]> git.openstreetmap.org Git - rails.git/blob - app/controllers/passwords_controller.rb
Merge remote-tracking branch 'upstream/pull/4838'
[rails.git] / app / controllers / passwords_controller.rb
1 class PasswordsController < ApplicationController
2   include SessionMethods
3
4   layout "site"
5
6   before_action :authorize_web
7   before_action :set_locale
8   before_action :check_database_readable
9
10   authorize_resource :class => false
11
12   before_action :check_database_writable
13
14   def new
15     @title = t ".title"
16   end
17
18   def edit
19     @title = t ".title"
20
21     if params[:token]
22       self.current_user = User.find_by_token_for(:password_reset, params[:token])
23
24       if current_user.nil?
25         flash[:error] = t ".flash token bad"
26         redirect_to :action => "new"
27       end
28     else
29       head :bad_request
30     end
31   end
32
33   def create
34     user = User.visible.find_by(:email => params[:email])
35
36     if user.nil?
37       users = User.visible.where("LOWER(email) = LOWER(?)", params[:email])
38
39       user = users.first if users.count == 1
40     end
41
42     if user
43       token = user.generate_token_for(:password_reset)
44       UserMailer.lost_password(user, token).deliver_later
45     end
46
47     flash[:notice] = t ".send_paranoid_instructions"
48     redirect_to login_path
49   end
50
51   def update
52     if params[:token]
53       self.current_user = User.find_by_token_for(:password_reset, params[:token])
54
55       if current_user
56         if params[:user]
57           current_user.pass_crypt = params[:user][:pass_crypt]
58           current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
59           current_user.activate if current_user.may_activate?
60           current_user.email_valid = true
61
62           if current_user.save
63             session[:fingerprint] = current_user.fingerprint
64             flash[:notice] = t ".flash changed"
65             successful_login(current_user)
66           else
67             render :edit
68           end
69         end
70       else
71         flash[:error] = t ".flash token bad"
72         redirect_to :action => "new"
73       end
74     else
75       head :bad_request
76     end
77   end
78 end