app/controllers/passwords_controller.rb

   1 class PasswordsController < ApplicationController
   2   include SessionMethods
   3
   4   layout "site"
   5
   6   before_action :authorize_web
   7   before_action :set_locale
   8   before_action :check_database_readable
   9
  10   authorize_resource :class => false
  11
  12   before_action :check_database_writable
  13
  14   def new
  15     @title = t ".title"
  16   end
  17
  18   def edit
  19     @title = t ".title"
  20
  21     if params[:token]
  22       self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
  23                           UserToken.unexpired.find_by(:token => params[:token])&.user
  24
  25       if current_user.nil?
  26         flash[:error] = t ".flash token bad"
  27         redirect_to :action => "new"
  28       end
  29     else
  30       head :bad_request
  31     end
  32   end
  33
  34   def create
  35     user = User.visible.find_by(:email => params[:email])
  36
  37     if user.nil?
  38       users = User.visible.where("LOWER(email) = LOWER(?)", params[:email])
  39
  40       user = users.first if users.count == 1
  41     end
  42
  43     if user
  44       token = user.generate_token_for(:password_reset)
  45       UserMailer.lost_password(user, token).deliver_later
  46       flash[:notice] = t ".notice email on way"
  47       redirect_to login_path
  48     else
  49       flash.now[:error] = t ".notice email cannot find"
  50       render :new
  51     end
  52   end
  53
  54   def update
  55     if params[:token]
  56       self.current_user = User.find_by_token_for(:password_reset, params[:token]) ||
  57                           UserToken.unexpired.find_by(:token => params[:token])&.user
  58
  59       if current_user
  60         if params[:user]
  61           current_user.pass_crypt = params[:user][:pass_crypt]
  62           current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
  63           current_user.activate if current_user.may_activate?
  64           current_user.email_valid = true
  65
  66           if current_user.save
  67             UserToken.delete_by(:token => params[:token])
  68             session[:fingerprint] = current_user.fingerprint
  69             flash[:notice] = t ".flash changed"
  70             successful_login(current_user)
  71           else
  72             render :edit
  73           end
  74         end
  75       else
  76         flash[:error] = t ".flash token bad"
  77         redirect_to :action => "new"
  78       end
  79     else
  80       head :bad_request
  81     end
  82   end
  83 end