app/controllers/passwords_controller.rb

   1 # frozen_string_literal: true
   2
   3 class PasswordsController < ApplicationController
   4   include SessionMethods
   5
   6   layout :site_layout
   7
   8   before_action :authorize_web
   9   before_action :set_locale
  10   before_action :check_database_readable
  11
  12   authorize_resource :class => false
  13
  14   before_action :check_database_writable
  15
  16   def new
  17     @title = t ".title"
  18   end
  19
  20   def edit
  21     @title = t ".title"
  22
  23     if params[:token]
  24       self.current_user = User.find_by_token_for(:password_reset, params[:token])
  25
  26       if current_user.nil?
  27         flash[:error] = t ".flash token bad"
  28         redirect_to :action => "new"
  29       end
  30     else
  31       head :bad_request
  32     end
  33   end
  34
  35   def create
  36     user = User.visible.find_by(:email => params[:email])
  37
  38     if user.nil?
  39       users = User.visible.where("LOWER(email) = LOWER(?)", params[:email])
  40
  41       user = users.first if users.one?
  42     end
  43
  44     if user
  45       token = user.generate_token_for(:password_reset)
  46       UserMailer.lost_password(user, token).deliver_later
  47     end
  48
  49     flash[:notice] = t ".send_paranoid_instructions"
  50     redirect_to login_path
  51   end
  52
  53   def update
  54     if params[:token]
  55       self.current_user = User.find_by_token_for(:password_reset, params[:token])
  56
  57       if current_user
  58         if params[:user]
  59           current_user.pass_crypt = params[:user][:pass_crypt]
  60           current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
  61           current_user.activate if current_user.may_activate?
  62           current_user.email_valid = true
  63
  64           if current_user.save
  65             session[:fingerprint] = current_user.fingerprint
  66             flash[:notice] = t ".flash changed"
  67             successful_login(current_user)
  68           else
  69             render :edit
  70           end
  71         end
  72       else
  73         flash[:error] = t ".flash token bad"
  74         redirect_to :action => "new"
  75       end
  76     else
  77       head :bad_request
  78     end
  79   end
  80 end