/fg_http/users.ex
+++ b/apps/fg_http/lib/fg_http/users.ex
@@ -39,10 +39,6 @@ defmodule FgHttp.Users do
     Repo.get_by!(User, email: email)
   end
 
-  def get_user!(reset_token: reset_token) do
-    Repo.get_by!(User, reset_token: reset_token)
-  end
-
   def get_user!(id), do: Repo.get!(User, id)
 
   @doc """
diff --git a/apps/fg_http/lib/fg_http/users/user.ex b/apps/fg_http/lib/fg_http/users/user.ex
index b01f6f987..9e682f9e3 100644
--- a/apps/fg_http/lib/fg_http/users/user.ex
+++ b/apps/fg_http/lib/fg_http/users/user.ex
@@ -11,8 +11,6 @@ defmodule FgHttp.Users.User do
   schema "users" do
     field :email, :string
     field :confirmed_at, :utc_datetime
-    field :reset_sent_at, :utc_datetime
-    field :reset_token, :string
     field :last_signed_in_at, :utc_datetime
     field :password_hash, :string
 
diff --git a/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex b/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex
index f5531b7db..d686cdf61 100644
--- a/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex
+++ b/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex
@@ -4,35 +4,28 @@ defmodule FgHttpWeb.PasswordResetController do
   """
 
   use FgHttpWeb, :controller
-  alias FgHttp.{Users, Users.User}
+  alias FgHttp.{PasswordResets, PasswordResets.PasswordReset}
 
   plug FgHttpWeb.Plugs.RedirectAuthenticated
 
   def new(conn, _params) do
+    changeset = PasswordReset.changeset(%PasswordReset{}, %{})
+
     conn
-    |> render("new.html", changeset: User.changeset(%User{}))
+    |> render("new.html", changeset: changeset)
   end
 
-  # Don't actually create anything. Instead, update the user with a reset token and send
-  # the password reset email.
-  def create(conn, %{
-        "password_reset" =>
-          %{
-            reset_token: reset_token,
-            password: _password,
-            password_confirmation: _password_confirmation,
-            current_password: _current_password
-          } = user_params
-      }) do
-    user = Users.get_user!(reset_token: reset_token)
-
-    case Users.update_user(user, user_params) do
-      {:ok, _user} ->
+  def create(conn, %{"password_reset" => %{"user_email" => _} = password_reset_params}) do
+    case PasswordResets.create_password_reset(password_reset_params) do
+      {:ok, _password_reset} ->
         conn
-        |> render("success.html")
+        |> clear_session()
+        |> put_flash(:info, "Password reset successfully. Please sign in with your new password.")
+        |> redirect(to: Routes.session_path(conn, :new))
 
       {:error, changeset} ->
         conn
+        |> put_flash(:error, "Error creating password reset.")
         |> render("new.html", changeset: changeset)
     end
   end
diff --git a/apps/fg_http/lib/fg_http_web/router.ex b/apps/fg_http/lib/fg_http_web/router.ex
index a2c7a33d0..7594b7851 100644
--- a/apps/fg_http/lib/fg_http_web/router.ex
+++ b/apps/fg_http/lib/fg_http_web/router.ex
@@ -20,6 +20,8 @@ defmodule FgHttpWeb.Router do
   scope "/", FgHttpWeb do
     pipe_through :browser
 
+    resources "/password_resets", PasswordResetController, only: [:new, :create]
+
     resources "/user", UserController, singleton: true, only: [:show, :edit, :update, :delete]
     resources "/users", UserController, only: [:new, :create]
 
diff --git a/apps/fg_http/lib/fg_http_web/templates/layout/app.html.eex b/apps/fg_http/lib/fg_http_web/templates/layout/app.html.eex
index a4f9211f2..570eb2794 100644
--- a/apps/fg_http/lib/fg_http_web/templates/layout/app.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/layout/app.html.eex
@@ -14,16 +14,17 @@
         <nav class="f6 fw6 ttu tracked fl">
           <%= link("Fireguard", to: FgHttpWeb.Endpoint.url(), class: "link dim white dib mr3") %>
         </nav>
-        <%= if @user_signed_in? do %>
-          <nav class="f6 fw6 ttu tracked fr">
+        <nav class="f6 fw6 ttu tracked fr">
+          <%= if @user_signed_in? do %>
             <%= link("Devices", to: Routes.device_path(@conn, :index), class: "link dim white dib mr3") %>
             <%= link("Sign out", to: Routes.session_path(@conn, :delete, @current_session), method: :delete, class: "link dim white dib mr3") %>
-          </nav>
-        <% else %>
-
-        <% end %>
+          <% else %>
+            <%= link("Sign in", to: Routes.session_path(@conn, :new), class: "link dim white dib mr3") %>
+          <% end %>
+        </nav>
     </header>
     <main class="mw7 mw9-ns center pa3 pt5 ph5-ns">
+      <%= render_flash(@conn) %>
       <%= @inner_content %>
     </main>
     <script type="text/javascript" src="<%= Routes.static_path(@conn, "/js/app.js") %>"></script>
diff --git a/apps/fg_http/lib/fg_http_web/templates/password_reset/edit.html.eex b/apps/fg_http/lib/fg_http_web/templates/password_reset/edit.html.eex
new file mode 100644
index 000000000..ed57b0cd4
--- /dev/null
+++ b/apps/fg_http/lib/fg_http_web/templates/password_reset/edit.html.eex
@@ -0,0 +1,5 @@
+<h1>Edit Password reset</h1>
+
+<%= render "form.html", Map.put(assigns, :action, Routes.password_reset_path(@conn, :update, @password_reset)) %>
+
+<span><%= link "Back", to: Routes.password_reset_path(@conn, :index) %></span>
diff --git a/apps/fg_http/lib/fg_http_web/templates/password_reset/form.html.eex b/apps/fg_http/lib/fg_http_web/templates/password_reset/form.html.eex
new file mode 100644
index 000000000..23bcc3e43
--- /dev/null
+++ b/apps/fg_http/lib/fg_http_web/templates/password_reset/form.html.eex
@@ -0,0 +1,19 @@
+<%= form_for @changeset, @action, fn f -> %>
+  <%= if @changeset.action do %>
+    <div class="alert alert-danger">
+      <p>Oops, something went wrong! Please check the errors below.</p>
+    </div>
+  <% end %>
+
+  <%= label f, :reset_sent_at %>
+  <%= datetime_select f, :reset_sent_at %>
+  <%= error_tag f, :reset_sent_at %>
+
+  <%= label f, :reset_token %>
+  <%= text_input f, :reset_token %>
+  <%= error_tag f, :reset_token %>
+
+  <div>
+    <%= submit "Save" %>
+  </div>
+<% end %>
diff --git a/apps/fg_http/lib/fg_http_web/templates/password_reset/index.html.eex b/apps/fg_http/lib/fg_http_web/templates/password_reset/index.html.eex
new file mode 100644
index 000000000..1139f045f
--- /dev/null
+++ b/apps/fg_http/lib/fg_http_web/templates/password_reset/index.html.eex
@@ -0,0 +1,28 @@
+<h1>Listing Password resets</h1>
+
+<table>
+  <thead>
+    <tr>
+      <th>Reset sent at</th>
+      <th>Reset token</th>
+
+      <th></th>
+    </tr>
+  </thead>
+  <tbody>
+<%= for password_reset <- @password_resets do %>
+    <tr>
+      <td><%= password_reset.reset_sent_at %></td>
+      <td><%= password_reset.reset_token %></td>
+
+      <td>
+        <span><%= link "Show", to: Routes.password_reset_path(@conn, :show, password_reset) %></span>
+        <span><%= link "Edit", to: Routes.password_reset_path(@conn, :edit, password_reset) %></span>
+        <span><%= link "Delete", to: Routes.password_reset_path(@conn, :delete, password_reset), method: :delete, data: [confirm: "Are you sure?"] %></span>
+      </td>
+    </tr>
+<% end %>
+  </tbody>
+</table>
+
+<span><%= link "New Password reset", to: Routes.password_reset_path(@conn, :new) %></span>
diff --git a/apps/fg_http/lib/fg_http_web/templates/password_reset/new.html.eex b/apps/fg_http/lib/fg_http_web/templates/password_reset/new.html.eex
new file mode 100644
index 000000000..5181f4870
--- /dev/null
+++ b/apps/fg_http/lib/fg_http_web/templates/password_reset/new.html.eex
@@ -0,0 +1,5 @@
+<h1>New Password reset</h1>
+
+<%= render "form.html", Map.put(assigns, :action, Routes.password_reset_path(@conn, :create)) %>
+
+<span><%= link "Back", to: Routes.session_path(@conn, :new) %></span>
diff --git a/apps/fg_http/lib/fg_http_web/templates/password_reset/show.html.eex b/apps/fg_http/lib/fg_http_web/templates/password_reset/show.html.eex
new file mode 100644
index 000000000..a3470a023
--- /dev/null
+++ b/apps/fg_http/lib/fg_http_web/templates/password_reset/show.html.eex
@@ -0,0 +1,18 @@
+<h1>Show Password reset</h1>
+
+<ul>
+
+  <li>
+    <strong>Reset sent at:</strong>
+    <%= @password_reset.reset_sent_at %>
+  </li>
+
+  <li>
+    <strong>Reset token:</strong>
+    <%= @password_reset.reset_token %>
+  </li>
+
+</ul>
+
+<span><%= link "Edit", to: Routes.password_reset_path(@conn, :edit, @password_reset) %></span>
+<span><%= link "Back", to: Routes.password_reset_path(@conn, :index) %></span>
diff --git a/apps/fg_http/lib/fg_http_web/views/layout_view.ex b/apps/fg_http/lib/fg_http_web/views/layout_view.ex
index 083ee3439..27136b0fc 100644
--- a/apps/fg_http/lib/fg_http_web/views/layout_view.ex
+++ b/apps/fg_http/lib/fg_http_web/views/layout_view.ex
@@ -1,3 +1,20 @@
 defmodule FgHttpWeb.LayoutView do
   use FgHttpWeb, :view
+
+  def render_flash(conn) do
+    ~E"""
+    <section id="flash">
+      <%= if get_flash(conn, :error) do %>
+        <div id="flash-error">
+          <%= get_flash(conn, :error) %>
+        </div>
+      <% end %>
+      <%= if get_flash(conn, :error) do %>
+        <div id="flash-error">
+          <%= get_flash(conn, :error) %>
+        </div>
+      <% end %>
+    </section>
+    """
+  end
 end
diff --git a/apps/fg_http/lib/fg_http_web/views/password_reset_view.ex b/apps/fg_http/lib/fg_http_web/views/password_reset_view.ex
new file mode 100644
index 000000000..16ddc7cd3
--- /dev/null
+++ b/apps/fg_http/lib/fg_http_web/views/password_reset_view.ex
@@ -0,0 +1,3 @@
+defmodule FgHttpWeb.PasswordResetView do
+  use FgHttpWeb, :view
+end
diff --git a/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs b/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
index 926607f58..f2254342d 100644
--- a/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
+++ b/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
@@ -7,8 +7,6 @@ defmodule FgHttp.Repo.Migrations.CreateUsers do
       add :confirmed_at, :utc_datetime
       add :password_hash, :string
       add :last_signed_in_at, :utc_datetime
-      add :reset_sent_at, :utc_datetime
-      add :reset_token, :utc_datetime
 
       timestamps()
     end
diff --git a/apps/fg_http/priv/repo/migrations/20200521154921_create_password_resets.exs b/apps/fg_http/priv/repo/migrations/20200521154921_create_password_resets.exs
new file mode 100644
index 000000000..54b3ff387
--- /dev/null
+++ b/apps/fg_http/priv/repo/migrations/20200521154921_create_password_resets.exs
@@ -0,0 +1,16 @@
+defmodule FgHttp.Repo.Migrations.CreatePasswordResets do
+  use Ecto.Migration
+
+  def change do
+    create table(:password_resets) do
+      add :reset_sent_at, :utc_datetime
+      add :reset_token, :string, null: false
+      add :user_id, references(:users, on_delete: :delete_all), null: false
+
+      timestamps()
+    end
+
+    create unique_index(:password_resets, [:reset_token])
+    create index(:password_resets, [:user_id])
+  end
+end
diff --git a/apps/fg_http/test/fg_http/password_resets_test.exs b/apps/fg_http/test/fg_http/password_resets_test.exs
new file mode 100644
index 000000000..9b2d984c8
--- /dev/null
+++ b/apps/fg_http/test/fg_http/password_resets_test.exs
@@ -0,0 +1,87 @@
+defmodule FgHttp.PasswordResetsTest do
+  use FgHttp.DataCase
+
+  alias FgHttp.{Fixtures, PasswordResets}
+
+  describe "password_resets" do
+    alias FgHttp.PasswordResets.PasswordReset
+
+    @valid_attrs %{reset_sent_at: "2010-04-17T14:00:00Z"}
+    @update_attrs %{reset_sent_at: "2011-05-18T15:01:01Z"}
+    @invalid_attrs %{reset_sent_at: nil}
+
+    def password_reset_fixture(attrs \\ %{}) do
+      {:ok, password_reset} =
+        attrs
+        |> Enum.into(%{user_id: Fixtures.user().id})
+        |> Enum.into(@valid_attrs)
+        |> PasswordResets.create_password_reset()
+
+      password_reset
+    end
+
+    test "list_password_resets/0 returns all password_resets" do
+      password_reset = password_reset_fixture()
+      assert PasswordResets.list_password_resets() == [password_reset]
+    end
+
+    test "get_password_reset!/1 returns the password_reset with given id" do
+      password_reset = password_reset_fixture()
+      assert PasswordResets.get_password_reset!(password_reset.id) == password_reset
+    end
+
+    test "create_password_reset/1 with valid data creates a password_reset" do
+      user_id = Fixtures.user().id
+      valid_attrs = Map.merge(@valid_attrs, %{user_id: user_id})
+
+      assert {:ok, %PasswordReset{} = password_reset} =
+               PasswordResets.create_password_reset(valid_attrs)
+
+      assert password_reset.reset_sent_at ==
+               DateTime.from_naive!(~N[2010-04-17T14:00:00Z], "Etc/UTC")
+
+      assert password_reset.reset_token
+      assert password_reset.user_id == user_id
+    end
+
+    test "create_password_reset/1 with invalid data returns error changeset" do
+      assert {:error, %Ecto.Changeset{}} = PasswordResets.create_password_reset(@invalid_attrs)
+    end
+
+    test "update_password_reset/2 with valid data updates the password_reset" do
+      password_reset = password_reset_fixture()
+
+      assert {:ok, %PasswordReset{} = password_reset} =
+               PasswordResets.update_password_reset(password_reset, @update_attrs)
+
+      assert password_reset.reset_sent_at ==
+               DateTime.from_naive!(~N[2011-05-18T15:01:01Z], "Etc/UTC")
+
+      assert password_reset.reset_token
+    end
+
+    test "update_password_reset/2 with invalid data returns error changeset" do
+      invalid_attrs = Map.merge(@invalid_attrs, %{reset_token: nil})
+      password_reset = password_reset_fixture()
+
+      assert {:error, %Ecto.Changeset{}} =
+               PasswordResets.update_password_reset(password_reset, invalid_attrs)
+
+      assert password_reset == PasswordResets.get_password_reset!(password_reset.id)
+    end
+
+    test "delete_password_reset/1 deletes the password_reset" do
+      password_reset = password_reset_fixture()
+      assert {:ok, %PasswordReset{}} = PasswordResets.delete_password_reset(password_reset)
+
+      assert_raise Ecto.NoResultsError, fn ->
+        PasswordResets.get_password_reset!(password_reset.id)
+      end
+    end
+
+    test "change_password_reset/1 returns a password_reset changeset" do
+      password_reset = password_reset_fixture()
+      assert %Ecto.Changeset{} = PasswordResets.change_password_reset(password_reset)
+    end
+  end
+end
diff --git a/apps/fg_http/test/fg_http_web/controllers/device_controller_test.exs b/apps/fg_http/test/fg_http_web/controllers/device_controller_test.exs
index 173cd25a2..73462e4d0 100644
--- a/apps/fg_http/test/fg_http_web/controllers/device_controller_test.exs
+++ b/apps/fg_http/test/fg_http_web/controllers/device_controller_test.exs
@@ -1,7 +1,7 @@
 defmodule FgHttpWeb.DeviceControllerTest do
   use FgHttpWeb.ConnCase, async: true
 
-  import FgHttp.Fixtures
+  alias FgHttp.Fixtures
 
   @create_attrs %{public_key: "foobar"}
   @update_attrs %{name: "some updated name"}
@@ -73,7 +73,7 @@ defmodule FgHttpWeb.DeviceControllerTest do
   end
 
   defp create_device(_) do
-    device = fixture(:device)
+    device = Fixtures.device()
     {:ok, device: device}
   end
 end
diff --git a/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs b/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs
new file mode 100644
index 000000000..8d6d9ab88
--- /dev/null
+++ b/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs
@@ -0,0 +1,20 @@
+defmodule FgHttpWeb.PasswordResetControllerTest do
+  use FgHttpWeb.ConnCase, async: true
+
+  @create_attrs %{user_email: "test"}
+
+  describe "new password_reset" do
+    test "renders form", %{unauthed_conn: conn} do
+      conn = get(conn, Routes.password_reset_path(conn, :new))
+      assert html_response(conn, 200) =~ "New Password reset"
+    end
+  end
+
+  describe "create password_reset" do
+    test "redirects to sign in when data is valid", %{unauthed_conn: conn} do
+      conn = post(conn, Routes.password_reset_path(conn, :create), password_reset: @create_attrs)
+
+      assert redirected_to(conn) == Routes.session_path(conn, :new)
+    end
+  end
+end
diff --git a/apps/fg_http/test/support/conn_case.ex b/apps/fg_http/test/support/conn_case.ex
index d2a6af700..613187bf6 100644
--- a/apps/fg_http/test/support/conn_case.ex
+++ b/apps/fg_http/test/support/conn_case.ex
@@ -19,7 +19,7 @@ defmodule FgHttpWeb.ConnCase do
 
   alias Ecto.Adapters.SQL.Sandbox
 
-  import FgHttp.Fixtures
+  alias FgHttp.Fixtures
 
   using do
     quote do
@@ -38,10 +38,10 @@ defmodule FgHttpWeb.ConnCase do
   end
 
   def authed_conn do
-    user = fixture(:user)
+    user = Fixtures.user()
 
     session =
-      fixture(:session, %{
+      Fixtures.session(%{
         user_id: user.id,
         user_password: "test",
         user_email: "test"
diff --git a/apps/fg_http/test/support/fixtures.ex b/apps/fg_http/test/support/fixtures.ex
index 31f5122fc..5f759de25 100644
--- a/apps/fg_http/test/support/fixtures.ex
+++ b/apps/fg_http/test/support/fixtures.ex
@@ -2,12 +2,15 @@ defmodule FgHttp.Fixtures do
   @moduledoc """
   Convenience helpers for inserting records
   """
-  alias FgHttp.{Devices, Repo, Sessions, Users, Users.User}
+  alias FgHttp.{Devices, PasswordResets, Repo, Sessions, Users, Users.User}
 
-  def fixture(:user) do
+  def user(attrs \\ %{}) do
     case Repo.get_by(User, email: "test") do
       nil ->
-        attrs = %{email: "test", password: "test", password_confirmation: "test"}
+        attrs =
+          attrs
+          |> Enum.into(%{email: "test", password: "test", password_confirmation: "test"})
+
         {:ok, user} = Users.create_user(attrs)
         user
 
@@ -16,13 +19,24 @@ defmodule FgHttp.Fixtures do
     end
   end
 
-  def fixture(:device) do
-    attrs = %{public_key: "foobar", ifname: "wg0", name: "factory"}
-    {:ok, device} = Devices.create_device(Map.merge(%{user_id: fixture(:user).id}, attrs))
+  def device(attrs \\ %{}) do
+    attrs =
+      attrs
+      |> Enum.into(%{user_id: user().id})
+      |> Enum.into(%{public_key: "foobar", ifname: "wg0", name: "factory"})
+
+    {:ok, device} = Devices.create_device(attrs)
     device
   end
 
-  def fixture(:session, attrs \\ %{}) do
-    {:ok, _session} = Sessions.create_session(attrs)
+  def session(attrs \\ %{}) do
+    {:ok, session} = Sessions.create_session(attrs)
+    session
+  end
+
+  def password_reset(attrs \\ %{}) do
+    create_attrs = Map.merge(attrs, %{user_email: user().email})
+    {:ok, password_reset} = PasswordResets.create_password_reset(create_attrs)
+    password_reset
   end
 end

From b2f7dbc7d04bf0807aa461e8511158943f03eed0 Mon Sep 17 00:00:00 2001
From: Jamil Bou Kheir <jamil@elbii.com>
Date: Thu, 21 May 2020 23:49:55 -0700
Subject: [PATCH 2/6] Remove unused templates

---
 .../templates/password_reset/edit.html.eex    |  5 ----
 .../templates/password_reset/index.html.eex   | 28 -------------------
 .../templates/password_reset/show.html.eex    | 18 ------------
 3 files changed, 51 deletions(-)
 delete mode 100644 apps/fg_http/lib/fg_http_web/templates/password_reset/edit.html.eex
 delete mode 100644 apps/fg_http/lib/fg_http_web/templates/password_reset/index.html.eex
 delete mode 100644 apps/fg_http/lib/fg_http_web/templates/password_reset/show.html.eex

diff --git a/apps/fg_http/lib/fg_http_web/templates/password_reset/edit.html.eex b/apps/fg_http/lib/fg_http_web/templates/password_reset/edit.html.eex
deleted file mode 100644
index ed57b0cd4..000000000
--- a/apps/fg_http/lib/fg_http_web/templates/password_reset/edit.html.eex
+++ /dev/null
@@ -1,5 +0,0 @@
-<h1>Edit Password reset</h1>
-
-<%= render "form.html", Map.put(assigns, :action, Routes.password_reset_path(@conn, :update, @password_reset)) %>
-
-<span><%= link "Back", to: Routes.password_reset_path(@conn, :index) %></span>
diff --git a/apps/fg_http/lib/fg_http_web/templates/password_reset/index.html.eex b/apps/fg_http/lib/fg_http_web/templates/password_reset/index.html.eex
deleted file mode 100644
index 1139f045f..000000000
--- a/apps/fg_http/lib/fg_http_web/templates/password_reset/index.html.eex
+++ /dev/null
@@ -1,28 +0,0 @@
-<h1>Listing Password resets</h1>
-
-<table>
-  <thead>
-    <tr>
-      <th>Reset sent at</th>
-      <th>Reset token</th>
-
-      <th></th>
-    </tr>
-  </thead>
-  <tbody>
-<%= for password_reset <- @password_resets do %>
-    <tr>
-      <td><%= password_reset.reset_sent_at %></td>
-      <td><%= password_reset.reset_token %></td>
-
-      <td>
-        <span><%= link "Show", to: Routes.password_reset_path(@conn, :show, password_reset) %></span>
-        <span><%= link "Edit", to: Routes.password_reset_path(@conn, :edit, password_reset) %></span>
-        <span><%= link "Delete", to: Routes.password_reset_path(@conn, :delete, password_reset), method: :delete, data: [confirm: "Are you sure?"] %></span>
-      </td>
-    </tr>
-<% end %>
-  </tbody>
-</table>
-
-<span><%= link "New Password reset", to: Routes.password_reset_path(@conn, :new) %></span>
diff --git a/apps/fg_http/lib/fg_http_web/templates/password_reset/show.html.eex b/apps/fg_http/lib/fg_http_web/templates/password_reset/show.html.eex
deleted file mode 100644
index a3470a023..000000000
--- a/apps/fg_http/lib/fg_http_web/templates/password_reset/show.html.eex
+++ /dev/null
@@ -1,18 +0,0 @@
-<h1>Show Password reset</h1>
-
-<ul>
-
-  <li>
-    <strong>Reset sent at:</strong>
-    <%= @password_reset.reset_sent_at %>
-  </li>
-
-  <li>
-    <strong>Reset token:</strong>
-    <%= @password_reset.reset_token %>
-  </li>
-
-</ul>
-
-<span><%= link "Edit", to: Routes.password_reset_path(@conn, :edit, @password_reset) %></span>
-<span><%= link "Back", to: Routes.password_reset_path(@conn, :index) %></span>

From 72b3434b23f30a3b7f633ab9836aebad2b57d497 Mon Sep 17 00:00:00 2001
From: Jamil Bou Kheir <jamil@elbii.com>
Date: Thu, 28 May 2020 18:04:27 -0700
Subject: [PATCH 3/6] fix formatting

---
 apps/fg_http/lib/fg_http/password_resets.ex   | 11 ++++-
 apps/fg_http/lib/fg_http/sessions.ex          |  2 +-
 .../password_reset.ex                         |  7 ++-
 .../fg_http/{sessions => users}/session.ex    |  2 +-
 apps/fg_http/lib/fg_http/users/user.ex        | 21 +++++++-
 .../controllers/password_reset_controller.ex  | 49 ++++++++++++++++++-
 .../controllers/session_controller.ex         |  2 +-
 .../templates/password_reset/form.html.eex    | 19 -------
 .../templates/password_reset/new.html.eex     | 22 ++++++++-
 .../20200225005454_create_users.exs           |  1 -
 .../20200521154921_create_password_resets.exs |  2 +
 .../test/fg_http/password_resets_test.exs     |  2 +-
 12 files changed, 109 insertions(+), 31 deletions(-)
 rename apps/fg_http/lib/fg_http/{password_resets => users}/password_reset.ex (90%)
 rename apps/fg_http/lib/fg_http/{sessions => users}/session.ex (96%)

diff --git a/apps/fg_http/lib/fg_http/password_resets.ex b/apps/fg_http/lib/fg_http/password_resets.ex
index 6093b786f..efd7488c0 100644
--- a/apps/fg_http/lib/fg_http/password_resets.ex
+++ b/apps/fg_http/lib/fg_http/password_resets.ex
@@ -6,7 +6,7 @@ defmodule FgHttp.PasswordResets do
   import Ecto.Query, warn: false
   alias FgHttp.Repo
 
-  alias FgHttp.PasswordResets.PasswordReset
+  alias FgHttp.Users.PasswordReset
 
   @doc """
   Returns the list of password_resets.
@@ -21,6 +21,15 @@ defmodule FgHttp.PasswordResets do
     Repo.all(PasswordReset)
   end
 
+  def load_user_from_valid_token!(token) when is_binary(token) do
+    Repo.get_by!(
+      PasswordReset,
+      reset_token: token,
+      consumed_at: nil,
+      reset_sent_at: DateTime.utc_now() - PasswordReset.token_validity_secs()
+    )
+  end
+
   @doc """
   Gets a single password_reset.
 
diff --git a/apps/fg_http/lib/fg_http/sessions.ex b/apps/fg_http/lib/fg_http/sessions.ex
index de3cb808d..35cd8373c 100644
--- a/apps/fg_http/lib/fg_http/sessions.ex
+++ b/apps/fg_http/lib/fg_http/sessions.ex
@@ -6,7 +6,7 @@ defmodule FgHttp.Sessions do
   import Ecto.Query, warn: false
   alias FgHttp.Repo
 
-  alias FgHttp.{Sessions.Session, Users.User}
+  alias FgHttp.{Users.Session, Users.User}
 
   @doc """
   Returns the list of sessions.
diff --git a/apps/fg_http/lib/fg_http/password_resets/password_reset.ex b/apps/fg_http/lib/fg_http/users/password_reset.ex
similarity index 90%
rename from apps/fg_http/lib/fg_http/password_resets/password_reset.ex
rename to apps/fg_http/lib/fg_http/users/password_reset.ex
index fe9ad877c..07a16ad7b 100644
--- a/apps/fg_http/lib/fg_http/password_resets/password_reset.ex
+++ b/apps/fg_http/lib/fg_http/users/password_reset.ex
@@ -1,4 +1,4 @@
-defmodule FgHttp.PasswordResets.PasswordReset do
+defmodule FgHttp.Users.PasswordReset do
   @moduledoc """
   Schema for PasswordReset
   """
@@ -9,10 +9,13 @@ defmodule FgHttp.PasswordResets.PasswordReset do
   alias FgHttp.{Users, Users.User}
 
   @token_num_bytes 8
+  # 1 day
+  @token_validity_secs 86_400
 
   schema "password_resets" do
     field :reset_sent_at, :utc_datetime
     field :reset_token, :string
+    field :consumed_at, :string
     field :user_email, :string, virtual: true
     belongs_to :user, User
 
@@ -42,6 +45,8 @@ defmodule FgHttp.PasswordResets.PasswordReset do
     |> validate_required([:reset_token])
   end
 
+  def token_validity_secs, do: @token_validity_secs
+
   defp load_user_from_email(
          %Ecto.Changeset{
            valid?: true,
diff --git a/apps/fg_http/lib/fg_http/sessions/session.ex b/apps/fg_http/lib/fg_http/users/session.ex
similarity index 96%
rename from apps/fg_http/lib/fg_http/sessions/session.ex
rename to apps/fg_http/lib/fg_http/users/session.ex
index bc191d2a8..11ae90101 100644
--- a/apps/fg_http/lib/fg_http/sessions/session.ex
+++ b/apps/fg_http/lib/fg_http/users/session.ex
@@ -1,4 +1,4 @@
-defmodule FgHttp.Sessions.Session do
+defmodule FgHttp.Users.Session do
   @moduledoc """
   Represents a Session
   """
diff --git a/apps/fg_http/lib/fg_http/users/user.ex b/apps/fg_http/lib/fg_http/users/user.ex
index 9e682f9e3..bff3a4239 100644
--- a/apps/fg_http/lib/fg_http/users/user.ex
+++ b/apps/fg_http/lib/fg_http/users/user.ex
@@ -6,7 +6,7 @@ defmodule FgHttp.Users.User do
   use Ecto.Schema
   import Ecto.Changeset
 
-  alias FgHttp.{Devices.Device, Sessions.Session}
+  alias FgHttp.{Devices.Device, Users.Session}
 
   schema "users" do
     field :email, :string
@@ -35,7 +35,7 @@ defmodule FgHttp.Users.User do
     |> validate_required([:password_hash])
   end
 
-  # Only password being updated
+  # Password updated with user logged in
   def update_changeset(
         user,
         %{
@@ -54,6 +54,23 @@ defmodule FgHttp.Users.User do
     |> validate_required([:password_hash])
   end
 
+  # Password updated from token
+  def update_changeset(
+        user,
+        %{
+          user: %{
+            password: _password,
+            password_confirmation: _password_confirmation
+          }
+        } = attrs
+      ) do
+    user
+    |> cast(attrs, [:email, :password, :password_confirmation])
+    |> validate_required([:password, :password_confirmation])
+    |> put_password_hash()
+    |> validate_required([:password_hash])
+  end
+
   # Only email being updated
   def update_changeset(user, %{user: %{email: _email}} = attrs) do
     user
diff --git a/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex b/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex
index d686cdf61..6e822fad7 100644
--- a/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex
+++ b/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex
@@ -4,7 +4,7 @@ defmodule FgHttpWeb.PasswordResetController do
   """
 
   use FgHttpWeb, :controller
-  alias FgHttp.{PasswordResets, PasswordResets.PasswordReset}
+  alias FgHttp.{PasswordResets, Users.PasswordReset, Users.User}
 
   plug FgHttpWeb.Plugs.RedirectAuthenticated
 
@@ -15,6 +15,41 @@ defmodule FgHttpWeb.PasswordResetController do
     |> render("new.html", changeset: changeset)
   end
 
+  def edit(conn, %{"token" => token}) when is_binary(token) do
+    _user = load_user(conn, token)
+    changeset = PasswordReset.changeset(%PasswordReset{}, %{})
+
+    conn
+    |> render("edit.html", changeset: changeset)
+  end
+
+  def update(conn, %{
+        "password_reset" =>
+          %{
+            "reset_token" => token,
+            "user" => %{
+              "password" => _password,
+              "password_confirmation" => _password_confirmation
+            }
+          } = password_reset_params
+      })
+      when is_binary(token) do
+    user = load_user(conn, token)
+
+    case PasswordResets.update_password_reset(user, password_reset_params) do
+      {:ok, _user} ->
+        conn
+        |> clear_session()
+        |> put_flash(:info, "User password updated successfully. Please sign in.")
+        |> redirect(to: Routes.session_path(conn, :new))
+
+      {:error, changeset} ->
+        conn
+        |> put_flash(:error, "Error updating User password.")
+        |> render("edit.html", changeset: changeset)
+    end
+  end
+
   def create(conn, %{"password_reset" => %{"user_email" => _} = password_reset_params}) do
     case PasswordResets.create_password_reset(password_reset_params) do
       {:ok, _password_reset} ->
@@ -29,4 +64,16 @@ defmodule FgHttpWeb.PasswordResetController do
         |> render("new.html", changeset: changeset)
     end
   end
+
+  defp load_user(conn, token) do
+    case PasswordResets.load_user_from_valid_token!(token) do
+      nil ->
+        conn
+        |> put_status(:not_found)
+        |> halt()
+
+      %User{} = user ->
+        user
+    end
+  end
 end
diff --git a/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex b/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex
index 9196d8046..44a93411f 100644
--- a/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex
+++ b/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex
@@ -3,7 +3,7 @@ defmodule FgHttpWeb.SessionController do
   Implements the CRUD for a Session
   """
 
-  alias FgHttp.{Sessions, Sessions.Session}
+  alias FgHttp.{Sessions, Users.Session}
   use FgHttpWeb, :controller
 
   plug FgHttpWeb.Plugs.RedirectAuthenticated when action in [:new]
diff --git a/apps/fg_http/lib/fg_http_web/templates/password_reset/form.html.eex b/apps/fg_http/lib/fg_http_web/templates/password_reset/form.html.eex
index 23bcc3e43..e69de29bb 100644
--- a/apps/fg_http/lib/fg_http_web/templates/password_reset/form.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/password_reset/form.html.eex
@@ -1,19 +0,0 @@
-<%= form_for @changeset, @action, fn f -> %>
-  <%= if @changeset.action do %>
-    <div class="alert alert-danger">
-      <p>Oops, something went wrong! Please check the errors below.</p>
-    </div>
-  <% end %>
-
-  <%= label f, :reset_sent_at %>
-  <%= datetime_select f, :reset_sent_at %>
-  <%= error_tag f, :reset_sent_at %>
-
-  <%= label f, :reset_token %>
-  <%= text_input f, :reset_token %>
-  <%= error_tag f, :reset_token %>
-
-  <div>
-    <%= submit "Save" %>
-  </div>
-<% end %>
diff --git a/apps/fg_http/lib/fg_http_web/templates/password_reset/new.html.eex b/apps/fg_http/lib/fg_http_web/templates/password_reset/new.html.eex
index 5181f4870..6f6b11c15 100644
--- a/apps/fg_http/lib/fg_http_web/templates/password_reset/new.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/password_reset/new.html.eex
@@ -1,5 +1,23 @@
-<h1>New Password reset</h1>
+<h1>Change Password</h1>
 
-<%= render "form.html", Map.put(assigns, :action, Routes.password_reset_path(@conn, :create)) %>
+<%= form_for @changeset, Routes.password_reset_path(@conn, :create), fn f -> %>
+  <%= if @changeset.action do %>
+    <div class="alert alert-danger">
+      <p>Oops, something went wrong! Please check the errors below.</p>
+    </div>
+  <% end %>
+
+  <%= label f, :reset_sent_at %>
+  <%= datetime_select f, :reset_sent_at %>
+  <%= error_tag f, :reset_sent_at %>
+
+  <%= label f, :reset_token %>
+  <%= text_input f, :reset_token %>
+  <%= error_tag f, :reset_token %>
+
+  <div>
+    <%= submit "Save" %>
+  </div>
+<% end %>
 
 <span><%= link "Back", to: Routes.session_path(@conn, :new) %></span>
diff --git a/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs b/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
index f2254342d..fb1328e17 100644
--- a/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
+++ b/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
@@ -12,6 +12,5 @@ defmodule FgHttp.Repo.Migrations.CreateUsers do
     end
 
     create unique_index(:users, [:email])
-    create unique_index(:users, [:reset_token])
   end
 end
diff --git a/apps/fg_http/priv/repo/migrations/20200521154921_create_password_resets.exs b/apps/fg_http/priv/repo/migrations/20200521154921_create_password_resets.exs
index 54b3ff387..f634a468a 100644
--- a/apps/fg_http/priv/repo/migrations/20200521154921_create_password_resets.exs
+++ b/apps/fg_http/priv/repo/migrations/20200521154921_create_password_resets.exs
@@ -4,6 +4,7 @@ defmodule FgHttp.Repo.Migrations.CreatePasswordResets do
   def change do
     create table(:password_resets) do
       add :reset_sent_at, :utc_datetime
+      add :consumed_at, :utc_datetime
       add :reset_token, :string, null: false
       add :user_id, references(:users, on_delete: :delete_all), null: false
 
@@ -12,5 +13,6 @@ defmodule FgHttp.Repo.Migrations.CreatePasswordResets do
 
     create unique_index(:password_resets, [:reset_token])
     create index(:password_resets, [:user_id])
+    create index(:password_resets, [:consumed_at])
   end
 end
diff --git a/apps/fg_http/test/fg_http/password_resets_test.exs b/apps/fg_http/test/fg_http/password_resets_test.exs
index 9b2d984c8..8d3de347c 100644
--- a/apps/fg_http/test/fg_http/password_resets_test.exs
+++ b/apps/fg_http/test/fg_http/password_resets_test.exs
@@ -4,7 +4,7 @@ defmodule FgHttp.PasswordResetsTest do
   alias FgHttp.{Fixtures, PasswordResets}
 
   describe "password_resets" do
-    alias FgHttp.PasswordResets.PasswordReset
+    alias FgHttp.Users.PasswordReset
 
     @valid_attrs %{reset_sent_at: "2010-04-17T14:00:00Z"}
     @update_attrs %{reset_sent_at: "2011-05-18T15:01:01Z"}

From a7457a4368d72cc992b1307bf1bb8d9f051978db Mon Sep 17 00:00:00 2001
From: Jamil Bou Kheir <jamil@elbii.com>
Date: Sun, 31 May 2020 21:11:21 -0700
Subject: [PATCH 4/6] Refactor session and pw_reset into users table

---
 apps/fg_http/lib/fg_http/password_resets.ex   | 93 +++++--------------
 apps/fg_http/lib/fg_http/sessions.ex          | 89 +-----------------
 .../lib/fg_http/users/password_reset.ex       | 44 ++-------
 apps/fg_http/lib/fg_http/users/session.ex     | 41 ++++----
 apps/fg_http/lib/fg_http/users/user.ex        | 28 +++++-
 .../controllers/device_controller.ex          |  4 +-
 .../controllers/password_reset_controller.ex  | 77 ++++-----------
 .../controllers/session_controller.ex         | 30 +++---
 .../controllers/user_controller.ex            |  5 +-
 .../plugs/redirect_authenticated.ex           |  4 +-
 .../lib/fg_http_web/plugs/session_loader.ex   | 39 +++++---
 .../fg_http_web/templates/device/new.html.eex |  2 +-
 .../fg_http_web/templates/layout/app.html.eex |  4 +-
 .../templates/password_reset/form.html.eex    |  0
 .../templates/password_reset/new.html.eex     | 14 +--
 .../templates/session/new.html.eex            |  6 +-
 .../20200225005454_create_users.exs           |  5 +
 .../20200510162435_create_sessions.exs        | 15 ---
 .../20200521154921_create_password_resets.exs | 18 ----
 .../test/fg_http/password_resets_test.exs     | 78 +++-------------
 .../controllers/device_controller_test.exs    | 12 +--
 .../password_reset_controller_test.exs        |  4 +-
 apps/fg_http/test/support/conn_case.ex        | 13 +--
 apps/fg_http/test/support/fixtures.ex         | 14 ++-
 24 files changed, 192 insertions(+), 447 deletions(-)
 delete mode 100644 apps/fg_http/lib/fg_http_web/templates/password_reset/form.html.eex
 delete mode 100644 apps/fg_http/priv/repo/migrations/20200510162435_create_sessions.exs
 delete mode 100644 apps/fg_http/priv/repo/migrations/20200521154921_create_password_resets.exs

diff --git a/apps/fg_http/lib/fg_http/password_resets.ex b/apps/fg_http/lib/fg_http/password_resets.ex
index efd7488c0..5cb706e0a 100644
--- a/apps/fg_http/lib/fg_http/password_resets.ex
+++ b/apps/fg_http/lib/fg_http/password_resets.ex
@@ -8,28 +8,6 @@ defmodule FgHttp.PasswordResets do
 
   alias FgHttp.Users.PasswordReset
 
-  @doc """
-  Returns the list of password_resets.
-
-  ## Examples
-
-      iex> list_password_resets()
-      [%PasswordReset{}, ...]
-
-  """
-  def list_password_resets do
-    Repo.all(PasswordReset)
-  end
-
-  def load_user_from_valid_token!(token) when is_binary(token) do
-    Repo.get_by!(
-      PasswordReset,
-      reset_token: token,
-      consumed_at: nil,
-      reset_sent_at: DateTime.utc_now() - PasswordReset.token_validity_secs()
-    )
-  end
-
   @doc """
   Gets a single password_reset.
 
@@ -44,70 +22,41 @@ defmodule FgHttp.PasswordResets do
       ** (Ecto.NoResultsError)
 
   """
-  def get_password_reset!(id), do: Repo.get!(PasswordReset, id)
+  def get_password_reset!(email: email) do
+    Repo.get_by(
+      PasswordReset,
+      email: email
+    )
+  end
 
-  @doc """
-  Creates a password_reset.
+  def get_password_reset!(reset_token: reset_token) do
+    validity_secs = -1 * PasswordReset.token_validity_secs()
+    now = DateTime.truncate(DateTime.utc_now(), :second)
 
-  ## Examples
+    query =
+      from p in PasswordReset,
+        where:
+          p.reset_token == ^reset_token and is_nil(p.reset_consumed_at) and
+            p.reset_sent_at > datetime_add(^now, ^validity_secs, "second")
 
-      iex> create_password_reset(%{field: value})
-      {:ok, %PasswordReset{}}
-
-      iex> create_password_reset(%{field: bad_value})
-      {:error, %Ecto.Changeset{}}
-
-  """
-  def create_password_reset(attrs \\ %{}) do
-    %PasswordReset{}
-    |> PasswordReset.create_changeset(attrs)
-    |> Repo.insert()
+    Repo.one(query)
   end
 
   @doc """
-  Updates a password_reset.
+  Updates a User with the password reset fields
 
   ## Examples
 
-      iex> update_password_reset(password_reset, %{field: new_value})
+      iex> update_password_reset(%{field: value})
       {:ok, %PasswordReset{}}
 
-      iex> update_password_reset(password_reset, %{field: bad_value})
+      iex> update_password_reset(%{field: bad_value})
       {:error, %Ecto.Changeset{}}
 
   """
-  def update_password_reset(%PasswordReset{} = password_reset, attrs) do
-    password_reset
-    |> PasswordReset.update_changeset(attrs)
+  def create_password_reset(%PasswordReset{} = record, attrs) do
+    record
+    |> PasswordReset.create_changeset(attrs)
     |> Repo.update()
   end
-
-  @doc """
-  Deletes a password_reset.
-
-  ## Examples
-
-      iex> delete_password_reset(password_reset)
-      {:ok, %PasswordReset{}}
-
-      iex> delete_password_reset(password_reset)
-      {:error, %Ecto.Changeset{}}
-
-  """
-  def delete_password_reset(%PasswordReset{} = password_reset) do
-    Repo.delete(password_reset)
-  end
-
-  @doc """
-  Returns an `%Ecto.Changeset{}` for tracking password_reset changes.
-
-  ## Examples
-
-      iex> change_password_reset(password_reset)
-      %Ecto.Changeset{data: %PasswordReset{}}
-
-  """
-  def change_password_reset(%PasswordReset{} = password_reset, attrs \\ %{}) do
-    PasswordReset.changeset(password_reset, attrs)
-  end
 end
diff --git a/apps/fg_http/lib/fg_http/sessions.ex b/apps/fg_http/lib/fg_http/sessions.ex
index 35cd8373c..e5160fa36 100644
--- a/apps/fg_http/lib/fg_http/sessions.ex
+++ b/apps/fg_http/lib/fg_http/sessions.ex
@@ -6,20 +6,7 @@ defmodule FgHttp.Sessions do
   import Ecto.Query, warn: false
   alias FgHttp.Repo
 
-  alias FgHttp.{Users.Session, Users.User}
-
-  @doc """
-  Returns the list of sessions.
-
-  ## Examples
-
-      iex> list_sessions()
-      [%Session{}, ...]
-
-  """
-  def list_sessions do
-    Repo.all(Session)
-  end
+  alias FgHttp.Users.Session
 
   @doc """
   Gets a single session.
@@ -35,6 +22,7 @@ defmodule FgHttp.Sessions do
       ** (Ecto.NoResultsError)
 
   """
+  def get_session!(email: email), do: Repo.get_by!(Session, email: email)
   def get_session!(id), do: Repo.get!(Session, id)
 
   @doc """
@@ -49,78 +37,9 @@ defmodule FgHttp.Sessions do
       {:error, %Ecto.Changeset{}}
 
   """
-  def create_session(attrs \\ %{}) do
-    %Session{}
+  def create_session(%{email: email} = attrs) do
+    get_session!(email: email)
     |> Session.create_changeset(attrs)
-    |> Repo.insert()
-  end
-
-  @doc """
-  Updates a session.
-
-  ## Examples
-
-      iex> update_session(session, %{field: new_value})
-      {:ok, %Session{}}
-
-      iex> update_session(session, %{field: bad_value})
-      {:error, %Ecto.Changeset{}}
-
-  """
-  def update_session(%Session{} = session, attrs) do
-    session
-    |> Session.changeset(attrs)
     |> Repo.update()
   end
-
-  @doc """
-  Deletes a session.
-
-  ## Examples
-
-      iex> delete_session(session)
-      {:ok, %Session{}}
-
-      iex> delete_session(session)
-      {:error, %Ecto.Changeset{}}
-
-  """
-  def delete_session(%Session{} = session, really_delete: true) do
-    Repo.delete(session)
-  end
-
-  def delete_session(%Session{} = session) do
-    update_session(session, %{deleted_at: DateTime.utc_now()})
-  end
-
-  def load_session(_session_id) do
-    query =
-      from s in Session,
-        where: is_nil(s.deleted_at),
-        join: u in User,
-        on: s.user_id == u.id,
-        select: {s, u},
-        preload: :user
-
-    case session = Repo.one(query) do
-      nil ->
-        {:error, "Valid session not found"}
-
-      _ ->
-        {:ok, session}
-    end
-  end
-
-  @doc """
-  Returns an `%Ecto.Changeset{}` for tracking session changes.
-
-  ## Examples
-
-      iex> change_session(session)
-      %Ecto.Changeset{source: %Session{}}
-
-  """
-  def change_session(%Session{} = session) do
-    Session.changeset(session, %{})
-  end
 end
diff --git a/apps/fg_http/lib/fg_http/users/password_reset.ex b/apps/fg_http/lib/fg_http/users/password_reset.ex
index 07a16ad7b..e2cd64d15 100644
--- a/apps/fg_http/lib/fg_http/users/password_reset.ex
+++ b/apps/fg_http/lib/fg_http/users/password_reset.ex
@@ -6,59 +6,35 @@ defmodule FgHttp.Users.PasswordReset do
   use Ecto.Schema
   import Ecto.Changeset
 
-  alias FgHttp.{Users, Users.User}
-
   @token_num_bytes 8
   # 1 day
   @token_validity_secs 86_400
 
-  schema "password_resets" do
+  schema "users" do
     field :reset_sent_at, :utc_datetime
+    field :reset_consumed_at, :utc_datetime
     field :reset_token, :string
-    field :consumed_at, :string
-    field :user_email, :string, virtual: true
-    belongs_to :user, User
-
-    timestamps()
+    field :email, :string
   end
 
   @doc false
-  def changeset(password_reset, attrs) do
-    password_reset
-    |> cast(attrs, [:user_id, :user_email, :reset_sent_at, :reset_token])
+  def changeset do
+    %__MODULE__{}
+    |> cast(%{}, [:email, :reset_sent_at, :reset_token])
   end
 
   @doc false
-  def create_changeset(password_reset, attrs) do
+  def create_changeset(%__MODULE__{} = password_reset, attrs) do
     password_reset
-    |> cast(attrs, [:user_id, :user_email, :reset_sent_at, :reset_token])
-    |> load_user_from_email()
+    |> cast(attrs, [:email, :reset_sent_at, :reset_token])
+    |> validate_required([:email])
     |> generate_reset_token()
-    |> validate_required([:reset_token, :user_id])
+    |> validate_required([:reset_token])
     |> unique_constraint(:reset_token)
   end
 
-  @doc false
-  def update_changeset(password_reset, attrs) do
-    password_reset
-    |> cast(attrs, [:user_id, :user_email, :reset_sent_at, :reset_token])
-    |> validate_required([:reset_token])
-  end
-
   def token_validity_secs, do: @token_validity_secs
 
-  defp load_user_from_email(
-         %Ecto.Changeset{
-           valid?: true,
-           changes: %{user_email: user_email}
-         } = changeset
-       ) do
-    user = Users.get_user!(email: user_email)
-    put_change(changeset, :user_id, user.id)
-  end
-
-  defp load_user_from_email(changeset), do: changeset
-
   defp generate_reset_token(%Ecto.Changeset{valid?: true} = changeset) do
     random_bytes = :crypto.strong_rand_bytes(@token_num_bytes)
     random_string = Base.url_encode64(random_bytes)
diff --git a/apps/fg_http/lib/fg_http/users/session.ex b/apps/fg_http/lib/fg_http/users/session.ex
index 11ae90101..46f405c78 100644
--- a/apps/fg_http/lib/fg_http/users/session.ex
+++ b/apps/fg_http/lib/fg_http/users/session.ex
@@ -8,47 +8,46 @@ defmodule FgHttp.Users.Session do
 
   alias FgHttp.{Users, Users.User}
 
-  schema "sessions" do
-    field :deleted_at, :utc_datetime
-    belongs_to :user, User
-
-    # VIRTUAL FIELDS
-    field :user_email, :string, virtual: true
-    field :user_password, :string, virtual: true
-
-    timestamps()
-  end
-
-  @doc false
-  def changeset(session, attrs \\ %{}) do
-    session
-    |> cast(attrs, [:deleted_at])
-    |> validate_required([])
+  schema "users" do
+    field :email, :string
+    field :password, :string, virtual: true
+    field :last_signed_in_at, :utc_datetime
   end
 
   def create_changeset(session, attrs \\ %{}) do
     session
-    |> cast(attrs, [:user_email, :user_password])
-    |> validate_required([:user_email, :user_password])
+    |> cast(attrs, [:email, :password])
+    |> validate_required([:email, :password])
     |> authenticate_user()
+    |> set_last_signed_in_at()
   end
 
+  defp set_last_signed_in_at(%Ecto.Changeset{valid?: true} = changeset) do
+    last_signed_in_at = DateTime.truncate(DateTime.utc_now(), :second)
+    change(changeset, last_signed_in_at: last_signed_in_at)
+  end
+
+  defp set_last_signed_in_at(changeset), do: changeset
+
   defp authenticate_user(
          %Ecto.Changeset{
            valid?: true,
-           changes: %{user_email: email, user_password: password}
+           changes: %{email: email, password: password}
          } = changeset
        ) do
     user = Users.get_user!(email: email)
 
     case User.authenticate_user(user, password) do
       {:ok, _} ->
-        change(changeset, user_id: user.id)
+        # Remove the user's password so it doesn't accidentally end up somewhere
+        changeset
+        |> delete_change(:password)
+        |> change(%{id: user.id})
 
       {:error, error_msg} ->
         raise("There was an issue with your password: #{error_msg}")
     end
   end
 
-  defp authenticate_user(changeset), do: changeset
+  defp authenticate_user(changeset), do: delete_change(changeset, :password)
 end
diff --git a/apps/fg_http/lib/fg_http/users/user.ex b/apps/fg_http/lib/fg_http/users/user.ex
index bff3a4239..66cf3d121 100644
--- a/apps/fg_http/lib/fg_http/users/user.ex
+++ b/apps/fg_http/lib/fg_http/users/user.ex
@@ -6,7 +6,7 @@ defmodule FgHttp.Users.User do
   use Ecto.Schema
   import Ecto.Changeset
 
-  alias FgHttp.{Devices.Device, Users.Session}
+  alias FgHttp.Devices.Device
 
   schema "users" do
     field :email, :string
@@ -20,7 +20,6 @@ defmodule FgHttp.Users.User do
     field :current_password, :string, virtual: true
 
     has_many :devices, Device, on_delete: :delete_all
-    has_many :sessions, Session, on_delete: :delete_all
 
     timestamps()
   end
@@ -67,6 +66,7 @@ defmodule FgHttp.Users.User do
     user
     |> cast(attrs, [:email, :password, :password_confirmation])
     |> validate_required([:password, :password_confirmation])
+    |> validate_password_equality()
     |> put_password_hash()
     |> validate_required([:password_hash])
   end
@@ -91,14 +91,34 @@ defmodule FgHttp.Users.User do
     user
   end
 
+  defp validate_password_equality(%Ecto.Changeset{valid?: true} = changeset) do
+    password = changeset.changes[:password]
+    password_confirmation = changeset.changes[:password_confirmation]
+
+    if password != password_confirmation do
+      add_error(changeset, :password, "does not match password confirmation.")
+    else
+      changeset
+    end
+  end
+
+  defp validate_password_equality(changeset), do: changeset
+
   defp put_password_hash(
          %Ecto.Changeset{
            valid?: true,
            changes: %{password: password}
          } = changeset
        ) do
-    change(changeset, password_hash: Argon2.hash_pwd_salt(password))
+    changeset
+    |> change(password_hash: Argon2.hash_pwd_salt(password))
+    |> delete_change(:password)
+    |> delete_change(:password_confirmation)
   end
 
-  defp put_password_hash(changeset), do: changeset
+  defp put_password_hash(changeset) do
+    changeset
+    |> delete_change(:password)
+    |> delete_change(:password_confirmation)
+  end
 end
diff --git a/apps/fg_http/lib/fg_http_web/controllers/device_controller.ex b/apps/fg_http/lib/fg_http_web/controllers/device_controller.ex
index 1bc4abb9b..0d26a9198 100644
--- a/apps/fg_http/lib/fg_http_web/controllers/device_controller.ex
+++ b/apps/fg_http/lib/fg_http_web/controllers/device_controller.ex
@@ -9,7 +9,7 @@ defmodule FgHttpWeb.DeviceController do
   plug FgHttpWeb.Plugs.SessionLoader
 
   def index(conn, _params) do
-    devices = Devices.list_devices(conn.assigns.current_user.id)
+    devices = Devices.list_devices(conn.assigns.session.id)
     render(conn, "index.html", devices: devices)
   end
 
@@ -20,7 +20,7 @@ defmodule FgHttpWeb.DeviceController do
 
   def create(conn, %{"device" => %{"public_key" => _public_key} = device_params}) do
     our_params = %{
-      "user_id" => conn.assigns.current_user.id,
+      "user_id" => conn.assigns.session.id,
       "name" => "Default",
       "ifname" => "wg0"
     }
diff --git a/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex b/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex
index 6e822fad7..29b9559ec 100644
--- a/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex
+++ b/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex
@@ -4,76 +4,35 @@ defmodule FgHttpWeb.PasswordResetController do
   """
 
   use FgHttpWeb, :controller
-  alias FgHttp.{PasswordResets, Users.PasswordReset, Users.User}
+  alias FgHttp.{PasswordResets, Users.PasswordReset}
 
   plug FgHttpWeb.Plugs.RedirectAuthenticated
 
   def new(conn, _params) do
-    changeset = PasswordReset.changeset(%PasswordReset{}, %{})
-
     conn
-    |> render("new.html", changeset: changeset)
+    |> render("new.html", changeset: PasswordReset.changeset())
   end
 
-  def edit(conn, %{"token" => token}) when is_binary(token) do
-    _user = load_user(conn, token)
-    changeset = PasswordReset.changeset(%PasswordReset{}, %{})
+  def create(conn, %{"password_reset" => %{"email" => email}}) do
+    case PasswordResets.get_password_reset!(email: email) do
+      %PasswordReset{} = record ->
+        case PasswordResets.create_password_reset(record, %{email: email}) do
+          {:ok, _password_reset} ->
+            conn
+            |> clear_session()
+            |> put_flash(:info, "Check your email for the password reset link.")
+            |> redirect(to: Routes.session_path(conn, :new))
 
-    conn
-    |> render("edit.html", changeset: changeset)
-  end
+          {:error, changeset} ->
+            conn
+            |> put_flash(:error, "Error creating password reset.")
+            |> render("new.html", changeset: changeset)
+        end
 
-  def update(conn, %{
-        "password_reset" =>
-          %{
-            "reset_token" => token,
-            "user" => %{
-              "password" => _password,
-              "password_confirmation" => _password_confirmation
-            }
-          } = password_reset_params
-      })
-      when is_binary(token) do
-    user = load_user(conn, token)
-
-    case PasswordResets.update_password_reset(user, password_reset_params) do
-      {:ok, _user} ->
-        conn
-        |> clear_session()
-        |> put_flash(:info, "User password updated successfully. Please sign in.")
-        |> redirect(to: Routes.session_path(conn, :new))
-
-      {:error, changeset} ->
-        conn
-        |> put_flash(:error, "Error updating User password.")
-        |> render("edit.html", changeset: changeset)
-    end
-  end
-
-  def create(conn, %{"password_reset" => %{"user_email" => _} = password_reset_params}) do
-    case PasswordResets.create_password_reset(password_reset_params) do
-      {:ok, _password_reset} ->
-        conn
-        |> clear_session()
-        |> put_flash(:info, "Password reset successfully. Please sign in with your new password.")
-        |> redirect(to: Routes.session_path(conn, :new))
-
-      {:error, changeset} ->
-        conn
-        |> put_flash(:error, "Error creating password reset.")
-        |> render("new.html", changeset: changeset)
-    end
-  end
-
-  defp load_user(conn, token) do
-    case PasswordResets.load_user_from_valid_token!(token) do
       nil ->
         conn
-        |> put_status(:not_found)
-        |> halt()
-
-      %User{} = user ->
-        user
+        |> put_flash(:error, "User not found.")
+        |> render("new.html", changeset: PasswordReset.changeset())
     end
   end
 end
diff --git a/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex b/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex
index 44a93411f..f79e45e7b 100644
--- a/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex
+++ b/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex
@@ -3,7 +3,7 @@ defmodule FgHttpWeb.SessionController do
   Implements the CRUD for a Session
   """
 
-  alias FgHttp.{Sessions, Users.Session}
+  alias FgHttp.Sessions
   use FgHttpWeb, :controller
 
   plug FgHttpWeb.Plugs.RedirectAuthenticated when action in [:new]
@@ -11,42 +11,34 @@ defmodule FgHttpWeb.SessionController do
 
   # GET /sessions/new
   def new(conn, _params) do
-    changeset = Session.changeset(%Session{})
-
-    render(conn, "new.html", changeset: changeset)
+    render(conn, "new.html")
   end
 
-  # Sign In
   # POST /sessions
   def create(conn, %{"session" => session_params}) do
     case Sessions.create_session(session_params) do
       {:ok, session} ->
         conn
-        # Prevent session fixation
         |> clear_session()
-        |> put_session(:session_id, session.id)
-        |> assign(:current_session, session)
+        |> put_session(:user_id, session.id)
+        |> assign(:session, session)
         |> put_flash(:info, "Session created successfully")
         |> redirect(to: Routes.device_path(conn, :index))
 
       {:error, changeset} ->
         conn
+        |> clear_session()
+        |> assign(:session, nil)
         |> put_flash(:error, "Error creating session.")
-        |> render("new.html", changeset: changeset, user_signed_in?: false)
+        |> render("new.html", changeset: changeset)
     end
   end
 
-  # Sign Out
   # DELETE /session
   def delete(conn, _params) do
-    session = conn.assigns.current_session
-
-    case Sessions.delete_session(session) do
-      {:ok, _session} ->
-        conn
-        |> clear_session
-        |> put_flash(:info, "Signed out successfully.")
-        |> redirect(to: "/")
-    end
+    conn
+    |> clear_session()
+    |> put_flash(:info, "Signed out successfully.")
+    |> redirect(to: "/")
   end
 end
diff --git a/apps/fg_http/lib/fg_http_web/controllers/user_controller.ex b/apps/fg_http/lib/fg_http_web/controllers/user_controller.ex
index a3912bbf4..1892dea81 100644
--- a/apps/fg_http/lib/fg_http_web/controllers/user_controller.ex
+++ b/apps/fg_http/lib/fg_http_web/controllers/user_controller.ex
@@ -4,7 +4,7 @@ defmodule FgHttpWeb.UserController do
   """
 
   use FgHttpWeb, :controller
-  alias FgHttp.{Users, Users.User}
+  alias FgHttp.{Users, Users.Session, Users.User}
 
   plug FgHttpWeb.Plugs.SessionLoader when action in [:show, :edit, :update, :delete]
 
@@ -19,7 +19,8 @@ defmodule FgHttpWeb.UserController do
     case Users.create_user(user_params) do
       {:ok, user} ->
         conn
-        |> assign(:current_user, user)
+        |> put_session(:user_id, user.id)
+        |> assign(:session, %Session{id: user.id, email: user.email})
         |> put_flash(:info, "User created successfully.")
         |> redirect(to: Routes.device_path(conn, :index))
 
diff --git a/apps/fg_http/lib/fg_http_web/plugs/redirect_authenticated.ex b/apps/fg_http/lib/fg_http_web/plugs/redirect_authenticated.ex
index ff99a1aba..433838ee7 100644
--- a/apps/fg_http/lib/fg_http_web/plugs/redirect_authenticated.ex
+++ b/apps/fg_http/lib/fg_http_web/plugs/redirect_authenticated.ex
@@ -9,13 +9,13 @@ defmodule FgHttpWeb.Plugs.RedirectAuthenticated do
   def init(default), do: default
 
   def call(conn, _default) do
-    if get_session(conn, :session_id) do
+    if get_session(conn, :email) do
       conn
       |> redirect(to: "/")
       |> halt()
     else
       conn
-      |> assign(:user_signed_in?, false)
+      |> assign(:session, nil)
     end
   end
 end
diff --git a/apps/fg_http/lib/fg_http_web/plugs/session_loader.ex b/apps/fg_http/lib/fg_http_web/plugs/session_loader.ex
index b6966a2e5..23e2481ae 100644
--- a/apps/fg_http/lib/fg_http_web/plugs/session_loader.ex
+++ b/apps/fg_http/lib/fg_http_web/plugs/session_loader.ex
@@ -4,24 +4,37 @@ defmodule FgHttpWeb.Plugs.SessionLoader do
   """
 
   import Plug.Conn
-  import Phoenix.Controller, only: [redirect: 2]
-  alias FgHttp.Sessions
+  import Phoenix.Controller, only: [put_flash: 3, redirect: 2]
+  alias FgHttp.{Sessions, Users.Session}
   alias FgHttpWeb.Router.Helpers, as: Routes
 
   def init(default), do: default
 
-  def call(conn, _default) do
-    case Sessions.load_session(get_session(conn, :session_id)) do
-      {:ok, {session, user}} ->
-        conn
-        |> assign(:current_session, session)
-        |> assign(:current_user, user)
-        |> assign(:user_signed_in?, true)
+  # Don't load an already loaded session
+  def call(%Plug.Conn{assigns: %{session: %Session{}}} = conn, _default), do: conn
 
-      {:error, _} ->
-        conn
-        |> redirect(to: Routes.session_path(conn, :new))
-        |> halt
+  def call(conn, _default) do
+    case get_session(conn, :user_id) do
+      nil ->
+        unauthed(conn)
+
+      user_id ->
+        case Sessions.get_session!(user_id) do
+          %Session{} = session ->
+            conn
+            |> assign(:session, session)
+
+          _ ->
+            unauthed(conn)
+        end
     end
   end
+
+  defp unauthed(conn) do
+    conn
+    |> clear_session()
+    |> put_flash(:error, "There was an error loading your session. Please sign in again")
+    |> redirect(to: Routes.session_path(conn, :new))
+    |> halt()
+  end
 end
diff --git a/apps/fg_http/lib/fg_http_web/templates/device/new.html.eex b/apps/fg_http/lib/fg_http_web/templates/device/new.html.eex
index a2366b5bb..fe3fea83a 100644
--- a/apps/fg_http/lib/fg_http_web/templates/device/new.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/device/new.html.eex
@@ -6,7 +6,7 @@
   <%= aggregated_errors(@changeset) %>
 <% end %>
 
-<%= live_render(@conn, FgHttpWeb.NewDeviceLive, session: %{"current_user_id" => @conn.assigns.current_user.id}) %>
+<%= live_render(@conn, FgHttpWeb.NewDeviceLive, session: %{"current_user_id" => @session.id}) %>
 
 <p>
   <%= link "Back", to: Routes.device_path(@conn, :index) %>
diff --git a/apps/fg_http/lib/fg_http_web/templates/layout/app.html.eex b/apps/fg_http/lib/fg_http_web/templates/layout/app.html.eex
index 570eb2794..a2aa2d9cf 100644
--- a/apps/fg_http/lib/fg_http_web/templates/layout/app.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/layout/app.html.eex
@@ -15,9 +15,9 @@
           <%= link("Fireguard", to: FgHttpWeb.Endpoint.url(), class: "link dim white dib mr3") %>
         </nav>
         <nav class="f6 fw6 ttu tracked fr">
-          <%= if @user_signed_in? do %>
+          <%= if assigns[:session] do %>
             <%= link("Devices", to: Routes.device_path(@conn, :index), class: "link dim white dib mr3") %>
-            <%= link("Sign out", to: Routes.session_path(@conn, :delete, @current_session), method: :delete, class: "link dim white dib mr3") %>
+            <%= link("Sign out", to: Routes.session_path(@conn, :delete, @session), method: :delete, class: "link dim white dib mr3") %>
           <% else %>
             <%= link("Sign in", to: Routes.session_path(@conn, :new), class: "link dim white dib mr3") %>
           <% end %>
diff --git a/apps/fg_http/lib/fg_http_web/templates/password_reset/form.html.eex b/apps/fg_http/lib/fg_http_web/templates/password_reset/form.html.eex
deleted file mode 100644
index e69de29bb..000000000
diff --git a/apps/fg_http/lib/fg_http_web/templates/password_reset/new.html.eex b/apps/fg_http/lib/fg_http_web/templates/password_reset/new.html.eex
index 6f6b11c15..220f12cd1 100644
--- a/apps/fg_http/lib/fg_http_web/templates/password_reset/new.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/password_reset/new.html.eex
@@ -1,4 +1,4 @@
-<h1>Change Password</h1>
+<h1>Reset Password</h1>
 
 <%= form_for @changeset, Routes.password_reset_path(@conn, :create), fn f -> %>
   <%= if @changeset.action do %>
@@ -7,16 +7,12 @@
     </div>
   <% end %>
 
-  <%= label f, :reset_sent_at %>
-  <%= datetime_select f, :reset_sent_at %>
-  <%= error_tag f, :reset_sent_at %>
-
-  <%= label f, :reset_token %>
-  <%= text_input f, :reset_token %>
-  <%= error_tag f, :reset_token %>
+  <%= label f, :email %>
+  <%= text_input f, :email %>
+  <%= error_tag f, :email %>
 
   <div>
-    <%= submit "Save" %>
+    <%= submit "Submit" %>
   </div>
 <% end %>
 
diff --git a/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex b/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex
index 4a84e3776..3844c0d6b 100644
--- a/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex
@@ -1,5 +1,5 @@
 <main class="pa4 black-80">
-  <%= form_for(@changeset, Routes.session_path(@conn, :create), [class: "measure center"], fn f -> %>
+  <%= form_for(@conn, Routes.session_path(@conn, :create), [as: :session, class: "measure center"], fn f -> %>
     <%= if f.errors do %>
       <!-- Errors -->
     <% end %>
@@ -8,11 +8,11 @@
       <legend class="f4 fw6 ph0 mh0">Sign In</legend>
       <div class="mt3">
         <%= label(:session_user, :email, class: "db fw6 lh-copy f6") %>
-        <%= text_input(f, :user_email, class: "pa2 input-reset ba bg-transparent hover-bg-black hover-white w-100") %>
+        <%= text_input(f, :email, class: "pa2 input-reset ba bg-transparent hover-bg-black hover-white w-100") %>
       </div>
       <div class="mv3">
         <%= label(:session_user, :password, class: "db fw6 lh-copy f6") %>
-        <%= password_input(f, :user_password, class: "pa2 input-reset ba bg-transparent hover-bg-black hover-white w-100") %>
+        <%= password_input(f, :password, class: "pa2 input-reset ba bg-transparent hover-bg-black hover-white w-100") %>
       </div>
       <label class="pa0 ma0 lh-copy f6 pointer"><input type="checkbox"> Remember me</label>
     </fieldset>
diff --git a/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs b/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
index fb1328e17..4bd7fed66 100644
--- a/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
+++ b/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
@@ -7,10 +7,15 @@ defmodule FgHttp.Repo.Migrations.CreateUsers do
       add :confirmed_at, :utc_datetime
       add :password_hash, :string
       add :last_signed_in_at, :utc_datetime
+      add :reset_token, :string
+      add :reset_sent_at, :utc_datetime
+      add :reset_consumed_at, :utc_datetime
 
       timestamps()
     end
 
     create unique_index(:users, [:email])
+    create index(:users, [:reset_token, :reset_sent_at, :reset_consumed_at])
+    create index(:users, [:confirmed_at])
   end
 end
diff --git a/apps/fg_http/priv/repo/migrations/20200510162435_create_sessions.exs b/apps/fg_http/priv/repo/migrations/20200510162435_create_sessions.exs
deleted file mode 100644
index f1abef545..000000000
--- a/apps/fg_http/priv/repo/migrations/20200510162435_create_sessions.exs
+++ /dev/null
@@ -1,15 +0,0 @@
-defmodule FgHttp.Repo.Migrations.CreateSessions do
-  use Ecto.Migration
-
-  def change do
-    create table(:sessions) do
-      add :user_id, references(:users, on_delete: :delete_all), null: false
-      add :deleted_at, :utc_datetime
-
-      timestamps()
-    end
-
-    create index(:sessions, [:user_id])
-    create index(:sessions, [:deleted_at])
-  end
-end
diff --git a/apps/fg_http/priv/repo/migrations/20200521154921_create_password_resets.exs b/apps/fg_http/priv/repo/migrations/20200521154921_create_password_resets.exs
deleted file mode 100644
index f634a468a..000000000
--- a/apps/fg_http/priv/repo/migrations/20200521154921_create_password_resets.exs
+++ /dev/null
@@ -1,18 +0,0 @@
-defmodule FgHttp.Repo.Migrations.CreatePasswordResets do
-  use Ecto.Migration
-
-  def change do
-    create table(:password_resets) do
-      add :reset_sent_at, :utc_datetime
-      add :consumed_at, :utc_datetime
-      add :reset_token, :string, null: false
-      add :user_id, references(:users, on_delete: :delete_all), null: false
-
-      timestamps()
-    end
-
-    create unique_index(:password_resets, [:reset_token])
-    create index(:password_resets, [:user_id])
-    create index(:password_resets, [:consumed_at])
-  end
-end
diff --git a/apps/fg_http/test/fg_http/password_resets_test.exs b/apps/fg_http/test/fg_http/password_resets_test.exs
index 8d3de347c..46c3561b0 100644
--- a/apps/fg_http/test/fg_http/password_resets_test.exs
+++ b/apps/fg_http/test/fg_http/password_resets_test.exs
@@ -6,82 +6,34 @@ defmodule FgHttp.PasswordResetsTest do
   describe "password_resets" do
     alias FgHttp.Users.PasswordReset
 
-    @valid_attrs %{reset_sent_at: "2010-04-17T14:00:00Z"}
-    @update_attrs %{reset_sent_at: "2011-05-18T15:01:01Z"}
-    @invalid_attrs %{reset_sent_at: nil}
+    @valid_attrs %{email: "test"}
+    @invalid_attrs %{email: ""}
 
-    def password_reset_fixture(attrs \\ %{}) do
-      {:ok, password_reset} =
-        attrs
-        |> Enum.into(%{user_id: Fixtures.user().id})
-        |> Enum.into(@valid_attrs)
-        |> PasswordResets.create_password_reset()
-
-      password_reset
-    end
-
-    test "list_password_resets/0 returns all password_resets" do
-      password_reset = password_reset_fixture()
-      assert PasswordResets.list_password_resets() == [password_reset]
-    end
-
-    test "get_password_reset!/1 returns the password_reset with given id" do
-      password_reset = password_reset_fixture()
-      assert PasswordResets.get_password_reset!(password_reset.id) == password_reset
+    test "get_password_reset!/1 returns the password_reset with given token" do
+      token = Fixtures.password_reset(%{reset_sent_at: DateTime.utc_now()}).reset_token
+      gotten = PasswordResets.get_password_reset!(reset_token: token)
+      assert gotten.reset_token == token
     end
 
     test "create_password_reset/1 with valid data creates a password_reset" do
-      user_id = Fixtures.user().id
-      valid_attrs = Map.merge(@valid_attrs, %{user_id: user_id})
+      email = Fixtures.user().email
 
       assert {:ok, %PasswordReset{} = password_reset} =
-               PasswordResets.create_password_reset(valid_attrs)
+               PasswordResets.create_password_reset(Fixtures.password_reset(), @valid_attrs)
 
-      assert password_reset.reset_sent_at ==
-               DateTime.from_naive!(~N[2010-04-17T14:00:00Z], "Etc/UTC")
+      # reset_sent_at should be nil after creation
+      assert is_nil(password_reset.reset_sent_at)
 
       assert password_reset.reset_token
-      assert password_reset.user_id == user_id
+      assert password_reset.email == email
     end
 
     test "create_password_reset/1 with invalid data returns error changeset" do
-      assert {:error, %Ecto.Changeset{}} = PasswordResets.create_password_reset(@invalid_attrs)
-    end
-
-    test "update_password_reset/2 with valid data updates the password_reset" do
-      password_reset = password_reset_fixture()
-
-      assert {:ok, %PasswordReset{} = password_reset} =
-               PasswordResets.update_password_reset(password_reset, @update_attrs)
-
-      assert password_reset.reset_sent_at ==
-               DateTime.from_naive!(~N[2011-05-18T15:01:01Z], "Etc/UTC")
-
-      assert password_reset.reset_token
-    end
-
-    test "update_password_reset/2 with invalid data returns error changeset" do
-      invalid_attrs = Map.merge(@invalid_attrs, %{reset_token: nil})
-      password_reset = password_reset_fixture()
-
       assert {:error, %Ecto.Changeset{}} =
-               PasswordResets.update_password_reset(password_reset, invalid_attrs)
-
-      assert password_reset == PasswordResets.get_password_reset!(password_reset.id)
-    end
-
-    test "delete_password_reset/1 deletes the password_reset" do
-      password_reset = password_reset_fixture()
-      assert {:ok, %PasswordReset{}} = PasswordResets.delete_password_reset(password_reset)
-
-      assert_raise Ecto.NoResultsError, fn ->
-        PasswordResets.get_password_reset!(password_reset.id)
-      end
-    end
-
-    test "change_password_reset/1 returns a password_reset changeset" do
-      password_reset = password_reset_fixture()
-      assert %Ecto.Changeset{} = PasswordResets.change_password_reset(password_reset)
+               PasswordResets.create_password_reset(
+                 Fixtures.password_reset(),
+                 @invalid_attrs
+               )
     end
   end
 end
diff --git a/apps/fg_http/test/fg_http_web/controllers/device_controller_test.exs b/apps/fg_http/test/fg_http_web/controllers/device_controller_test.exs
index 73462e4d0..6fa1d658f 100644
--- a/apps/fg_http/test/fg_http_web/controllers/device_controller_test.exs
+++ b/apps/fg_http/test/fg_http_web/controllers/device_controller_test.exs
@@ -46,11 +46,11 @@ defmodule FgHttpWeb.DeviceControllerTest do
     setup [:create_device]
 
     test "redirects when data is valid", %{authed_conn: conn, device: device} do
-      conn = put(conn, Routes.device_path(conn, :update, device), device: @update_attrs)
-      assert redirected_to(conn) == Routes.device_path(conn, :show, device)
+      test_conn = put(conn, Routes.device_path(conn, :update, device), device: @update_attrs)
+      assert redirected_to(test_conn) == Routes.device_path(conn, :show, device)
 
-      conn = get(conn, Routes.device_path(conn, :show, device))
-      assert html_response(conn, 200) =~ "some updated name"
+      test_conn = get(conn, Routes.device_path(conn, :show, device))
+      assert html_response(test_conn, 200) =~ "some updated name"
     end
 
     test "renders errors when data is invalid", %{authed_conn: conn, device: device} do
@@ -63,8 +63,8 @@ defmodule FgHttpWeb.DeviceControllerTest do
     setup [:create_device]
 
     test "deletes chosen device", %{authed_conn: conn, device: device} do
-      conn = delete(conn, Routes.device_path(conn, :delete, device))
-      assert redirected_to(conn) == Routes.device_path(conn, :index)
+      test_conn = delete(conn, Routes.device_path(conn, :delete, device))
+      assert redirected_to(test_conn) == Routes.device_path(conn, :index)
 
       assert_error_sent 404, fn ->
         get(conn, Routes.device_path(conn, :show, device))
diff --git a/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs b/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs
index 8d6d9ab88..6dbd4ab5b 100644
--- a/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs
+++ b/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs
@@ -1,12 +1,12 @@
 defmodule FgHttpWeb.PasswordResetControllerTest do
   use FgHttpWeb.ConnCase, async: true
 
-  @create_attrs %{user_email: "test"}
+  @create_attrs %{email: "test"}
 
   describe "new password_reset" do
     test "renders form", %{unauthed_conn: conn} do
       conn = get(conn, Routes.password_reset_path(conn, :new))
-      assert html_response(conn, 200) =~ "New Password reset"
+      assert html_response(conn, 200) =~ "Reset Password"
     end
   end
 
diff --git a/apps/fg_http/test/support/conn_case.ex b/apps/fg_http/test/support/conn_case.ex
index 613187bf6..fbe5f094d 100644
--- a/apps/fg_http/test/support/conn_case.ex
+++ b/apps/fg_http/test/support/conn_case.ex
@@ -38,19 +38,10 @@ defmodule FgHttpWeb.ConnCase do
   end
 
   def authed_conn do
-    user = Fixtures.user()
-
-    session =
-      Fixtures.session(%{
-        user_id: user.id,
-        user_password: "test",
-        user_email: "test"
-      })
+    session = Fixtures.session()
 
     new_conn()
-    |> Plug.Conn.assign(:current_user, user)
-    |> Plug.Conn.assign(:current_session, session)
-    |> Plug.Conn.assign(:user_signed_in?, true)
+    |> Plug.Conn.assign(:session, session)
   end
 
   setup tags do
diff --git a/apps/fg_http/test/support/fixtures.ex b/apps/fg_http/test/support/fixtures.ex
index 5f759de25..23b100d3c 100644
--- a/apps/fg_http/test/support/fixtures.ex
+++ b/apps/fg_http/test/support/fixtures.ex
@@ -29,14 +29,20 @@ defmodule FgHttp.Fixtures do
     device
   end
 
-  def session(attrs \\ %{}) do
-    {:ok, session} = Sessions.create_session(attrs)
+  def session(_attrs \\ %{}) do
+    {:ok, session} = Sessions.create_session(%{email: user().email, password: "test"})
     session
   end
 
   def password_reset(attrs \\ %{}) do
-    create_attrs = Map.merge(attrs, %{user_email: user().email})
-    {:ok, password_reset} = PasswordResets.create_password_reset(create_attrs)
+    email = user().email
+
+    create_attrs = Map.merge(attrs, %{email: email})
+
+    {:ok, password_reset} =
+      PasswordResets.get_password_reset!(email: email)
+      |> PasswordResets.create_password_reset(create_attrs)
+
     password_reset
   end
 end

From 6944fc99c91ce8353edb4317259f7469c07ca855 Mon Sep 17 00:00:00 2001
From: Jamil Bou Kheir <jamil@elbii.com>
Date: Mon, 1 Jun 2020 22:22:03 -0700
Subject: [PATCH 5/6] Seemingly cool

---
 apps/fg_http/assets/css/email.css             |   1 +
 apps/fg_http/lib/fg_http/email.ex             |  22 ++++
 apps/fg_http/lib/fg_http/mailer.ex            |   7 ++
 apps/fg_http/lib/fg_http/password_resets.ex   |  34 ++----
 .../lib/fg_http/users/password_helpers.ex     |  38 +++++++
 .../lib/fg_http/users/password_reset.ex       |  42 ++++++-
 apps/fg_http/lib/fg_http/users/user.ex        |  33 +-----
 .../controllers/password_reset_controller.ex  |  47 +++++++-
 apps/fg_http/lib/fg_http_web/router.ex        |   7 +-
 .../templates/email/password_reset.html.eex   |   3 +
 .../templates/layout/email.html.eex           |   8 ++
 .../templates/password_reset/edit.html.eex    |  27 +++++
 .../templates/session/new.html.eex            |   4 +-
 .../lib/fg_http_web/views/email_view.ex       |  10 ++
 .../20200225005454_create_users.exs           |   3 +-
 .../password_reset_controller_test.exs        | 104 +++++++++++++++++-
 config/dev.exs                                |   4 +-
 config/test.exs                               |   2 +
 mix.lock                                      |  22 ++--
 19 files changed, 335 insertions(+), 83 deletions(-)
 create mode 100644 apps/fg_http/assets/css/email.css
 create mode 100644 apps/fg_http/lib/fg_http/email.ex
 create mode 100644 apps/fg_http/lib/fg_http/mailer.ex
 create mode 100644 apps/fg_http/lib/fg_http/users/password_helpers.ex
 create mode 100644 apps/fg_http/lib/fg_http_web/templates/email/password_reset.html.eex
 create mode 100644 apps/fg_http/lib/fg_http_web/templates/layout/email.html.eex
 create mode 100644 apps/fg_http/lib/fg_http_web/templates/password_reset/edit.html.eex
 create mode 100644 apps/fg_http/lib/fg_http_web/views/email_view.ex

diff --git a/apps/fg_http/assets/css/email.css b/apps/fg_http/assets/css/email.css
new file mode 100644
index 000000000..8ca64d58d
--- /dev/null
+++ b/apps/fg_http/assets/css/email.css
@@ -0,0 +1 @@
+/* Email styles */
diff --git a/apps/fg_http/lib/fg_http/email.ex b/apps/fg_http/lib/fg_http/email.ex
new file mode 100644
index 000000000..b0daba792
--- /dev/null
+++ b/apps/fg_http/lib/fg_http/email.ex
@@ -0,0 +1,22 @@
+defmodule FgHttp.Email do
+  @moduledoc """
+  Handles Email for the app
+  """
+
+  import Bamboo.{Email, Phoenix}
+  alias FgHttp.Users.PasswordReset
+
+  @from "noreply@#{Application.get_env(:fg_http, FgHttpWeb.Endpoint)[:url][:host]}"
+
+  defp base_email(to) do
+    new_email()
+    |> from(@from)
+    |> to(to)
+  end
+
+  def password_reset(%PasswordReset{} = password_reset) do
+    base_email(password_reset.email)
+    |> subject("FireGuard password reset")
+    |> put_html_layout({FgHttpWeb.LayoutView, "email.html.eex"})
+  end
+end
diff --git a/apps/fg_http/lib/fg_http/mailer.ex b/apps/fg_http/lib/fg_http/mailer.ex
new file mode 100644
index 000000000..428038dde
--- /dev/null
+++ b/apps/fg_http/lib/fg_http/mailer.ex
@@ -0,0 +1,7 @@
+defmodule FgHttp.Mailer do
+  @moduledoc """
+  Mailer for the application
+  """
+
+  use Bamboo.Mailer, otp_app: :fg_http
+end
diff --git a/apps/fg_http/lib/fg_http/password_resets.ex b/apps/fg_http/lib/fg_http/password_resets.ex
index 5cb706e0a..a1c7bc382 100644
--- a/apps/fg_http/lib/fg_http/password_resets.ex
+++ b/apps/fg_http/lib/fg_http/password_resets.ex
@@ -8,20 +8,6 @@ defmodule FgHttp.PasswordResets do
 
   alias FgHttp.Users.PasswordReset
 
-  @doc """
-  Gets a single password_reset.
-
-  Raises `Ecto.NoResultsError` if the Password reset does not exist.
-
-  ## Examples
-
-      iex> get_password_reset!(123)
-      %PasswordReset{}
-
-      iex> get_password_reset!(456)
-      ** (Ecto.NoResultsError)
-
-  """
   def get_password_reset!(email: email) do
     Repo.get_by(
       PasswordReset,
@@ -36,27 +22,21 @@ defmodule FgHttp.PasswordResets do
     query =
       from p in PasswordReset,
         where:
-          p.reset_token == ^reset_token and is_nil(p.reset_consumed_at) and
+          p.reset_token == ^reset_token and
             p.reset_sent_at > datetime_add(^now, ^validity_secs, "second")
 
     Repo.one(query)
   end
 
-  @doc """
-  Updates a User with the password reset fields
-
-  ## Examples
-
-      iex> update_password_reset(%{field: value})
-      {:ok, %PasswordReset{}}
-
-      iex> update_password_reset(%{field: bad_value})
-      {:error, %Ecto.Changeset{}}
-
-  """
   def create_password_reset(%PasswordReset{} = record, attrs) do
     record
     |> PasswordReset.create_changeset(attrs)
     |> Repo.update()
   end
+
+  def update_password_reset(%PasswordReset{} = record, attrs) do
+    record
+    |> PasswordReset.update_changeset(attrs)
+    |> Repo.update()
+  end
 end
diff --git a/apps/fg_http/lib/fg_http/users/password_helpers.ex b/apps/fg_http/lib/fg_http/users/password_helpers.ex
new file mode 100644
index 000000000..688907dab
--- /dev/null
+++ b/apps/fg_http/lib/fg_http/users/password_helpers.ex
@@ -0,0 +1,38 @@
+defmodule FgHttp.Users.PasswordHelpers do
+  @moduledoc """
+  Helpers for validating changesets with passwords
+  """
+
+  import Ecto.Changeset
+
+  def validate_password_equality(%Ecto.Changeset{valid?: true} = changeset) do
+    password = changeset.changes[:password]
+    password_confirmation = changeset.changes[:password_confirmation]
+
+    if password != password_confirmation do
+      add_error(changeset, :password, "does not match password confirmation.")
+    else
+      changeset
+    end
+  end
+
+  def validate_password_equality(changeset), do: changeset
+
+  def put_password_hash(
+        %Ecto.Changeset{
+          valid?: true,
+          changes: %{password: password}
+        } = changeset
+      ) do
+    changeset
+    |> change(password_hash: Argon2.hash_pwd_salt(password))
+    |> delete_change(:password)
+    |> delete_change(:password_confirmation)
+  end
+
+  def put_password_hash(changeset) do
+    changeset
+    |> delete_change(:password)
+    |> delete_change(:password_confirmation)
+  end
+end
diff --git a/apps/fg_http/lib/fg_http/users/password_reset.ex b/apps/fg_http/lib/fg_http/users/password_reset.ex
index e2cd64d15..1b438ca1a 100644
--- a/apps/fg_http/lib/fg_http/users/password_reset.ex
+++ b/apps/fg_http/lib/fg_http/users/password_reset.ex
@@ -5,6 +5,7 @@ defmodule FgHttp.Users.PasswordReset do
 
   use Ecto.Schema
   import Ecto.Changeset
+  import FgHttp.Users.PasswordHelpers
 
   @token_num_bytes 8
   # 1 day
@@ -12,7 +13,9 @@ defmodule FgHttp.Users.PasswordReset do
 
   schema "users" do
     field :reset_sent_at, :utc_datetime
-    field :reset_consumed_at, :utc_datetime
+    field :password_hash, :string
+    field :password, :string, virtual: true
+    field :password_confirmation, :string, virtual: true
     field :reset_token, :string
     field :email, :string
   end
@@ -20,7 +23,13 @@ defmodule FgHttp.Users.PasswordReset do
   @doc false
   def changeset do
     %__MODULE__{}
-    |> cast(%{}, [:email, :reset_sent_at, :reset_token])
+    |> cast(%{}, [:password, :password_confirmation, :reset_token])
+  end
+
+  @doc false
+  def changeset(%__MODULE__{} = password_reset, attrs \\ %{}) do
+    password_reset
+    |> cast(attrs, [:password, :password_confirmation, :reset_token])
   end
 
   @doc false
@@ -33,6 +42,23 @@ defmodule FgHttp.Users.PasswordReset do
     |> unique_constraint(:reset_token)
   end
 
+  @doc false
+  def update_changeset(%__MODULE__{} = password_reset, attrs) do
+    password_reset
+    |> cast(attrs, [
+      :password_hash,
+      :password,
+      :password_confirmation,
+      :reset_token,
+      :reset_sent_at
+    ])
+    |> validate_required([:password, :password_confirmation])
+    |> validate_password_equality()
+    |> put_password_hash()
+    |> validate_required([:password_hash])
+    |> clear_token_fields()
+  end
+
   def token_validity_secs, do: @token_validity_secs
 
   defp generate_reset_token(%Ecto.Changeset{valid?: true} = changeset) do
@@ -42,4 +68,16 @@ defmodule FgHttp.Users.PasswordReset do
   end
 
   defp generate_reset_token(changeset), do: changeset
+
+  defp clear_token_fields(
+         %Ecto.Changeset{
+           valid?: true
+         } = changeset
+       ) do
+    changeset
+    |> put_change(:reset_token, nil)
+    |> put_change(:reset_sent_at, nil)
+  end
+
+  defp clear_token_fields(changeset), do: changeset
 end
diff --git a/apps/fg_http/lib/fg_http/users/user.ex b/apps/fg_http/lib/fg_http/users/user.ex
index 66cf3d121..bd1b35108 100644
--- a/apps/fg_http/lib/fg_http/users/user.ex
+++ b/apps/fg_http/lib/fg_http/users/user.ex
@@ -5,6 +5,7 @@ defmodule FgHttp.Users.User do
 
   use Ecto.Schema
   import Ecto.Changeset
+  import FgHttp.Users.PasswordHelpers
 
   alias FgHttp.Devices.Device
 
@@ -49,6 +50,7 @@ defmodule FgHttp.Users.User do
     |> cast(attrs, [:email, :password, :password_confirmation, :current_password])
     |> verify_current_password(attrs[:current_password])
     |> validate_required([:password, :password_confirmation, :current_password])
+    |> validate_password_equality()
     |> put_password_hash()
     |> validate_required([:password_hash])
   end
@@ -90,35 +92,4 @@ defmodule FgHttp.Users.User do
     {:ok, user} = authenticate_user(user, current_password)
     user
   end
-
-  defp validate_password_equality(%Ecto.Changeset{valid?: true} = changeset) do
-    password = changeset.changes[:password]
-    password_confirmation = changeset.changes[:password_confirmation]
-
-    if password != password_confirmation do
-      add_error(changeset, :password, "does not match password confirmation.")
-    else
-      changeset
-    end
-  end
-
-  defp validate_password_equality(changeset), do: changeset
-
-  defp put_password_hash(
-         %Ecto.Changeset{
-           valid?: true,
-           changes: %{password: password}
-         } = changeset
-       ) do
-    changeset
-    |> change(password_hash: Argon2.hash_pwd_salt(password))
-    |> delete_change(:password)
-    |> delete_change(:password_confirmation)
-  end
-
-  defp put_password_hash(changeset) do
-    changeset
-    |> delete_change(:password)
-    |> delete_change(:password_confirmation)
-  end
 end
diff --git a/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex b/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex
index 29b9559ec..3d2013c74 100644
--- a/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex
+++ b/apps/fg_http/lib/fg_http_web/controllers/password_reset_controller.ex
@@ -4,22 +4,56 @@ defmodule FgHttpWeb.PasswordResetController do
   """
 
   use FgHttpWeb, :controller
-  alias FgHttp.{PasswordResets, Users.PasswordReset}
+  alias FgHttp.{Email, Mailer, PasswordResets, Users.PasswordReset}
 
   plug FgHttpWeb.Plugs.RedirectAuthenticated
 
+  def edit(conn, %{"reset_token" => reset_token} = params) do
+    password_reset = PasswordResets.get_password_reset!(reset_token: reset_token)
+
+    conn
+    |> render(
+      "edit.html",
+      changeset: PasswordReset.changeset(password_reset, params),
+      password_reset: password_reset
+    )
+  end
+
   def new(conn, _params) do
     conn
     |> render("new.html", changeset: PasswordReset.changeset())
   end
 
+  def update(conn, %{"password_reset" => %{"reset_token" => reset_token} = update_params}) do
+    case PasswordResets.get_password_reset!(reset_token: reset_token) do
+      %PasswordReset{} = password_reset ->
+        case PasswordResets.update_password_reset(password_reset, update_params) do
+          {:ok, _password_reset} ->
+            conn
+            |> put_flash(:info, "Password reset successfully. You may now sign in.")
+            |> redirect(to: Routes.session_path(conn, :new))
+
+          {:error, changeset} ->
+            conn
+            |> put_flash(:error, "Error updating password.")
+            |> render("edit.html", changeset: changeset, password_reset: password_reset)
+        end
+
+      nil ->
+        conn
+        |> put_flash(:error, "Reset token invalid. Try resetting your password again.")
+        |> render("new.html", changeset: PasswordReset.changeset())
+    end
+  end
+
   def create(conn, %{"password_reset" => %{"email" => email}}) do
     case PasswordResets.get_password_reset!(email: email) do
       %PasswordReset{} = record ->
         case PasswordResets.create_password_reset(record, %{email: email}) do
-          {:ok, _password_reset} ->
+          {:ok, password_reset} ->
+            send_email(password_reset)
+
             conn
-            |> clear_session()
             |> put_flash(:info, "Check your email for the password reset link.")
             |> redirect(to: Routes.session_path(conn, :new))
 
@@ -31,8 +65,13 @@ defmodule FgHttpWeb.PasswordResetController do
 
       nil ->
         conn
-        |> put_flash(:error, "User not found.")
+        |> put_flash(:error, "Email not found.")
         |> render("new.html", changeset: PasswordReset.changeset())
     end
   end
+
+  defp send_email(password_reset) do
+    Email.password_reset(password_reset)
+    |> Mailer.deliver_later()
+  end
 end
diff --git a/apps/fg_http/lib/fg_http_web/router.ex b/apps/fg_http/lib/fg_http_web/router.ex
index 7594b7851..2d11994e6 100644
--- a/apps/fg_http/lib/fg_http_web/router.ex
+++ b/apps/fg_http/lib/fg_http_web/router.ex
@@ -5,6 +5,11 @@ defmodule FgHttpWeb.Router do
 
   use FgHttpWeb, :router
 
+  # View emails locally in development
+  if Mix.env() == :dev do
+    forward "/sent_emails", Bamboo.SentEmailViewerPlug
+  end
+
   pipeline :browser do
     plug :accepts, ["html"]
     plug :fetch_session
@@ -20,7 +25,7 @@ defmodule FgHttpWeb.Router do
   scope "/", FgHttpWeb do
     pipe_through :browser
 
-    resources "/password_resets", PasswordResetController, only: [:new, :create]
+    resources "/password_resets", PasswordResetController, only: [:edit, :update, :new, :create]
 
     resources "/user", UserController, singleton: true, only: [:show, :edit, :update, :delete]
     resources "/users", UserController, only: [:new, :create]
diff --git a/apps/fg_http/lib/fg_http_web/templates/email/password_reset.html.eex b/apps/fg_http/lib/fg_http_web/templates/email/password_reset.html.eex
new file mode 100644
index 000000000..dc21995df
--- /dev/null
+++ b/apps/fg_http/lib/fg_http_web/templates/email/password_reset.html.eex
@@ -0,0 +1,3 @@
+<p>
+  <%= password_reset_url(@password_reset) %>
+</p>
diff --git a/apps/fg_http/lib/fg_http_web/templates/layout/email.html.eex b/apps/fg_http/lib/fg_http_web/templates/layout/email.html.eex
new file mode 100644
index 000000000..36eb9b7c1
--- /dev/null
+++ b/apps/fg_http/lib/fg_http_web/templates/layout/email.html.eex
@@ -0,0 +1,8 @@
+<html>
+  <head>
+    <link rel="stylesheet" href="<%= Routes.static_path(FgHttp.Endpoint, "/css/email.css") %>">
+  </head>
+  <body>
+    <%= render @view_module, @view_template, assigns %>
+  </body>
+</html>
diff --git a/apps/fg_http/lib/fg_http_web/templates/password_reset/edit.html.eex b/apps/fg_http/lib/fg_http_web/templates/password_reset/edit.html.eex
new file mode 100644
index 000000000..47dd241a0
--- /dev/null
+++ b/apps/fg_http/lib/fg_http_web/templates/password_reset/edit.html.eex
@@ -0,0 +1,27 @@
+<h1>Edit Password</h1>
+
+<%= form_for @changeset, Routes.password_reset_path(@conn, :update, @password_reset.id), fn f -> %>
+  <%= hidden_input f, :reset_token %>
+
+  <%= if @changeset.action do %>
+    <div class="alert alert-danger">
+      <p>Oops, something went wrong! Please check the errors below.</p>
+    </div>
+  <% end %>
+
+  <%= label f, :password %>
+  <%= text_input f, :password %>
+  <%= error_tag f, :password %>
+
+  <%= label f, :password_confirmation %>
+  <%= text_input f, :password_confirmation %>
+  <%= error_tag f, :password_confirmation %>
+
+  <div>
+    <%= submit "Submit" %>
+  </div>
+<% end %>
+
+<span>
+  <%= link "Back", to: Routes.session_path(@conn, :new) %>
+</span>
diff --git a/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex b/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex
index 3844c0d6b..ffa04c532 100644
--- a/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex
@@ -20,8 +20,8 @@
       <%= submit "Sign in", class: "b ph3 pv2 input-reset ba b--black bg-transparent grow pointer f6 dib" %>
     </div>
     <div class="lh-copy mt3">
-      <a href="#0" class="f6 link dim black db">Sign up</a>
-      <a href="#0" class="f6 link dim black db">Forgot your password?</a>
+      <%= link("Sign up", to: Routes.user_path(@conn, :new), class: "f6 link dim black") %>
+      <%= link("Forgot your password?", to: Routes.password_reset_path(@conn, :new), class: "f6 link dim black") %>
     </div>
   <% end) %>
 </main>
diff --git a/apps/fg_http/lib/fg_http_web/views/email_view.ex b/apps/fg_http/lib/fg_http_web/views/email_view.ex
new file mode 100644
index 000000000..f09c1f7f4
--- /dev/null
+++ b/apps/fg_http/lib/fg_http_web/views/email_view.ex
@@ -0,0 +1,10 @@
+defmodule FgHttpWeb.EmailView do
+  use FgHttpWeb, :view
+
+  def password_reset_url(password_reset) do
+    link(
+      "Click here to reset your password.",
+      Routes.password_reset_path(:update, password_reset.reset_token)
+    )
+  end
+end
diff --git a/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs b/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
index 4bd7fed66..e998a3f5b 100644
--- a/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
+++ b/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
@@ -9,13 +9,12 @@ defmodule FgHttp.Repo.Migrations.CreateUsers do
       add :last_signed_in_at, :utc_datetime
       add :reset_token, :string
       add :reset_sent_at, :utc_datetime
-      add :reset_consumed_at, :utc_datetime
 
       timestamps()
     end
 
     create unique_index(:users, [:email])
-    create index(:users, [:reset_token, :reset_sent_at, :reset_consumed_at])
+    create index(:users, [:reset_token, :reset_sent_at])
     create index(:users, [:confirmed_at])
   end
 end
diff --git a/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs b/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs
index 6dbd4ab5b..d5c232e36 100644
--- a/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs
+++ b/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs
@@ -1,7 +1,10 @@
 defmodule FgHttpWeb.PasswordResetControllerTest do
   use FgHttpWeb.ConnCase, async: true
 
-  @create_attrs %{email: "test"}
+  alias FgHttp.Fixtures
+
+  @valid_create_attrs %{email: "test"}
+  @invalid_create_attrs %{email: "doesnt-exist"}
 
   describe "new password_reset" do
     test "renders form", %{unauthed_conn: conn} do
@@ -12,9 +15,106 @@ defmodule FgHttpWeb.PasswordResetControllerTest do
 
   describe "create password_reset" do
     test "redirects to sign in when data is valid", %{unauthed_conn: conn} do
-      conn = post(conn, Routes.password_reset_path(conn, :create), password_reset: @create_attrs)
+      conn =
+        post(conn, Routes.password_reset_path(conn, :create), password_reset: @valid_create_attrs)
 
       assert redirected_to(conn) == Routes.session_path(conn, :new)
+      assert get_flash(conn, :info) == "Check your email for the password reset link."
+    end
+
+    test "displays error message when data is invalid", %{unauthed_conn: conn} do
+      conn =
+        post(conn, Routes.password_reset_path(conn, :create),
+          password_reset: @invalid_create_attrs
+        )
+
+      assert html_response(conn, 200) =~ "Reset Password"
+      assert get_flash(conn, :error) == "Email not found."
     end
   end
+
+  describe "edit password_reset" do
+    setup [:create_password_reset]
+
+    test "renders password change form", %{unauthed_conn: conn, password_reset: password_reset} do
+      params = [{:reset_token, password_reset.reset_token}]
+
+      conn =
+        get(
+          conn,
+          Routes.password_reset_path(conn, :edit, password_reset.id, params)
+        )
+
+      assert html_response(conn, 200) =~ "Edit Password"
+    end
+  end
+
+  describe "update password_reset" do
+    setup [:create_password_reset]
+
+    test "redirects to sign in when the data is valid", %{
+      unauthed_conn: conn,
+      password_reset: password_reset
+    } do
+      update_params = [
+        {
+          :password_reset,
+          [
+            {:reset_token, password_reset.reset_token},
+            {:password, "new_password"},
+            {:password_confirmation, "new_password"}
+          ]
+        }
+      ]
+
+      conn =
+        patch(
+          conn,
+          Routes.password_reset_path(
+            conn,
+            :update,
+            password_reset.id,
+            update_params
+          )
+        )
+
+      assert redirected_to(conn) == Routes.session_path(conn, :new)
+      assert get_flash(conn, :info) == "Password reset successfully. You may now sign in."
+    end
+
+    test "renders errors when the data is invalid", %{
+      unauthed_conn: conn,
+      password_reset: password_reset
+    } do
+      update_params = [
+        {
+          :password_reset,
+          [
+            {:reset_token, password_reset.reset_token},
+            {:password, "new_password"},
+            {:password_confirmation, "wrong_password"}
+          ]
+        }
+      ]
+
+      conn =
+        patch(
+          conn,
+          Routes.password_reset_path(
+            conn,
+            :update,
+            password_reset.id,
+            update_params
+          )
+        )
+
+      assert get_flash(conn, :error) == "Error updating password."
+      assert html_response(conn, 200) =~ "Edit Password"
+    end
+  end
+
+  defp create_password_reset(_) do
+    password_reset = Fixtures.password_reset(%{reset_sent_at: DateTime.utc_now()})
+    {:ok, password_reset: password_reset}
+  end
 end
diff --git a/config/dev.exs b/config/dev.exs
index f4e2ff5e1..aa586d0c2 100644
--- a/config/dev.exs
+++ b/config/dev.exs
@@ -9,6 +9,8 @@ config :fg_http, FgHttp.Repo,
   show_sensitive_data_on_connection_error: true,
   pool_size: 10
 
+config :fg_http, FgHttp.Mailer, adapter: Bamboo.LocalAdapter
+
 # For development, we disable any cache and enable
 # debugging and code reloading.
 #
@@ -16,7 +18,7 @@ config :fg_http, FgHttp.Repo,
 # watchers to your application. For example, we use it
 # with webpack to recompile .js and .css sources.
 config :fg_http, FgHttpWeb.Endpoint,
-  http: [port: 4000],
+  http: [host: "localhost", port: 4000],
   debug_errors: true,
   code_reloader: true,
   check_origin: false,
diff --git a/config/test.exs b/config/test.exs
index 619dc6a19..d16af47e6 100644
--- a/config/test.exs
+++ b/config/test.exs
@@ -23,6 +23,8 @@ end
 db_url = System.get_env("DATABASE_URL")
 config :fg_http, FgHttp.Repo, DBConfig.config(db_url)
 
+config :fg_http, FgHttp.Mailer, adapter: Bamboo.TestAdapter
+
 # We don't run a server during test. If one is required,
 # you can enable the server option below.
 config :fg_http, FgHttpWeb.Endpoint,
diff --git a/mix.lock b/mix.lock
index a58454716..a8697d073 100644
--- a/mix.lock
+++ b/mix.lock
@@ -2,41 +2,41 @@
   "argon2_elixir": {:hex, :argon2_elixir, "2.3.0", "e251bdafd69308e8c1263e111600e6d68bd44f23d2cccbe43fcb1a417a76bc8e", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "28ccb63bff213aecec1f7f3dde9648418b031f822499973281d8f494b9d5a3b3"},
   "bamboo": {:hex, :bamboo, "1.5.0", "1926107d58adba6620450f254dfe8a3686637a291851fba125686fa8574842af", [:mix], [{:hackney, ">= 1.13.0", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "d5f3d04d154e80176fd685e2531e73870d8700679f14d25a567e448abce6298d"},
   "bunt": {:hex, :bunt, "0.2.0", "951c6e801e8b1d2cbe58ebbd3e616a869061ddadcc4863d0a2182541acae9a38", [:mix], [], "hexpm", "7af5c7e09fe1d40f76c8e4f9dd2be7cebd83909f31fee7cd0e9eadc567da8353"},
-  "certifi": {:hex, :certifi, "2.5.1", "867ce347f7c7d78563450a18a6a28a8090331e77fa02380b4a21962a65d36ee5", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "805abd97539caf89ec6d4732c91e62ba9da0cda51ac462380bbd28ee697a8c42"},
+  "certifi": {:hex, :certifi, "2.5.2", "b7cfeae9d2ed395695dd8201c57a2d019c0c43ecaf8b8bcb9320b40d6662f340", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "3b3b5f36493004ac3455966991eaf6e768ce9884693d9968055aeeeb1e575040"},
   "comeonin": {:hex, :comeonin, "5.3.1", "7fe612b739c78c9c1a75186ef2d322ce4d25032d119823269d0aa1e2f1e20025", [:mix], [], "hexpm", "d6222483060c17f0977fad1b7401ef0c5863c985a64352755f366aee3799c245"},
   "connection": {:hex, :connection, "1.0.4", "a1cae72211f0eef17705aaededacac3eb30e6625b04a6117c1b2db6ace7d5976", [:mix], [], "hexpm", "4a0850c9be22a43af9920a71ab17c051f5f7d45c209e40269a1938832510e4d9"},
-  "cowboy": {:hex, :cowboy, "2.7.0", "91ed100138a764355f43316b1d23d7ff6bdb0de4ea618cb5d8677c93a7a2f115", [:rebar3], [{:cowlib, "~> 2.8.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.7.1", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "04fd8c6a39edc6aaa9c26123009200fc61f92a3a94f3178c527b70b767c6e605"},
-  "cowlib": {:hex, :cowlib, "2.8.0", "fd0ff1787db84ac415b8211573e9a30a3ebe71b5cbff7f720089972b2319c8a4", [:rebar3], [], "hexpm", "79f954a7021b302186a950a32869dbc185523d99d3e44ce430cd1f3289f41ed4"},
+  "cowboy": {:hex, :cowboy, "2.8.0", "f3dc62e35797ecd9ac1b50db74611193c29815401e53bac9a5c0577bd7bc667d", [:rebar3], [{:cowlib, "~> 2.9.1", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.7.1", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "4643e4fba74ac96d4d152c75803de6fad0b3fa5df354c71afdd6cbeeb15fac8a"},
+  "cowlib": {:hex, :cowlib, "2.9.1", "61a6c7c50cf07fdd24b2f45b89500bb93b6686579b069a89f88cb211e1125c78", [:rebar3], [], "hexpm", "e4175dc240a70d996156160891e1c62238ede1729e45740bdd38064dad476170"},
   "credo": {:hex, :credo, "1.4.0", "92339d4cbadd1e88b5ee43d427b639b68a11071b6f73854e33638e30a0ea11f5", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "1fd3b70dce216574ce3c18bdf510b57e7c4c85c2ec9cad4bff854abaf7e58658"},
   "db_connection": {:hex, :db_connection, "2.2.2", "3bbca41b199e1598245b716248964926303b5d4609ff065125ce98bcd368939e", [:mix], [{:connection, "~> 1.0.2", [hex: :connection, repo: "hexpm", optional: false]}], "hexpm", "642af240d8a8affb93b4ba5a6fcd2bbcbdc327e1a524b825d383711536f8070c"},
   "decimal": {:hex, :decimal, "1.8.1", "a4ef3f5f3428bdbc0d35374029ffcf4ede8533536fa79896dd450168d9acdf3c", [:mix], [], "hexpm", "3cb154b00225ac687f6cbd4acc4b7960027c757a5152b369923ead9ddbca7aec"},
   "ecto": {:hex, :ecto, "3.4.4", "a2c881e80dc756d648197ae0d936216c0308370332c5e77a2325a10293eef845", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "cc4bd3ad62abc3b21fb629f0f7a3dab23a192fca837d257dd08449fba7373561"},
   "ecto_enum": {:hex, :ecto_enum, "1.4.0", "d14b00e04b974afc69c251632d1e49594d899067ee2b376277efd8233027aec8", [:mix], [{:ecto, ">= 3.0.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "> 3.0.0", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:mariaex, ">= 0.0.0", [hex: :mariaex, repo: "hexpm", optional: true]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: true]}], "hexpm", "8fb55c087181c2b15eee406519dc22578fa60dd82c088be376d0010172764ee4"},
   "ecto_network": {:hex, :ecto_network, "1.3.0", "1e77fa37c20e0f6a426d3862732f3317b0fa4c18f123d325f81752a491d7304e", [:mix], [{:ecto_sql, ">= 3.0.0", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:phoenix_html, ">= 0.0.0", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:postgrex, ">= 0.14.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "053a5e46ef2837e8ea5ea97c82fa0f5494699209eddd764e663c85f11b2865bd"},
-  "ecto_sql": {:hex, :ecto_sql, "3.4.3", "c552aa8a7ccff2b64024f835503b3155d8e73452c180298527fbdbcd6e79710b", [:mix], [{:db_connection, "~> 2.2", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.4.3", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.3.0 or ~> 0.4.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.15.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.0", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ec9e59d6fa3f8cfda9963ada371e9e6659167c2338a997bd7ea23b10b245842b"},
+  "ecto_sql": {:hex, :ecto_sql, "3.4.4", "d28bac2d420f708993baed522054870086fd45016a9d09bb2cd521b9c48d32ea", [:mix], [{:db_connection, "~> 2.2", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.4.3", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.3.0 or ~> 0.4.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.15.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.0", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "edb49af715dd72f213b66adfd0f668a43c17ed510b5d9ac7528569b23af57fe8"},
   "elixir_make": {:hex, :elixir_make, "0.6.0", "38349f3e29aff4864352084fc736fa7fa0f2995a819a737554f7ebd28b85aaab", [:mix], [], "hexpm", "d522695b93b7f0b4c0fcb2dfe73a6b905b1c301226a5a55cb42e5b14d509e050"},
   "ex_machina": {:hex, :ex_machina, "2.4.0", "09a34c5d371bfb5f78399029194a8ff67aff340ebe8ba19040181af35315eabb", [:mix], [{:ecto, "~> 2.2 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:ecto_sql, "~> 3.0", [hex: :ecto_sql, repo: "hexpm", optional: true]}], "hexpm", "a20bc9ddc721b33ea913b93666c5d0bdca5cbad7a67540784ae277228832d72c"},
   "file_system": {:hex, :file_system, "0.2.8", "f632bd287927a1eed2b718f22af727c5aeaccc9a98d8c2bd7bff709e851dc986", [:mix], [], "hexpm", "97a3b6f8d63ef53bd0113070102db2ce05352ecf0d25390eb8d747c2bde98bca"},
   "gettext": {:hex, :gettext, "0.18.0", "406d6b9e0e3278162c2ae1de0a60270452c553536772167e2d701f028116f870", [:mix], [], "hexpm", "c3f850be6367ebe1a08616c2158affe4a23231c70391050bf359d5f92f66a571"},
-  "hackney": {:hex, :hackney, "1.15.2", "07e33c794f8f8964ee86cebec1a8ed88db5070e52e904b8f12209773c1036085", [:rebar3], [{:certifi, "2.5.1", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "6.0.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "1.0.1", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "1.1.5", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm", "e0100f8ef7d1124222c11ad362c857d3df7cb5f4204054f9f0f4a728666591fc"},
-  "idna": {:hex, :idna, "6.0.0", "689c46cbcdf3524c44d5f3dde8001f364cd7608a99556d8fbd8239a5798d4c10", [:rebar3], [{:unicode_util_compat, "0.4.1", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "4bdd305eb64e18b0273864920695cb18d7a2021f31a11b9c5fbcd9a253f936e2"},
+  "hackney": {:hex, :hackney, "1.16.0", "5096ac8e823e3a441477b2d187e30dd3fff1a82991a806b2003845ce72ce2d84", [:rebar3], [{:certifi, "2.5.2", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "6.0.1", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "1.0.1", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.0", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "1.1.6", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm", "3bf0bebbd5d3092a3543b783bf065165fa5d3ad4b899b836810e513064134e18"},
+  "idna": {:hex, :idna, "6.0.1", "1d038fb2e7668ce41fbf681d2c45902e52b3cb9e9c77b55334353b222c2ee50c", [:rebar3], [{:unicode_util_compat, "0.5.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a02c8a1c4fd601215bb0b0324c8a6986749f807ce35f25449ec9e69758708122"},
   "jason": {:hex, :jason, "1.2.1", "12b22825e22f468c02eb3e4b9985f3d0cb8dc40b9bd704730efa11abd2708c44", [:mix], [{:decimal, "~> 1.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "b659b8571deedf60f79c5a608e15414085fa141344e2716fbd6988a084b5f993"},
   "metrics": {:hex, :metrics, "1.0.1", "25f094dea2cda98213cecc3aeff09e940299d950904393b2a29d191c346a8486", [:rebar3], [], "hexpm", "69b09adddc4f74a40716ae54d140f93beb0fb8978d8636eaded0c31b6f099f16"},
   "mime": {:hex, :mime, "1.3.1", "30ce04ab3175b6ad0bdce0035cba77bba68b813d523d1aac73d9781b4d193cf8", [:mix], [], "hexpm", "6cbe761d6a0ca5a31a0931bf4c63204bceb64538e664a8ecf784a9a6f3b875f1"},
   "mimerl": {:hex, :mimerl, "1.2.0", "67e2d3f571088d5cfd3e550c383094b47159f3eee8ffa08e64106cdf5e981be3", [:rebar3], [], "hexpm", "f278585650aa581986264638ebf698f8bb19df297f66ad91b18910dfc6e19323"},
   "parse_trans": {:hex, :parse_trans, "3.3.0", "09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1", [:rebar3], [], "hexpm", "17ef63abde837ad30680ea7f857dd9e7ced9476cdd7b0394432af4bfc241b960"},
-  "phoenix": {:hex, :phoenix, "1.5.1", "95156589879dc69201d5fc0ebdbfdfc7901a09a3616ea611ec297f81340275a2", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_html, "~> 2.13", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 2.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.10", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 1.0 or ~> 2.2", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:plug_crypto, "~> 1.1.2 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "fc272b38e79d2881790fccae6f67a9fbe9b790103d6878175ea03d23003152eb"},
+  "phoenix": {:hex, :phoenix, "1.5.3", "bfe0404e48ea03dfe17f141eff34e1e058a23f15f109885bbdcf62be303b49ff", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_html, "~> 2.13", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 2.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.10", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 1.0 or ~> 2.2", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:plug_crypto, "~> 1.1.2 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "8e16febeb9640d8b33895a691a56481464b82836d338bb3a23125cd7b6157c25"},
   "phoenix_ecto": {:hex, :phoenix_ecto, "4.1.0", "a044d0756d0464c5a541b4a0bf4bcaf89bffcaf92468862408290682c73ae50d", [:mix], [{:ecto, "~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.9", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "c5e666a341ff104d0399d8f0e4ff094559b2fde13a5985d4cb5023b2c2ac558b"},
   "phoenix_html": {:hex, :phoenix_html, "2.14.2", "b8a3899a72050f3f48a36430da507dd99caf0ac2d06c77529b1646964f3d563e", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "58061c8dfd25da5df1ea0ca47c972f161beb6c875cd293917045b92ffe1bf617"},
   "phoenix_live_reload": {:hex, :phoenix_live_reload, "1.2.2", "38d94c30df5e2ef11000697a4fbe2b38d0fbf79239d492ff1be87bbc33bc3a84", [:mix], [{:file_system, "~> 0.2.1 or ~> 0.3", [hex: :file_system, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.4", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm", "a3dec3d28ddb5476c96a7c8a38ea8437923408bc88da43e5c45d97037b396280"},
   "phoenix_live_view": {:hex, :phoenix_live_view, "0.12.1", "42f591c781edbf9fab921319076b7ac635d43aa23e6748d2644563326236d7e4", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix, "~> 1.4.16 or ~> 1.5.0", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.14", [hex: :phoenix_html, repo: "hexpm", optional: false]}], "hexpm", "585321e98df1cd5943e370b9784e950a37ca073744eb534660c9048967c52ab6"},
   "phoenix_pubsub": {:hex, :phoenix_pubsub, "2.0.0", "a1ae76717bb168cdeb10ec9d92d1480fec99e3080f011402c0a2d68d47395ffb", [:mix], [], "hexpm", "c52d948c4f261577b9c6fa804be91884b381a7f8f18450c5045975435350f771"},
-  "plug": {:hex, :plug, "1.10.0", "6508295cbeb4c654860845fb95260737e4a8838d34d115ad76cd487584e2fc4d", [:mix], [{:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: true]}], "hexpm", "422a9727e667be1bf5ab1de03be6fa0ad67b775b2d84ed908f3264415ef29d4a"},
-  "plug_cowboy": {:hex, :plug_cowboy, "2.2.1", "fcf58aa33227a4322a050e4783ee99c63c031a2e7f9a2eb7340d55505e17f30f", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "3b43de24460d87c0971887286e7a20d40462e48eb7235954681a20cee25ddeb6"},
+  "plug": {:hex, :plug, "1.10.1", "c56a6d9da7042d581159bcbaef873ba9d87f15dce85420b0d287bca19f40f9bd", [:mix], [{:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: true]}], "hexpm", "b5cd52259817eb8a31f2454912ba1cff4990bca7811918878091cb2ab9e52cb8"},
+  "plug_cowboy": {:hex, :plug_cowboy, "2.2.2", "7a09aa5d10e79b92d332a288f21cc49406b1b994cbda0fde76160e7f4cc890ea", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e82364b29311dbad3753d588febd7e5ef05062cd6697d8c231e0e007adab3727"},
   "plug_crypto": {:hex, :plug_crypto, "1.1.2", "bdd187572cc26dbd95b87136290425f2b580a116d3fb1f564216918c9730d227", [:mix], [], "hexpm", "6b8b608f895b6ffcfad49c37c7883e8df98ae19c6a28113b02aa1e9c5b22d6b5"},
   "postgrex": {:hex, :postgrex, "0.15.4", "5d691c25fc79070705a2ff0e35ce0822b86a0ee3c6fdb7a4fb354623955e1aed", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "306515b9d975fcb2478dc337a1d27dc3bf8af7cd71017c333fe9db3a3d211b0a"},
   "ranch": {:hex, :ranch, "1.7.1", "6b1fab51b49196860b733a49c07604465a47bdb78aa10c1c16a3d199f7f8c881", [:rebar3], [], "hexpm", "451d8527787df716d99dc36162fca05934915db0b6141bbdac2ea8d3c7afc7d7"},
-  "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.5", "6eaf7ad16cb568bb01753dbbd7a95ff8b91c7979482b95f38443fe2c8852a79b", [:make, :mix, :rebar3], [], "hexpm", "13104d7897e38ed7f044c4de953a6c28597d1c952075eb2e328bc6d6f2bfc496"},
+  "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"},
   "telemetry": {:hex, :telemetry, "0.4.1", "ae2718484892448a24470e6aa341bc847c3277bfb8d4e9289f7474d752c09c7f", [:rebar3], [], "hexpm", "4738382e36a0a9a2b6e25d67c960e40e1a2c95560b9f936d8e29de8cd858480f"},
-  "unicode_util_compat": {:hex, :unicode_util_compat, "0.4.1", "d869e4c68901dd9531385bb0c8c40444ebf624e60b6962d95952775cac5e90cd", [:rebar3], [], "hexpm", "1d1848c40487cdb0b30e8ed975e34e025860c02e419cb615d255849f3427439d"},
+  "unicode_util_compat": {:hex, :unicode_util_compat, "0.5.0", "8516502659002cec19e244ebd90d312183064be95025a319a6c7e89f4bccd65b", [:rebar3], [], "hexpm", "d48d002e15f5cc105a696cf2f1bbb3fc72b4b770a184d8420c8db20da2674b38"},
 }

From c5f99f40c2824a8aa71c538d641bb14deb493025 Mon Sep 17 00:00:00 2001
From: Jamil Bou Kheir <jamil@elbii.com>
Date: Mon, 1 Jun 2020 23:53:02 -0700
Subject: [PATCH 6/6] Seems to be working

---
 apps/fg_http/lib/fg_http/devices/device.ex    |  2 +-
 apps/fg_http/lib/fg_http/email.ex             |  6 ++-
 apps/fg_http/lib/fg_http/password_resets.ex   |  2 +-
 apps/fg_http/lib/fg_http/rules/rule.ex        |  2 +-
 apps/fg_http/lib/fg_http/sessions.ex          |  4 +-
 .../lib/fg_http/users/password_reset.ex       | 11 +++++-
 apps/fg_http/lib/fg_http/users/session.ex     |  4 +-
 apps/fg_http/lib/fg_http/users/user.ex        |  6 +--
 .../controllers/session_controller.ex         | 38 +++++++++++--------
 .../lib/fg_http_web/plugs/session_loader.ex   |  3 +-
 apps/fg_http/lib/fg_http_web/router.ex        |  5 ++-
 .../templates/email/password_reset.html.eex   |  8 ++--
 .../templates/email/password_reset.text.eex   |  3 ++
 .../templates/layout/email.html.eex           |  4 +-
 .../templates/session/new.html.eex            |  4 +-
 .../lib/fg_http_web/views/email_view.ex       |  7 ----
 .../lib/fg_http_web/views/layout_view.ex      |  6 +--
 .../20200225005454_create_users.exs           |  8 ++--
 .../20200228145810_create_devices.exs         |  2 +-
 .../20200228154815_create_rules.exs           |  2 +-
 .../test/fg_http/password_resets_test.exs     |  2 +-
 .../password_reset_controller_test.exs        |  6 +--
 apps/fg_http/test/support/fixtures.ex         |  5 ++-
 config/dev.exs                                |  2 +-
 24 files changed, 80 insertions(+), 62 deletions(-)
 create mode 100644 apps/fg_http/lib/fg_http_web/templates/email/password_reset.text.eex

diff --git a/apps/fg_http/lib/fg_http/devices/device.ex b/apps/fg_http/lib/fg_http/devices/device.ex
index 178e64445..1e93550ed 100644
--- a/apps/fg_http/lib/fg_http/devices/device.ex
+++ b/apps/fg_http/lib/fg_http/devices/device.ex
@@ -17,7 +17,7 @@ defmodule FgHttp.Devices.Device do
     has_many :rules, Rule
     belongs_to :user, User
 
-    timestamps()
+    timestamps(type: :utc_datetime_usec)
   end
 
   @doc false
diff --git a/apps/fg_http/lib/fg_http/email.ex b/apps/fg_http/lib/fg_http/email.ex
index b0daba792..c2f93be9d 100644
--- a/apps/fg_http/lib/fg_http/email.ex
+++ b/apps/fg_http/lib/fg_http/email.ex
@@ -3,13 +3,14 @@ defmodule FgHttp.Email do
   Handles Email for the app
   """
 
-  import Bamboo.{Email, Phoenix}
+  use Bamboo.Phoenix, view: FgHttpWeb.EmailView
   alias FgHttp.Users.PasswordReset
 
   @from "noreply@#{Application.get_env(:fg_http, FgHttpWeb.Endpoint)[:url][:host]}"
 
   defp base_email(to) do
     new_email()
+    |> put_html_layout({FgHttpWeb.LayoutView, "email.html"})
     |> from(@from)
     |> to(to)
   end
@@ -17,6 +18,7 @@ defmodule FgHttp.Email do
   def password_reset(%PasswordReset{} = password_reset) do
     base_email(password_reset.email)
     |> subject("FireGuard password reset")
-    |> put_html_layout({FgHttpWeb.LayoutView, "email.html.eex"})
+    |> assign(:reset_token, password_reset.reset_token)
+    |> render(:password_reset)
   end
 end
diff --git a/apps/fg_http/lib/fg_http/password_resets.ex b/apps/fg_http/lib/fg_http/password_resets.ex
index a1c7bc382..eab8dddae 100644
--- a/apps/fg_http/lib/fg_http/password_resets.ex
+++ b/apps/fg_http/lib/fg_http/password_resets.ex
@@ -17,7 +17,7 @@ defmodule FgHttp.PasswordResets do
 
   def get_password_reset!(reset_token: reset_token) do
     validity_secs = -1 * PasswordReset.token_validity_secs()
-    now = DateTime.truncate(DateTime.utc_now(), :second)
+    now = DateTime.utc_now()
 
     query =
       from p in PasswordReset,
diff --git a/apps/fg_http/lib/fg_http/rules/rule.ex b/apps/fg_http/lib/fg_http/rules/rule.ex
index f5b7fe1c0..6be9a535e 100644
--- a/apps/fg_http/lib/fg_http/rules/rule.ex
+++ b/apps/fg_http/lib/fg_http/rules/rule.ex
@@ -18,7 +18,7 @@ defmodule FgHttp.Rules.Rule do
 
     belongs_to :device, Device
 
-    timestamps()
+    timestamps(type: :utc_datetime_usec)
   end
 
   @doc false
diff --git a/apps/fg_http/lib/fg_http/sessions.ex b/apps/fg_http/lib/fg_http/sessions.ex
index e5160fa36..0f34da247 100644
--- a/apps/fg_http/lib/fg_http/sessions.ex
+++ b/apps/fg_http/lib/fg_http/sessions.ex
@@ -37,8 +37,8 @@ defmodule FgHttp.Sessions do
       {:error, %Ecto.Changeset{}}
 
   """
-  def create_session(%{email: email} = attrs) do
-    get_session!(email: email)
+  def create_session(%Session{} = session, %{} = attrs) do
+    session
     |> Session.create_changeset(attrs)
     |> Repo.update()
   end
diff --git a/apps/fg_http/lib/fg_http/users/password_reset.ex b/apps/fg_http/lib/fg_http/users/password_reset.ex
index 1b438ca1a..4444648a3 100644
--- a/apps/fg_http/lib/fg_http/users/password_reset.ex
+++ b/apps/fg_http/lib/fg_http/users/password_reset.ex
@@ -12,7 +12,7 @@ defmodule FgHttp.Users.PasswordReset do
   @token_validity_secs 86_400
 
   schema "users" do
-    field :reset_sent_at, :utc_datetime
+    field :reset_sent_at, :utc_datetime_usec
     field :password_hash, :string
     field :password, :string, virtual: true
     field :password_confirmation, :string, virtual: true
@@ -40,6 +40,8 @@ defmodule FgHttp.Users.PasswordReset do
     |> generate_reset_token()
     |> validate_required([:reset_token])
     |> unique_constraint(:reset_token)
+    |> set_reset_sent_at()
+    |> validate_required([:reset_sent_at])
   end
 
   @doc false
@@ -80,4 +82,11 @@ defmodule FgHttp.Users.PasswordReset do
   end
 
   defp clear_token_fields(changeset), do: changeset
+
+  defp set_reset_sent_at(%Ecto.Changeset{valid?: true} = changeset) do
+    changeset
+    |> put_change(:reset_sent_at, DateTime.utc_now())
+  end
+
+  defp set_reset_sent_at(changeset), do: changeset
 end
diff --git a/apps/fg_http/lib/fg_http/users/session.ex b/apps/fg_http/lib/fg_http/users/session.ex
index 46f405c78..c44ef2021 100644
--- a/apps/fg_http/lib/fg_http/users/session.ex
+++ b/apps/fg_http/lib/fg_http/users/session.ex
@@ -11,7 +11,7 @@ defmodule FgHttp.Users.Session do
   schema "users" do
     field :email, :string
     field :password, :string, virtual: true
-    field :last_signed_in_at, :utc_datetime
+    field :last_signed_in_at, :utc_datetime_usec
   end
 
   def create_changeset(session, attrs \\ %{}) do
@@ -23,7 +23,7 @@ defmodule FgHttp.Users.Session do
   end
 
   defp set_last_signed_in_at(%Ecto.Changeset{valid?: true} = changeset) do
-    last_signed_in_at = DateTime.truncate(DateTime.utc_now(), :second)
+    last_signed_in_at = DateTime.utc_now()
     change(changeset, last_signed_in_at: last_signed_in_at)
   end
 
diff --git a/apps/fg_http/lib/fg_http/users/user.ex b/apps/fg_http/lib/fg_http/users/user.ex
index bd1b35108..b8b3dcf25 100644
--- a/apps/fg_http/lib/fg_http/users/user.ex
+++ b/apps/fg_http/lib/fg_http/users/user.ex
@@ -11,8 +11,8 @@ defmodule FgHttp.Users.User do
 
   schema "users" do
     field :email, :string
-    field :confirmed_at, :utc_datetime
-    field :last_signed_in_at, :utc_datetime
+    field :confirmed_at, :utc_datetime_usec
+    field :last_signed_in_at, :utc_datetime_usec
     field :password_hash, :string
 
     # VIRTUAL FIELDS
@@ -22,7 +22,7 @@ defmodule FgHttp.Users.User do
 
     has_many :devices, Device, on_delete: :delete_all
 
-    timestamps()
+    timestamps(type: :utc_datetime_usec)
   end
 
   @doc false
diff --git a/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex b/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex
index f79e45e7b..5b42e7e65 100644
--- a/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex
+++ b/apps/fg_http/lib/fg_http_web/controllers/session_controller.ex
@@ -3,7 +3,7 @@ defmodule FgHttpWeb.SessionController do
   Implements the CRUD for a Session
   """
 
-  alias FgHttp.Sessions
+  alias FgHttp.{Sessions, Users.Session}
   use FgHttpWeb, :controller
 
   plug FgHttpWeb.Plugs.RedirectAuthenticated when action in [:new]
@@ -15,22 +15,30 @@ defmodule FgHttpWeb.SessionController do
   end
 
   # POST /sessions
-  def create(conn, %{"session" => session_params}) do
-    case Sessions.create_session(session_params) do
-      {:ok, session} ->
-        conn
-        |> clear_session()
-        |> put_session(:user_id, session.id)
-        |> assign(:session, session)
-        |> put_flash(:info, "Session created successfully")
-        |> redirect(to: Routes.device_path(conn, :index))
+  def create(conn, %{"session" => %{"email" => email} = session_params}) do
+    case Sessions.get_session!(email: email) do
+      %Session{} = session ->
+        case Sessions.create_session(session, session_params) do
+          {:ok, session} ->
+            conn
+            |> clear_session()
+            |> put_session(:user_id, session.id)
+            |> assign(:session, session)
+            |> put_flash(:info, "Session created successfully")
+            |> redirect(to: Routes.device_path(conn, :index))
 
-      {:error, changeset} ->
+          {:error, changeset} ->
+            conn
+            |> clear_session()
+            |> assign(:session, nil)
+            |> put_flash(:error, "Error creating session.")
+            |> render("new.html", changeset: changeset)
+        end
+
+      nil ->
         conn
-        |> clear_session()
-        |> assign(:session, nil)
-        |> put_flash(:error, "Error creating session.")
-        |> render("new.html", changeset: changeset)
+        |> put_flash(:error, "Email not found.")
+        |> render("new.html")
     end
   end
 
diff --git a/apps/fg_http/lib/fg_http_web/plugs/session_loader.ex b/apps/fg_http/lib/fg_http_web/plugs/session_loader.ex
index 23e2481ae..0c1a66857 100644
--- a/apps/fg_http/lib/fg_http_web/plugs/session_loader.ex
+++ b/apps/fg_http/lib/fg_http_web/plugs/session_loader.ex
@@ -32,8 +32,7 @@ defmodule FgHttpWeb.Plugs.SessionLoader do
 
   defp unauthed(conn) do
     conn
-    |> clear_session()
-    |> put_flash(:error, "There was an error loading your session. Please sign in again")
+    |> put_flash(:error, "Please sign in to access that page.")
     |> redirect(to: Routes.session_path(conn, :new))
     |> halt()
   end
diff --git a/apps/fg_http/lib/fg_http_web/router.ex b/apps/fg_http/lib/fg_http_web/router.ex
index 2d11994e6..ff9841bb3 100644
--- a/apps/fg_http/lib/fg_http_web/router.ex
+++ b/apps/fg_http/lib/fg_http_web/router.ex
@@ -25,7 +25,8 @@ defmodule FgHttpWeb.Router do
   scope "/", FgHttpWeb do
     pipe_through :browser
 
-    resources "/password_resets", PasswordResetController, only: [:edit, :update, :new, :create]
+    resources "/password_resets", PasswordResetController, only: [:update, :new, :create]
+    get "/password_resets/:reset_token", PasswordResetController, :edit
 
     resources "/user", UserController, singleton: true, only: [:show, :edit, :update, :delete]
     resources "/users", UserController, only: [:new, :create]
@@ -38,7 +39,7 @@ defmodule FgHttpWeb.Router do
 
     resources "/sessions", SessionController, only: [:new, :create, :delete]
 
-    get "/", DeviceController, :index
+    get "/", SessionController, :new
   end
 
   # Other scopes may use custom stacks.
diff --git a/apps/fg_http/lib/fg_http_web/templates/email/password_reset.html.eex b/apps/fg_http/lib/fg_http_web/templates/email/password_reset.html.eex
index dc21995df..cd028a7f6 100644
--- a/apps/fg_http/lib/fg_http_web/templates/email/password_reset.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/email/password_reset.html.eex
@@ -1,3 +1,5 @@
-<p>
-  <%= password_reset_url(@password_reset) %>
-</p>
+<%= link(
+    "Click here to reset your password.",
+    to: Routes.password_reset_url(FgHttpWeb.Endpoint, :edit, @reset_token)
+  )
+%>
diff --git a/apps/fg_http/lib/fg_http_web/templates/email/password_reset.text.eex b/apps/fg_http/lib/fg_http_web/templates/email/password_reset.text.eex
new file mode 100644
index 000000000..48eee5c2b
--- /dev/null
+++ b/apps/fg_http/lib/fg_http_web/templates/email/password_reset.text.eex
@@ -0,0 +1,3 @@
+Copy and paste the following URL into your browser to reset your password:
+
+<%= Routes.password_reset_url(FgHttpWeb.Endpoint, :edit, @reset_token) %>
diff --git a/apps/fg_http/lib/fg_http_web/templates/layout/email.html.eex b/apps/fg_http/lib/fg_http_web/templates/layout/email.html.eex
index 36eb9b7c1..0fee29ac1 100644
--- a/apps/fg_http/lib/fg_http_web/templates/layout/email.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/layout/email.html.eex
@@ -1,8 +1,8 @@
 <html>
   <head>
-    <link rel="stylesheet" href="<%= Routes.static_path(FgHttp.Endpoint, "/css/email.css") %>">
+    <link rel="stylesheet" href="<%= Routes.static_path(FgHttpWeb.Endpoint, "/css/email.css") %>">
   </head>
   <body>
-    <%= render @view_module, @view_template, assigns %>
+    <%= @inner_content %>
   </body>
 </html>
diff --git a/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex b/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex
index ffa04c532..0dc5d9030 100644
--- a/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex
+++ b/apps/fg_http/lib/fg_http_web/templates/session/new.html.eex
@@ -20,8 +20,8 @@
       <%= submit "Sign in", class: "b ph3 pv2 input-reset ba b--black bg-transparent grow pointer f6 dib" %>
     </div>
     <div class="lh-copy mt3">
-      <%= link("Sign up", to: Routes.user_path(@conn, :new), class: "f6 link dim black") %>
-      <%= link("Forgot your password?", to: Routes.password_reset_path(@conn, :new), class: "f6 link dim black") %>
+      <%= link("Sign up", to: Routes.user_path(@conn, :new), class: "f6 link dim black fl") %>
+      <%= link("Forgot your password?", to: Routes.password_reset_path(@conn, :new), class: "f6 link dim black fr") %>
     </div>
   <% end) %>
 </main>
diff --git a/apps/fg_http/lib/fg_http_web/views/email_view.ex b/apps/fg_http/lib/fg_http_web/views/email_view.ex
index f09c1f7f4..b49856b3b 100644
--- a/apps/fg_http/lib/fg_http_web/views/email_view.ex
+++ b/apps/fg_http/lib/fg_http_web/views/email_view.ex
@@ -1,10 +1,3 @@
 defmodule FgHttpWeb.EmailView do
   use FgHttpWeb, :view
-
-  def password_reset_url(password_reset) do
-    link(
-      "Click here to reset your password.",
-      Routes.password_reset_path(:update, password_reset.reset_token)
-    )
-  end
 end
diff --git a/apps/fg_http/lib/fg_http_web/views/layout_view.ex b/apps/fg_http/lib/fg_http_web/views/layout_view.ex
index 27136b0fc..fe4d8cbc6 100644
--- a/apps/fg_http/lib/fg_http_web/views/layout_view.ex
+++ b/apps/fg_http/lib/fg_http_web/views/layout_view.ex
@@ -4,9 +4,9 @@ defmodule FgHttpWeb.LayoutView do
   def render_flash(conn) do
     ~E"""
     <section id="flash">
-      <%= if get_flash(conn, :error) do %>
-        <div id="flash-error">
-          <%= get_flash(conn, :error) %>
+      <%= if get_flash(conn, :info) do %>
+        <div id="flash-info">
+          <%= get_flash(conn, :info) %>
         </div>
       <% end %>
       <%= if get_flash(conn, :error) do %>
diff --git a/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs b/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
index e998a3f5b..128623ff3 100644
--- a/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
+++ b/apps/fg_http/priv/repo/migrations/20200225005454_create_users.exs
@@ -4,13 +4,13 @@ defmodule FgHttp.Repo.Migrations.CreateUsers do
   def change do
     create table(:users) do
       add :email, :string
-      add :confirmed_at, :utc_datetime
+      add :confirmed_at, :utc_datetime_usec
       add :password_hash, :string
-      add :last_signed_in_at, :utc_datetime
+      add :last_signed_in_at, :utc_datetime_usec
       add :reset_token, :string
-      add :reset_sent_at, :utc_datetime
+      add :reset_sent_at, :utc_datetime_usec
 
-      timestamps()
+      timestamps(type: :utc_datetime_usec)
     end
 
     create unique_index(:users, [:email])
diff --git a/apps/fg_http/priv/repo/migrations/20200228145810_create_devices.exs b/apps/fg_http/priv/repo/migrations/20200228145810_create_devices.exs
index 4dbff63c9..d1c8d6b8e 100644
--- a/apps/fg_http/priv/repo/migrations/20200228145810_create_devices.exs
+++ b/apps/fg_http/priv/repo/migrations/20200228145810_create_devices.exs
@@ -9,7 +9,7 @@ defmodule FgHttp.Repo.Migrations.CreateDevices do
       add :last_ip, :inet
       add :user_id, references(:users, on_delete: :delete_all), null: false
 
-      timestamps()
+      timestamps(type: :utc_datetime_usec)
     end
 
     create index(:devices, [:user_id])
diff --git a/apps/fg_http/priv/repo/migrations/20200228154815_create_rules.exs b/apps/fg_http/priv/repo/migrations/20200228154815_create_rules.exs
index eda009fb9..6ecb22209 100644
--- a/apps/fg_http/priv/repo/migrations/20200228154815_create_rules.exs
+++ b/apps/fg_http/priv/repo/migrations/20200228154815_create_rules.exs
@@ -14,7 +14,7 @@ defmodule FgHttp.Repo.Migrations.CreateRules do
       add :port, :string
       add :device_id, references(:devices, on_delete: :delete_all), null: false
 
-      timestamps()
+      timestamps(type: :utc_datetime_usec)
     end
 
     create index(:rules, [:device_id])
diff --git a/apps/fg_http/test/fg_http/password_resets_test.exs b/apps/fg_http/test/fg_http/password_resets_test.exs
index 46c3561b0..f911aa43e 100644
--- a/apps/fg_http/test/fg_http/password_resets_test.exs
+++ b/apps/fg_http/test/fg_http/password_resets_test.exs
@@ -22,7 +22,7 @@ defmodule FgHttp.PasswordResetsTest do
                PasswordResets.create_password_reset(Fixtures.password_reset(), @valid_attrs)
 
       # reset_sent_at should be nil after creation
-      assert is_nil(password_reset.reset_sent_at)
+      assert !is_nil(password_reset.reset_sent_at)
 
       assert password_reset.reset_token
       assert password_reset.email == email
diff --git a/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs b/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs
index d5c232e36..051054a94 100644
--- a/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs
+++ b/apps/fg_http/test/fg_http_web/controllers/password_reset_controller_test.exs
@@ -36,13 +36,11 @@ defmodule FgHttpWeb.PasswordResetControllerTest do
   describe "edit password_reset" do
     setup [:create_password_reset]
 
-    test "renders password change form", %{unauthed_conn: conn, password_reset: password_reset} do
-      params = [{:reset_token, password_reset.reset_token}]
-
+    test "renders form", %{unauthed_conn: conn, password_reset: password_reset} do
       conn =
         get(
           conn,
-          Routes.password_reset_path(conn, :edit, password_reset.id, params)
+          Routes.password_reset_path(conn, :edit, password_reset.reset_token)
         )
 
       assert html_response(conn, 200) =~ "Edit Password"
diff --git a/apps/fg_http/test/support/fixtures.ex b/apps/fg_http/test/support/fixtures.ex
index 23b100d3c..9bca64f70 100644
--- a/apps/fg_http/test/support/fixtures.ex
+++ b/apps/fg_http/test/support/fixtures.ex
@@ -30,7 +30,10 @@ defmodule FgHttp.Fixtures do
   end
 
   def session(_attrs \\ %{}) do
-    {:ok, session} = Sessions.create_session(%{email: user().email, password: "test"})
+    email = user().email
+    record = Sessions.get_session!(email: email)
+    create_params = %{email: email, password: "test"}
+    {:ok, session} = Sessions.create_session(record, create_params)
     session
   end
 
diff --git a/config/dev.exs b/config/dev.exs
index aa586d0c2..190a68bcf 100644
--- a/config/dev.exs
+++ b/config/dev.exs
@@ -18,7 +18,7 @@ config :fg_http, FgHttp.Mailer, adapter: Bamboo.LocalAdapter
 # watchers to your application. For example, we use it
 # with webpack to recompile .js and .css sources.
 config :fg_http, FgHttpWeb.Endpoint,
-  http: [host: "localhost", port: 4000],
+  http: [port: 4000],
   debug_errors: true,
   code_reloader: true,
   check_origin: false,