Sha256: 6a938201785b27890ac89974ca440603842846df705a4bb1fc50ca082b789bc1
Contents?: true
Size: 1.99 KB
Versions: 6
Compression:
Stored size: 1.99 KB
Contents
class Clearance::PasswordsController < ApplicationController
unloadable
before_filter :forbid_missing_token, :only => [:edit, :update]
before_filter :forbid_non_existent_user, :only => [:edit, :update]
filter_parameter_logging :password, :password_confirmation
def new
render :template => 'passwords/new'
end
def create
if user = ::User.find_by_email(params[:password][:email])
user.forgot_password!
::ClearanceMailer.deliver_change_password user
flash[:notice] = translate(:deliver_change_password,
:scope => [:clearance, :controllers, :passwords],
:default => "You will receive an email within the next few minutes. " <<
"It contains instructions for changing your password.")
redirect_to url_after_create
else
flash.now[:failure] = translate(:unknown_email,
:scope => [:clearance, :controllers, :passwords],
:default => "Unknown email.")
render :template => 'passwords/new'
end
end
def edit
@user = ::User.find_by_id_and_token(params[:user_id], params[:token])
render :template => 'passwords/edit'
end
def update
@user = ::User.find_by_id_and_token(params[:user_id], params[:token])
if @user.update_password(params[:user][:password],
params[:user][:password_confirmation])
@user.confirm_email! unless @user.email_confirmed?
sign_user_in(@user)
flash[:success] = translate(:signed_in, :default => "Signed in.")
redirect_to url_after_update
else
render :template => 'passwords/edit'
end
end
private
def forbid_missing_token
if params[:token].blank?
raise ActionController::Forbidden, "missing token"
end
end
def forbid_non_existent_user
unless ::User.find_by_id_and_token(params[:user_id], params[:token])
raise ActionController::Forbidden, "non-existent user"
end
end
def url_after_create
new_session_url
end
def url_after_update
root_url
end
end
Version data entries
6 entries across 6 versions & 3 rubygems