Contents

class PasswordResetsController < ApplicationController

  skip_before_filter :require_login

  def create
    @user = User.find_by_email(params[:email])
    
    # Send an email to the user with instructions on how to reset their password.
    @user.deliver_reset_password_instructions! if @user
    
    # Tell the user instructions have been sent whether or not email was found.
    # This is to not leak information to attackers about which emails exist in the system.
    redirect_to sign_in_path, notice: "Password reset instructions have been sent to your email."
  end

  def edit
    @user = User.load_from_reset_password_token(params[:id])
    @token = params[:id]
    not_authenticated if !@user
  end
  
  def update
    @token = params[:token] # needed to render the form again in case of error
    @user = User.load_from_reset_password_token(@token)
    not_authenticated if !@user

    # Makes the password confirmation validation work.
    @user.password_confirmation = params[:user][:password_confirmation]

    # Clear the temporary token and update the password.
    if @user.change_password!(params[:user][:password])
      redirect_to sign_in_path, notice: "Password was successfully updated."
    else
      render action: 'edit'
    end
  end

end

Version data entries

9 entries across 9 versions & 1 rubygems

Version	Path
raygun-0.0.13	app_prototype/app/controllers/password_resets_controller.rb
raygun-0.0.11	templates/_app/controllers/password_resets_controller.rb
raygun-0.0.10	templates/_app/controllers/password_resets_controller.rb
raygun-0.0.7	templates/_app/controllers/password_resets_controller.rb
raygun-0.0.6	templates/_app/controllers/password_resets_controller.rb
raygun-0.0.5	templates/_app/controllers/password_resets_controller.rb
raygun-0.0.4	templates/_app/controllers/password_resets_controller.rb
raygun-0.0.3	templates/_app/controllers/password_resets_controller.rb
raygun-0.0.2	templates/_app/controllers/password_resets_controller.rb