authorize_resource :class => false
- before_action :check_database_writable, :only => [:lost_password, :reset_password]
+ before_action :check_database_writable
- def lost_password
- @title = t "passwords.lost_password.title"
-
- if request.post?
- user = User.visible.find_by(:email => params[:email])
+ def new
+ @title = t ".title"
+ end
- if user.nil?
- users = User.visible.where("LOWER(email) = LOWER(?)", params[:email])
+ def edit
+ @title = t ".title"
- user = users.first if users.count == 1
- end
+ if params[:token]
+ self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
+ UserToken.unexpired.find_by(:token => params[:token])&.user
- if user
- token = user.tokens.create
- UserMailer.lost_password(user, token).deliver_later
- flash[:notice] = t "passwords.lost_password.notice email on way"
- redirect_to login_path
- else
- flash.now[:error] = t "passwords.lost_password.notice email cannot find"
+ if current_user.nil?
+ flash[:error] = t ".flash token bad"
+ redirect_to :action => "new"
end
+ else
+ head :bad_request
end
end
- def reset_password
- @title = t "passwords.reset_password.title"
+ def create
+ user = User.visible.find_by(:email => params[:email])
- if params[:token]
- token = UserToken.find_by(:token => params[:token])
+ if user.nil?
+ users = User.visible.where("LOWER(email) = LOWER(?)", params[:email])
- if token
- self.current_user = token.user
+ user = users.first if users.count == 1
+ end
+
+ if user
+ token = user.generate_token_for(:password_reset)
+ UserMailer.lost_password(user, token).deliver_later
+ end
+
+ flash[:notice] = t ".send_paranoid_instructions"
+ redirect_to login_path
+ end
+
+ def update
+ if params[:token]
+ self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
+ UserToken.unexpired.find_by(:token => params[:token])&.user
+ if current_user
if params[:user]
current_user.pass_crypt = params[:user][:pass_crypt]
current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
- current_user.status = "active" if current_user.status == "pending"
+ current_user.activate if current_user.may_activate?
current_user.email_valid = true
if current_user.save
- token.destroy
+ UserToken.delete_by(:token => params[:token])
session[:fingerprint] = current_user.fingerprint
- flash[:notice] = t "passwords.reset_password.flash changed"
+ flash[:notice] = t ".flash changed"
successful_login(current_user)
+ else
+ render :edit
end
end
else
- flash[:error] = t "passwords.reset_password.flash token bad"
- redirect_to :action => "lost_password"
+ flash[:error] = t ".flash token bad"
+ redirect_to :action => "new"
end
else
head :bad_request