adding password rest method and changing some logic around

2013-12-11 22:25:02 -05:00
parent 8eb398950f
commit abe22b19e9
6 changed files with 56 additions and 40 deletions
@@ -1,25 +1,60 @@
 class PasswordResetsController < ApplicationController
-  skip_before_filter :authenticated, :only => [:reset_password]
+  skip_before_filter :authenticated
+

  def reset_password
-    token = params[:token] unless params[:token].nil?
+    user = Marshal.load(Base64.decode64(params[:user])) unless params[:user].nil?

-    if token && is_valid?(token)
+    if user && params[:password] && params[:confirm_password] && params[:password] == params[:confirm_password]
+      user.password = params[:password]
+      user.save!
+      flash[:success] = "Your password has been reset please login"
+      redirect_to :login
+    else
+      flash[:error] = "Error resetting your password. Please try again."
+      redirect_to :login
+    end
+  end
+
+  def confirm_token
+    if !params[:token].nil? && is_valid?(params[:token])
      flash[:success] = "Password reset token confirmed! Please create a new password."
+      render :reset_password
    else
      flash[:error] = "Invalid password reset token. Please try again."
      redirect_to :login
    end
  end

+  def forgot_password
+    @user = User.find_by_email(params[:email]) unless params[:email].nil?
+
+    if @user && password_reset_mailer(@user)
+      flash[:success] = "Password reset email sent to #{params[:email]}"
+      redirect_to :login
+    else
+      flash[:error] = "There was an issue sending password reset email to #{params[:email]}".html_safe unless params[:email].nil?
+    end
+  end
+
  private

+  def password_reset_mailer(user)
+    token = generate_token(user.id, user.email)
+    UserMailer.forgot_password(user.email, token).deliver
+  end
+
+  def generate_token(id, email)
+    hash = Digest::MD5.hexdigest(email)
+    "#{id}-#{hash}"
+  end
+
  def is_valid?(token)
    if token =~ /(?<user_id>\d+)-(?<email_hash>[A-Z0-9]{32})/i

      # Fetch the user by their id, and hash their email address
-      user = User.find_by_id($~[:user_id])
-      email = Digest::MD5.hexdigest(user.email)
+      @user = User.find_by_id($~[:user_id])
+      email = Digest::MD5.hexdigest(@user.email)

      # Compare and validate our hashes
      return true if email == $~[:email_hash]