]> git.openstreetmap.org Git - rails.git/blob - app/controllers/passwords_controller.rb
Merge remote-tracking branch 'upstream/pull/4226'
[rails.git] / app / controllers / passwords_controller.rb
1 class PasswordsController < ApplicationController
2   include SessionMethods
3
4   layout "site"
5
6   before_action :authorize_web
7   before_action :set_locale
8   before_action :check_database_readable
9
10   authorize_resource :class => false
11
12   before_action :check_database_writable, :only => [:lost_password, :reset_password]
13
14   def lost_password
15     @title = t ".title"
16
17     if request.post?
18       user = User.visible.find_by(:email => params[:email])
19
20       if user.nil?
21         users = User.visible.where("LOWER(email) = LOWER(?)", params[:email])
22
23         user = users.first if users.count == 1
24       end
25
26       if user
27         token = user.tokens.create
28         UserMailer.lost_password(user, token).deliver_later
29         flash[:notice] = t ".notice email on way"
30         redirect_to login_path
31       else
32         flash.now[:error] = t ".notice email cannot find"
33       end
34     end
35   end
36
37   def reset_password
38     @title = t ".title"
39
40     if params[:token]
41       token = UserToken.find_by(:token => params[:token])
42
43       if token
44         self.current_user = token.user
45
46         if params[:user]
47           current_user.pass_crypt = params[:user][:pass_crypt]
48           current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
49           current_user.activate if current_user.may_activate?
50           current_user.email_valid = true
51
52           if current_user.save
53             token.destroy
54             session[:fingerprint] = current_user.fingerprint
55             flash[:notice] = t ".flash changed"
56             successful_login(current_user)
57           end
58         end
59       else
60         flash[:error] = t ".flash token bad"
61         redirect_to :action => "lost_password"
62       end
63     else
64       head :bad_request
65     end
66   end
67 end