Sha256: 1b6450abe74a70640cba215b33a23546e14e768e35fc657be0e8ac994df013e7
Contents?: true
Size: 1.54 KB
Versions: 5
Compression:
Stored size: 1.54 KB
Contents
module Protected
class PasswordsController < Devise::PasswordsController
def update
self.resource = resource_class.reset_password_by_token(params[resource_name])
if resource.errors.empty?
flash[:notice] = "Your password has been changed, please log in again."
sign_out_all_scopes
redirect_to new_user_session_url and return false
end
render :template => 'protected/passwords/edit.html.haml'
end
def new
build_resource({})
end
def edit
unless params[:reset_password_token].present?
flash[:notice] = "A valid password token was not found"
redirect_to root_url and return false
else
self.resource = resource_class.new
resource.reset_password_token = params[:reset_password_token]
end
end
def create
# Refactor Me:
# This currently redireccts the user to a success message regardless if the email is in the database or not.
# This is done to prevent others from determining what emails are "good" within the system but may confuse
# a user who tries to reset their password but uses an incorrect address. Because they know they have an
# account and received a success message they will infer the application is broken when no email arrives.
self.resource = resource_class.reset_password_and_send_password_instructions(params[resource_name])
flash[:notice] = "Instructions on how to reset your password have been sent to #{resource.email}."
redirect_to new_user_session_url
end
end
end
Version data entries
5 entries across 5 versions & 1 rubygems