X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/e78aee9585650673e686288322fa218f0f5a1692..4e237db3902fd9cd9d2f55131c8bba2e830e87fd:/app/controllers/passwords_controller.rb?ds=sidebyside diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 87d25df68..25b2b9607 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -19,11 +19,10 @@ class PasswordsController < ApplicationController @title = t ".title" if params[:token] - token = UserToken.find_by(:token => params[:token]) + self.current_user = User.find_by_token_for(:password_reset, params[:token]) || + UserToken.unexpired.find_by(:token => params[:token])&.user - if token - self.current_user = token.user - else + if current_user.nil? flash[:error] = t ".flash token bad" redirect_to :action => "new" end @@ -42,23 +41,20 @@ class PasswordsController < ApplicationController end if user - token = user.tokens.create + token = user.generate_token_for(:password_reset) UserMailer.lost_password(user, token).deliver_later - flash[:notice] = t ".notice email on way" - redirect_to login_path - else - flash.now[:error] = t ".notice email cannot find" - render :new end + + flash[:notice] = t ".send_paranoid_instructions" + redirect_to login_path end def update if params[:token] - token = UserToken.find_by(:token => params[:token]) - - if token - self.current_user = token.user + self.current_user = User.find_by_token_for(:password_reset, params[:token]) || + UserToken.unexpired.find_by(:token => params[:token])&.user + if current_user if params[:user] current_user.pass_crypt = params[:user][:pass_crypt] current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation] @@ -66,7 +62,7 @@ class PasswordsController < ApplicationController current_user.email_valid = true if current_user.save - token.destroy + UserToken.delete_by(:token => params[:token]) session[:fingerprint] = current_user.fingerprint flash[:notice] = t ".flash changed" successful_login(current_user)