3: def render
4: flash[:reset_password] = {}
5:
6: unless params[:token]
7: flash[:reset_password][:error] = "No password token given"
8: return
9: end
10:
11: @user = User.find_by_reset_token(params[:token])
12:
13: unless @user
14: flash[:reset_password][:notice] = "Invalid password token"
15: return
16: end
17:
18: if request.method == :post
19: @user.password = params[:password]
20: @user.password_confirmation = params[:password_confirmation]
21:
22: if @user.save
23: flash[:reset_password][:notice] = 'Password has been reset'
24: end
25: end
26: end