module DoubleAuthEngine
  module PasswordResetsControllerMixin
    def self.included(base)
      base.class_eval do
        skip_before_filter :require_user
        before_filter :load_user_using_perishable_token, :only => [:edit, :update]
      end
      base.send :include, InstanceMethods
    end

    module InstanceMethods
      def new
        render :layout => false
      end

      def create
        @user = User.find_by_email(params[:email])
        if @user
          @user.deliver_password_reset_instructions!
          redirect_to root_url, :notice => 'Instructions to reset your password have been emailed to you. Please check your email.'
        else
          redirect_to new_password_reset_url, :notice => 'No user was found with that email address'
        end
      end

      def edit
        render :layout => false
      end

      def update
        @user.password              = params[:password]
        @user.password_confirmation = params[:password]
        if @user.save
          flash[:success] = "Your password was successfully updated"
          redirect_to root_url
        else
          render :action => :edit
        end
      end

      private
      def load_user_using_perishable_token
        @user = User.find_using_perishable_token(params[:id])
        unless @user
          flash[:error] = "We're sorry, but we could not locate your account"
          redirect_to root_url
        end
      end
    end
  end
end