]> git.openstreetmap.org Git - rails.git/blob - app/controllers/passwords_controller.rb
Merge remote-tracking branch 'upstream/pull/4324'
[rails.git] / app / controllers / passwords_controller.rb
1 class PasswordsController < ApplicationController
2   include SessionMethods
3
4   layout "site"
5
6   before_action :authorize_web
7   before_action :set_locale
8   before_action :check_database_readable
9
10   authorize_resource :class => false
11
12   before_action :check_database_writable
13
14   def new
15     @title = t ".title"
16   end
17
18   def edit
19     @title = t ".title"
20
21     if params[:token]
22       self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
23                           UserToken.unexpired.find_by(:token => params[:token])&.user
24
25       if current_user.nil?
26         flash[:error] = t ".flash token bad"
27         redirect_to :action => "new"
28       end
29     else
30       head :bad_request
31     end
32   end
33
34   def create
35     user = User.visible.find_by(:email => params[:email])
36
37     if user.nil?
38       users = User.visible.where("LOWER(email) = LOWER(?)", params[:email])
39
40       user = users.first if users.count == 1
41     end
42
43     if user
44       token = user.generate_token_for(:password_reset)
45       UserMailer.lost_password(user, token).deliver_later
46       flash[:notice] = t ".notice email on way"
47       redirect_to login_path
48     else
49       flash.now[:error] = t ".notice email cannot find"
50       render :new
51     end
52   end
53
54   def update
55     if params[:token]
56       self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
57                           UserToken.unexpired.find_by(:token => params[:token])&.user
58
59       if current_user
60         if params[:user]
61           current_user.pass_crypt = params[:user][:pass_crypt]
62           current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
63           current_user.activate if current_user.may_activate?
64           current_user.email_valid = true
65
66           if current_user.save
67             UserToken.delete_by(:token => params[:token])
68             session[:fingerprint] = current_user.fingerprint
69             flash[:notice] = t ".flash changed"
70             successful_login(current_user)
71           else
72             render :edit
73           end
74         end
75       else
76         flash[:error] = t ".flash token bad"
77         redirect_to :action => "new"
78       end
79     else
80       head :bad_request
81     end
82   end
83 end