X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/067b0de4391a32124aef23c56d73e2bb492df8ca..2baff0463547693bfcfdca7dea9055aa26459a18:/app/controllers/passwords_controller.rb?ds=sidebyside diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 08df9f7a4..8025fd700 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -9,40 +9,54 @@ class PasswordsController < ApplicationController authorize_resource :class => false - before_action :check_database_writable, :only => [:lost_password, :reset_password] + before_action :check_database_writable - def lost_password + def new @title = t ".title" + end - if request.post? - user = User.visible.find_by(:email => params[:email]) - - if user.nil? - users = User.visible.where("LOWER(email) = LOWER(?)", params[:email]) + def edit + @title = t ".title" - user = users.first if users.count == 1 - end + if params[:token] + self.current_user = User.find_by_token_for(:password_reset, params[:token]) || + UserToken.unexpired.find_by(:token => params[:token])&.user - if user - token = user.tokens.create - UserMailer.lost_password(user, token).deliver_later - flash[:notice] = t ".notice email on way" - redirect_to login_path - else - flash.now[:error] = t ".notice email cannot find" + if current_user.nil? + flash[:error] = t ".flash token bad" + redirect_to :action => "new" end + else + head :bad_request end end - def reset_password - @title = t ".title" + def create + user = User.visible.find_by(:email => params[:email]) - if params[:token] - token = UserToken.find_by(:token => params[:token]) + if user.nil? + users = User.visible.where("LOWER(email) = LOWER(?)", params[:email]) - if token - self.current_user = token.user + user = users.first if users.count == 1 + end + + if user + token = user.generate_token_for(:password_reset) + UserMailer.lost_password(user, token).deliver_later + flash[:notice] = t ".notice email on way" + redirect_to login_path + else + flash.now[:error] = t ".notice email cannot find" + render :new + end + end + + def update + if params[:token] + self.current_user = User.find_by_token_for(:password_reset, params[:token]) || + UserToken.unexpired.find_by(:token => params[:token])&.user + if current_user if params[:user] current_user.pass_crypt = params[:user][:pass_crypt] current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation] @@ -50,15 +64,17 @@ class PasswordsController < ApplicationController current_user.email_valid = true if current_user.save - token.destroy + UserToken.delete_by(:token => params[:token]) session[:fingerprint] = current_user.fingerprint flash[:notice] = t ".flash changed" successful_login(current_user) + else + render :edit end end else flash[:error] = t ".flash token bad" - redirect_to :action => "lost_password" + redirect_to :action => "new" end else head :bad_request