team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding password rest method and changing some logic around

Browse Source
This commit is contained in:
Mike McCabe
2013-12-11 22:25:02 -05:00
parent 8eb398950f
commit abe22b19e9
6 changed files with 56 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/password_resets_controller.rb
+40 -5
View File
@@ -1,25 +1,60 @@
class PasswordResetsController < ApplicationController class PasswordResetsController < ApplicationController
skip_before_filter :authenticated, :only => [:reset_password] skip_before_filter :authenticated
def reset_password def reset_password
token = params[:token] unless params[:token].nil? user = Marshal.load(Base64.decode64(params[:user])) unless params[:user].nil?
if token && is_valid?(token) if user && params[:password] && params[:confirm_password] && params[:password] == params[:confirm_password]
user.password = params[:password]
user.save!
flash[:success] = "Your password has been reset please login"
redirect_to :login
else
flash[:error] = "Error resetting your password. Please try again."
redirect_to :login
end
end
def confirm_token
if !params[:token].nil? && is_valid?(params[:token])
flash[:success] = "Password reset token confirmed! Please create a new password." flash[:success] = "Password reset token confirmed! Please create a new password."
render :reset_password
else else
flash[:error] = "Invalid password reset token. Please try again." flash[:error] = "Invalid password reset token. Please try again."
redirect_to :login redirect_to :login
end end
end end
def forgot_password
@user = User.find_by_email(params[:email]) unless params[:email].nil?
if @user && password_reset_mailer(@user)
flash[:success] = "Password reset email sent to #{params[:email]}"
redirect_to :login
else
flash[:error] = "There was an issue sending password reset email to #{params[:email]}".html_safe unless params[:email].nil?
end
end
private private
def password_reset_mailer(user)
token = generate_token(user.id, user.email)
UserMailer.forgot_password(user.email, token).deliver
end
def generate_token(id, email)
hash = Digest::MD5.hexdigest(email)
"#{id}-#{hash}"
end
def is_valid?(token) def is_valid?(token)
if token =~ /(?<user_id>\d+)-(?<email_hash>[A-Z0-9]{32})/i if token =~ /(?<user_id>\d+)-(?<email_hash>[A-Z0-9]{32})/i
# Fetch the user by their id, and hash their email address # Fetch the user by their id, and hash their email address
user = User.find_by_id($~[:user_id]) @user = User.find_by_id($~[:user_id])
email = Digest::MD5.hexdigest(user.email) email = Digest::MD5.hexdigest(@user.email)
# Compare and validate our hashes # Compare and validate our hashes
return true if email == $~[:email_hash] return true if email == $~[:email_hash]
app/controllers/users_controller.rb
+1 -23
View File
@@ -1,18 +1,8 @@
class UsersController < ApplicationController class UsersController < ApplicationController
skip_before_filter :has_info skip_before_filter :has_info
skip_before_filter :authenticated, :only => [:new, :create, :forgot_password] skip_before_filter :authenticated, :only => [:new, :create]
def forgot_password
@user = User.find_by_email(params[:email]) unless params[:email].nil?
if @user && password_reset_mailer_setup(@user)
flash[:success] = "Password reset email sent to #{params[:email]}"
redirect_to :login
else
flash[:error] = "There was an issue sending password reset email to #{params[:email]}".html_safe unless params[:email].nil?
end
end
def new def new
@user = User.new @user = User.new
@@ -63,16 +53,4 @@ class UsersController < ApplicationController
end end
end end
private
def password_reset_mailer_setup(user)
token = generate_token(user.id, user.email)
UserMailer.forgot_password(user.email, token).deliver
end
def generate_token(id, email)
hash = Digest::MD5.hexdigest(email)
"#{id}-#{hash}"
end
end end
app/views/users/forgot_password.html.erb → app/views/password_resets/forgot_password.html.erb
View File
app/views/password_resets/reset_password.html.erb
+2 -1
View File
@@ -10,7 +10,7 @@
<!-- This form is just a placeholder with no working functionality --> <!-- This form is just a placeholder with no working functionality -->
<div class="signup"> <div class="signup">
<%= form_tag "reset_passwords", :class=> "signup-wrapper" do %> <%= form_tag "password_resets", :class=> "signup-wrapper" do %>
<div class="header"> <div class="header">
<h2>Create Password</h2> <h2>Create Password</h2>
@@ -18,6 +18,7 @@
</div> </div>
<div class="content"> <div class="content">
<%= hidden_field_tag 'user', Base64.encode64(Marshal.dump(@user)) %>
<%= label_tag "Enter Password" %> <%= label_tag "Enter Password" %>
<%= password_field_tag :password, params[:password], {:class => "input input-block-level"} %> <%= password_field_tag :password, params[:password], {:class => "input input-block-level"} %>
<%= label_tag "Confirm Password" %> <%= label_tag "Confirm Password" %>
config/routes.rb
+4 -2
View File
@@ -3,8 +3,10 @@ Railsgoat::Application.routes.draw do
get "login" => "sessions#new" get "login" => "sessions#new"
get "signup" => "users#new" get "signup" => "users#new"
get "logout" => "sessions#destroy" get "logout" => "sessions#destroy"
match "forgot_password" => "users#forgot_password" match "forgot_password" => "password_resets#forgot_password"
match "password_resets" => "password_resets#reset_password" get "password_resets" => "password_resets#confirm_token"
post "password_resets" => "password_resets#reset_password"
resources :sessions do resources :sessions do
end end