adding password rest method and changing some logic around
This commit is contained in:
Mike McCabe
@@ -1,25 +1,60 @@
|
||||
class PasswordResetsController < ApplicationController
|
||||
skip_before_filter :authenticated, :only => [:reset_password]
|
||||
skip_before_filter :authenticated
|
||||
|
||||
|
||||
def reset_password
|
||||
token = params[:token] unless params[:token].nil?
|
||||
user = Marshal.load(Base64.decode64(params[:user])) unless params[:user].nil?
|
||||
|
||||
if token && is_valid?(token)
|
||||
if user && params[:password] && params[:confirm_password] && params[:password] == params[:confirm_password]
|
||||
user.password = params[:password]
|
||||
user.save!
|
||||
flash[:success] = "Your password has been reset please login"
|
||||
redirect_to :login
|
||||
else
|
||||
flash[:error] = "Error resetting your password. Please try again."
|
||||
redirect_to :login
|
||||
end
|
||||
end
|
||||
|
||||
def confirm_token
|
||||
if !params[:token].nil? && is_valid?(params[:token])
|
||||
flash[:success] = "Password reset token confirmed! Please create a new password."
|
||||
render :reset_password
|
||||
else
|
||||
flash[:error] = "Invalid password reset token. Please try again."
|
||||
redirect_to :login
|
||||
end
|
||||
end
|
||||
|
||||
def forgot_password
|
||||
@user = User.find_by_email(params[:email]) unless params[:email].nil?
|
||||
|
||||
if @user && password_reset_mailer(@user)
|
||||
flash[:success] = "Password reset email sent to #{params[:email]}"
|
||||
redirect_to :login
|
||||
else
|
||||
flash[:error] = "There was an issue sending password reset email to #{params[:email]}".html_safe unless params[:email].nil?
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def password_reset_mailer(user)
|
||||
token = generate_token(user.id, user.email)
|
||||
UserMailer.forgot_password(user.email, token).deliver
|
||||
end
|
||||
|
||||
def generate_token(id, email)
|
||||
hash = Digest::MD5.hexdigest(email)
|
||||
"#{id}-#{hash}"
|
||||
end
|
||||
|
||||
def is_valid?(token)
|
||||
if token =~ /(?<user_id>\d+)-(?<email_hash>[A-Z0-9]{32})/i
|
||||
|
||||
# Fetch the user by their id, and hash their email address
|
||||
user = User.find_by_id($~[:user_id])
|
||||
email = Digest::MD5.hexdigest(user.email)
|
||||
@user = User.find_by_id($~[:user_id])
|
||||
email = Digest::MD5.hexdigest(@user.email)
|
||||
|
||||
# Compare and validate our hashes
|
||||
return true if email == $~[:email_hash]
|
||||
|
||||
@@ -1,18 +1,8 @@
|
||||
class UsersController < ApplicationController
|
||||
|
||||
skip_before_filter :has_info
|
||||
skip_before_filter :authenticated, :only => [:new, :create, :forgot_password]
|
||||
skip_before_filter :authenticated, :only => [:new, :create]
|
||||
|
||||
def forgot_password
|
||||
@user = User.find_by_email(params[:email]) unless params[:email].nil?
|
||||
|
||||
if @user && password_reset_mailer_setup(@user)
|
||||
flash[:success] = "Password reset email sent to #{params[:email]}"
|
||||
redirect_to :login
|
||||
else
|
||||
flash[:error] = "There was an issue sending password reset email to #{params[:email]}".html_safe unless params[:email].nil?
|
||||
end
|
||||
end
|
||||
|
||||
def new
|
||||
@user = User.new
|
||||
@@ -63,16 +53,4 @@ class UsersController < ApplicationController
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def password_reset_mailer_setup(user)
|
||||
token = generate_token(user.id, user.email)
|
||||
UserMailer.forgot_password(user.email, token).deliver
|
||||
end
|
||||
|
||||
def generate_token(id, email)
|
||||
hash = Digest::MD5.hexdigest(email)
|
||||
"#{id}-#{hash}"
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
<!-- This form is just a placeholder with no working functionality -->
|
||||
|
||||
<div class="signup">
|
||||
<%= form_tag "reset_passwords", :class=> "signup-wrapper" do %>
|
||||
<%= form_tag "password_resets", :class=> "signup-wrapper" do %>
|
||||
|
||||
<div class="header">
|
||||
<h2>Create Password</h2>
|
||||
@@ -18,6 +18,7 @@
|
||||
</div>
|
||||
|
||||
<div class="content">
|
||||
<%= hidden_field_tag 'user', Base64.encode64(Marshal.dump(@user)) %>
|
||||
<%= label_tag "Enter Password" %>
|
||||
<%= password_field_tag :password, params[:password], {:class => "input input-block-level"} %>
|
||||
<%= label_tag "Confirm Password" %>
|
||||
|
||||
+4
-2
@@ -3,8 +3,10 @@ Railsgoat::Application.routes.draw do
|
||||
get "login" => "sessions#new"
|
||||
get "signup" => "users#new"
|
||||
get "logout" => "sessions#destroy"
|
||||
match "forgot_password" => "users#forgot_password"
|
||||
match "password_resets" => "password_resets#reset_password"
|
||||
match "forgot_password" => "password_resets#forgot_password"
|
||||
get "password_resets" => "password_resets#confirm_token"
|
||||
post "password_resets" => "password_resets#reset_password"
|
||||
|
||||
|
||||
resources :sessions do
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user