X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/0e78061cdba5cfb3f299f57b7643d2b396ee235b..79c306ad06155549ff6e5929ff20a1149b4862c4:/app/controllers/passwords_controller.rb?ds=sidebyside diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 331575964..26b21b6d9 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -9,56 +9,67 @@ class PasswordsController < ApplicationController authorize_resource :class => false - before_action :check_database_writable, :only => [:lost_password, :reset_password] + before_action :check_database_writable - def lost_password - @title = t "passwords.lost_password.title" - - if request.post? - user = User.visible.find_by(:email => params[:email]) + def new + @title = t ".title" + end - if user.nil? - users = User.visible.where("LOWER(email) = LOWER(?)", params[:email]) + def edit + @title = t ".title" - user = users.first if users.count == 1 - end + if params[:token] + self.current_user = User.find_by_token_for(:password_reset, params[:token]) - if user - token = user.tokens.create - UserMailer.lost_password(user, token).deliver_later - flash[:notice] = t "passwords.lost_password.notice email on way" - redirect_to login_path - else - flash.now[:error] = t "passwords.lost_password.notice email cannot find" + if current_user.nil? + flash[:error] = t ".flash token bad" + redirect_to :action => "new" end + else + head :bad_request end end - def reset_password - @title = t "passwords.reset_password.title" + def create + user = User.visible.find_by(:email => params[:email]) - if params[:token] - token = UserToken.find_by(:token => params[:token]) + if user.nil? + users = User.visible.where("LOWER(email) = LOWER(?)", params[:email]) - if token - self.current_user = token.user + user = users.first if users.count == 1 + end + + if user + token = user.generate_token_for(:password_reset) + UserMailer.lost_password(user, token).deliver_later + end + + flash[:notice] = t ".send_paranoid_instructions" + redirect_to login_path + end + + def update + if params[:token] + self.current_user = User.find_by_token_for(:password_reset, params[:token]) + if current_user if params[:user] current_user.pass_crypt = params[:user][:pass_crypt] current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation] - current_user.status = "active" if current_user.status == "pending" + current_user.activate if current_user.may_activate? current_user.email_valid = true if current_user.save - token.destroy session[:fingerprint] = current_user.fingerprint - flash[:notice] = t "passwords.reset_password.flash changed" + flash[:notice] = t ".flash changed" successful_login(current_user) + else + render :edit end end else - flash[:error] = t "passwords.reset_password.flash token bad" - redirect_to :action => "lost_password" + flash[:error] = t ".flash token bad" + redirect_to :action => "new" end else head :bad_request