Sha256: 5ea584253a4e5eb7c14c6bbe3f74994eb13c2a6a01e939a5d25ad86f23539f89
Contents?: true
Size: 1.7 KB
Versions: 2
Compression:
Stored size: 1.7 KB
Contents
class Clearance::PasswordsController < ApplicationController
unloadable
before_filter :forbid_missing_token, :only => [:edit, :update]
before_filter :forbid_non_existent_user, :only => [:edit, :update]
filter_parameter_logging :password, :password_confirmation
def new
render :template => 'passwords/new'
end
def create
if user = ::User.find_by_email(params[:password][:email])
user.forgot_password!
::ClearanceMailer.deliver_change_password user
flash[:notice] = "You will receive an email within the next few minutes. " <<
"It contains instructions for changing your password."
redirect_to url_after_create
else
flash.now[:notice] = "Unknown email"
render :template => 'passwords/new'
end
end
def edit
@user = ::User.find_by_id_and_token(params[:user_id], params[:token])
render :template => 'passwords/edit'
end
def update
@user = ::User.find_by_id_and_token(params[:user_id], params[:token])
if @user.update_password(params[:user][:password],
params[:user][:password_confirmation])
@user.confirm_email! unless @user.email_confirmed?
sign_user_in(@user)
redirect_to url_after_update
else
render :template => 'passwords/edit'
end
end
private
def forbid_missing_token
if params[:token].blank?
raise ActionController::Forbidden, "missing token"
end
end
def forbid_non_existent_user
unless ::User.find_by_id_and_token(params[:user_id], params[:token])
raise ActionController::Forbidden, "non-existent user"
end
end
def url_after_create
new_session_url
end
def url_after_update
root_url
end
end
Version data entries
2 entries across 2 versions & 2 rubygems
| Version | Path |
|---|---|
| thoughtbot-clearance-0.6.3 | app/controllers/clearance/passwords_controller.rb |
| vita-clearance-0.6.3 | app/controllers/clearance/passwords_controller.rb |