Sha256: 276fb3120842d4e84d451392ca06d292dfaf2bd584cadce0bc377e9f1ca902a1

Contents?: true

Size: 925 Bytes

Versions: 3

Compression:

Stored size: 925 Bytes

Contents

# frozen_string_literal: true

class PasswordResetsController < ApplicationController
  skip_before_action :authorization_required

  layout "sessions"

  # Form for user to request a password reset
  def new
    @user = MinimalistAuthentication.configuration.user_model.new
  end

  # Send a password update link to users with a verified email
  def create
    if user
      user.regenerate_verification_token
      MinimalistAuthenticationMailer.update_password(user).deliver_now
    end
    # always display notice even if the user was not found to prevent leaking user emails
    redirect_to new_session_path, notice: "Password reset instructions were mailed to #{email}"
  end

  private

  def user
    return unless URI::MailTo::EMAIL_REGEXP.match?(email)

    @user ||= MinimalistAuthentication.configuration.user_model.active.email_verified.find_by(email:)
  end

  def email
    params.dig(:user, :email)
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
minimalist_authentication-3.0.0 app/controllers/password_resets_controller.rb
minimalist_authentication-2.7.0 app/controllers/password_resets_controller.rb
minimalist_authentication-2.6.2 app/controllers/password_resets_controller.rb