Merge remote-tracking branch 'upstream/pull/4455'

[rails.git] / app / controllers / passwords_controller.rb

diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
index 08df9f7a4bbeed964c17af62ccc7c4a5263c5cfb..26b21b6d9180e0f1737ab7b9afe5a03b01f40153 100644 (file)
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@ -9,40 +9,50 @@ class PasswordsController < ApplicationController
 
   authorize_resource :class => false
 
 
   authorize_resource :class => false
 

-  before_action :check_database_writable, :only => [:lost_password, :reset_password]
+  before_action :check_database_writable

 
 

-  def lost_password
+  def new

     @title = t ".title"
     @title = t ".title"

+  end

 
 

-    if request.post?
-      user = User.visible.find_by(:email => params[:email])
-
-      if user.nil?
-        users = User.visible.where("LOWER(email) = LOWER(?)", params[:email])
+  def edit
+    @title = t ".title"

 
 

-        user = users.first if users.count == 1
-      end
+    if params[:token]
+      self.current_user = User.find_by_token_for(:password_reset, params[:token])

 
 

-      if user
-        token = user.tokens.create
-        UserMailer.lost_password(user, token).deliver_later
-        flash[:notice] = t ".notice email on way"
-        redirect_to login_path
-      else
-        flash.now[:error] = t ".notice email cannot find"
+      if current_user.nil?
+        flash[:error] = t ".flash token bad"
+        redirect_to :action => "new"

       end
       end

+    else
+      head :bad_request

     end
   end
 
     end
   end
 

-  def reset_password
-    @title = t ".title"
+  def create
+    user = User.visible.find_by(:email => params[:email])

 
 

-    if params[:token]
-      token = UserToken.find_by(:token => params[:token])
+    if user.nil?
+      users = User.visible.where("LOWER(email) = LOWER(?)", params[:email])

 
 

-      if token
-        self.current_user = token.user
+      user = users.first if users.count == 1
+    end
+
+    if user
+      token = user.generate_token_for(:password_reset)
+      UserMailer.lost_password(user, token).deliver_later
+    end
+
+    flash[:notice] = t ".send_paranoid_instructions"
+    redirect_to login_path
+  end
+
+  def update
+    if params[:token]
+      self.current_user = User.find_by_token_for(:password_reset, params[:token])

 
 

+      if current_user

         if params[:user]
           current_user.pass_crypt = params[:user][:pass_crypt]
           current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
         if params[:user]
           current_user.pass_crypt = params[:user][:pass_crypt]
           current_user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]


@@ -50,15 +60,16 @@ class PasswordsController < ApplicationController
           current_user.email_valid = true
 
           if current_user.save
           current_user.email_valid = true
 
           if current_user.save

-            token.destroy

             session[:fingerprint] = current_user.fingerprint
             flash[:notice] = t ".flash changed"
             successful_login(current_user)
             session[:fingerprint] = current_user.fingerprint
             flash[:notice] = t ".flash changed"
             successful_login(current_user)

+          else
+            render :edit

           end
         end
       else
         flash[:error] = t ".flash token bad"
           end
         end
       else
         flash[:error] = t ".flash token bad"

-        redirect_to :action => "lost_password"
+        redirect_to :action => "new"

       end
     else
       head :bad_request
       end
     else
       head :bad_request