Rework password reset system to do away with the second email and instead

just allow the user (providing they possess a valid token from the first
email) to enter a new password on the site.

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index c3ab012e387edadd0d32f5ba4b380b60a1ead586..6d69b512011647f8bac599267299eb44e780d0ed 100644 (file)
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -95,9 +95,9 @@ class UserController < ApplicationController
       if user
         token = user.tokens.create
         Notifier.deliver_lost_password(user, token)
       if user
         token = user.tokens.create
         Notifier.deliver_lost_password(user, token)

-        flash[:notice] = t 'user.lost_password.notice email on way'
+        @notice = t 'user.lost_password.notice email on way'

       else
       else

-        flash[:notice] = t 'user.lost_password.notice email cannot find'
+        @notice = t 'user.lost_password.notice email cannot find'

       end
     end
   end
       end
     end
   end


@@ -105,25 +105,28 @@ class UserController < ApplicationController
   def reset_password
     @title = t 'user.reset_password.title'
 
   def reset_password
     @title = t 'user.reset_password.title'
 

-    if params['token']
+    if params[:token]

       token = UserToken.find_by_token(params[:token])
       token = UserToken.find_by_token(params[:token])

+

       if token
       if token

-        pass = OSM::make_token(8)
-        user = token.user
-        user.pass_crypt = pass
-        user.pass_crypt_confirmation = pass
-        user.active = true
-        user.email_valid = true
-        user.save!
-        token.destroy
-        Notifier.deliver_reset_password(user, pass)
-        flash[:notice] = t 'user.reset_password.flash changed check mail'
+        if params[:user]
+          @user = token.user
+          @user.pass_crypt = params[:user][:pass_crypt]
+          @user.pass_crypt_confirmation = params[:user][:pass_crypt_confirmation]
+          @user.active = true
+          @user.email_valid = true
+
+          if @user.save
+            token.destroy
+            flash[:notice] = t 'user.reset_password.flash changed'
+            redirect_to :action => 'login'
+          end
+        end

       else
         flash[:notice] = t 'user.reset_password.flash token bad'
       else
         flash[:notice] = t 'user.reset_password.flash token bad'

+        redirect_to :action => 'lost_password'

       end
     end
       end
     end

-
-    redirect_to :action => 'login'

   end
 
   def new
   end
 
   def new

diff --git a/app/models/notifier.rb b/app/models/notifier.rb
index ba4530e9927165c6f0cf352e41ae70fbb1bfd437..35b521e1fdfdd4918f82f3aa604a97a4f7b331d4 100644 (file)
--- a/app/models/notifier.rb
+++ b/app/models/notifier.rb
@@ -22,13 +22,7 @@ class Notifier < ActionMailer::Base
     subject I18n.t('notifier.lost_password.subject')
     body :url => url_for(:host => SERVER_URL,
                          :controller => "user", :action => "reset_password",
     subject I18n.t('notifier.lost_password.subject')
     body :url => url_for(:host => SERVER_URL,
                          :controller => "user", :action => "reset_password",

-                         :email => user.email, :token => token.token)
-  end
-
-  def reset_password(user, pass)
-    common_headers user
-    subject I18n.t('notifier.reset_password.subject')
-    body :pass => pass
+                         :token => token.token)

   end
 
   def gpx_success(trace, possible_points)
   end
 
   def gpx_success(trace, possible_points)

diff --git a/app/views/notifier/reset_password.text.html.erb b/app/views/notifier/reset_password.text.html.erb
deleted file mode 100644 (file)
index 39ea35b..0000000
--- a/app/views/notifier/reset_password.text.html.erb
+++ /dev/null
@@ -1,3 +0,0 @@
-<p><%= t 'notifier.reset_password_html.greeting' %></p>
-
-<p><%= t 'notifier.reset_password_html.reset', :new_password => @pass %></p>

diff --git a/app/views/notifier/reset_password.text.plain.erb b/app/views/notifier/reset_password.text.plain.erb
deleted file mode 100644 (file)
index aab4d13..0000000
--- a/app/views/notifier/reset_password.text.plain.erb
+++ /dev/null
@@ -1,3 +0,0 @@
-<%= t 'notifier.reset_password_plain.greeting' %>
-
-<%= t 'notifier.reset_password_plain.reset', :new_password => @pass %>

diff --git a/app/views/user/reset_password.html.erb b/app/views/user/reset_password.html.erb
new file mode 100644 (file)
index 0000000..458a608
--- /dev/null
+++ b/app/views/user/reset_password.html.erb
@@ -0,0 +1,14 @@
+<h1><%= t 'user.reset_password.heading' %></h1>
+
+<%= error_messages_for :user %>
+
+<% form_tag do %>
+<%= hidden_field_tag(:token, params[:token]) %>
+<table id="loginForm">
+  <tr><td class="fieldName"><%= t 'user.reset_password.password' %></td><td><%= password_field(:user, :pass_crypt,{:size => 30, :maxlength => 255, :tabindex => 4}) %></td></tr>
+  <tr><td class="fieldName"><%= t 'user.reset_password.confirm password' %></td><td><%= password_field(:user, :pass_crypt_confirmation,{:size => 30, :maxlength => 255, :tabindex => 5}) %></td></tr>
+  
+  <tr><td colspan=2>&nbsp;<!--vertical spacer--></td></tr>
+  <tr><td></td><td align=right><input type="submit" value="<%= t'user.reset_password.reset' %>" tabindex="6"></td></tr>
+</table>
+<% end %>

diff --git a/config/locales/en.yml b/config/locales/en.yml
index 3b049b12aa91b7949d8fbe2cec93561e6515b2d8..9283fcb575d22f1eb614a2083be7727dc7b3b9fb 100644 (file)
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -533,14 +533,6 @@ en:
       greeting: "Hi,"
       hopefully_you: "Someone (possibly you) has asked for the password to be reset on this email address's openstreetmap.org account."
       click_the_link: "If this is you, please click the link below to reset your password."
       greeting: "Hi,"
       hopefully_you: "Someone (possibly you) has asked for the password to be reset on this email address's openstreetmap.org account."
       click_the_link: "If this is you, please click the link below to reset your password."

-    reset_password:
-      subject: "[OpenStreetMap] Password reset"
-    reset_password_plain:
-      greeting: "Hi,"
-      reset: "Your password has been reset to {{new_password}}"
-    reset_password_html:
-      greeting: "Hi,"
-      reset: "Your password has been reset to {{new_password}}"

   message:
     inbox:
       title: "Inbox"
   message:
     inbox:
       title: "Inbox"


@@ -796,15 +788,19 @@ en:
       account not active: "Sorry, your account is not active yet.<br>Please click on the link in the account confirmation email to activate your account."
       auth failure: "Sorry, couldn't log in with those details."
     lost_password:
       account not active: "Sorry, your account is not active yet.<br>Please click on the link in the account confirmation email to activate your account."
       auth failure: "Sorry, couldn't log in with those details."
     lost_password:

-      title: "lost password"
+      title: "Lost password"

       heading: "Forgotten Password?"
       email address: "Email Address:"
       new password button: "Send me a new password"
       notice email on way: "Sorry you lost it :-( but an email is on its way so you can reset it soon."
       notice email cannot find: "Couldn't find that email address, sorry."
     reset_password:
       heading: "Forgotten Password?"
       email address: "Email Address:"
       new password button: "Send me a new password"
       notice email on way: "Sorry you lost it :-( but an email is on its way so you can reset it soon."
       notice email cannot find: "Couldn't find that email address, sorry."
     reset_password:

-      title: "reset password"
-      flash changed check mail: "Your password has been changed and is on its way to your mailbox :-)"
+      title: "Reset password"
+      heading: "Reset Password"
+      password: "Password: "
+      confirm password: "Confirm Password: "
+      reset: "Reset Password"
+      flash changed: "Your password has been changed."

       flash token bad: "Didn't find that token, check the URL maybe?"
     new:
       title: "Create account"
       flash token bad: "Didn't find that token, check the URL maybe?"
     new:
       title: "Create account"