# This controller is responsible for resetting a lost password. It sends an # email with an unique token, on demand by the user. Then allows the user to # change its password (as long as the token is valid). class Janus::PasswordsController < ApplicationController include Janus::InternalHelpers helper JanusHelper def new self.resource = resource_class.new end def create self.resource = resource_class.find_for_database_authentication(resource_authentication_params) if resource resource.generate_reset_password_token! deliver_reset_password_instructions(resource) respond_to do |format| format.html do redirect_to after_sending_reset_password_instructions_url(resource), :notice => t('flash.janus.passwords.create.email_sent') end format.any { head :ok } end else respond_to do |format| format.html do self.resource = resource_class.new resource.errors.add(:base, :not_found) render "new" end format.any { head :precondition_failed } end end end def edit self.resource = resource_class.find_for_password_reset(params[:token]) redirect_to root_url, :alert => t('flash.janus.passwords.edit.alert') unless resource end def update self.resource = resource_class.find_for_password_reset(params[resource_name][:reset_password_token]) if resource if resource.reset_password!(params[resource_name]) respond_to do |format| format.html { redirect_after_password_change(self.resource, :notice => t('flash.janus.passwords.update.password_updated')) } format.any { head :ok } end else respond_to do |format| format.html { render 'edit' } format.any { head :precondition_failed } end end else respond_to do |format| format.html { redirect_to root_url, :alert => t('flash.janus.passwords.update.invalid_token') } format.any { head :precondition_failed } end end end # Simple wrapper for Mailer#reset_password_instructions.deliver to # allow customization of the email (eg: to pass additional data). def deliver_reset_password_instructions(resource) mail = mailer_class.reset_password_instructions(resource) mail.respond_to?(:deliver_later) ? mail.deliver_later : mail.deliver end # Either redirects the user to after_password_change_url or to # params[:return_to] if present. def redirect_after_password_change(resource, options = {}) if params[:return_to].present? redirect_to params[:return_to], options else redirect_to after_password_change_url(resource), options end end # Where to redirect when the password has been changed. def after_password_change_url(resource) root_url end # Where to redirect when the instructions have been sent. def after_sending_reset_password_instructions_url(resource) root_url end end