Sha256: 6a938201785b27890ac89974ca440603842846df705a4bb1fc50ca082b789bc1

Contents?: true

Size: 1.99 KB

Versions: 6

Compression:

Stored size: 1.99 KB

Contents

class Clearance::PasswordsController < ApplicationController
  unloadable

  before_filter :forbid_missing_token,     :only => [:edit, :update]
  before_filter :forbid_non_existent_user, :only => [:edit, :update]
  filter_parameter_logging :password, :password_confirmation

  def new
    render :template => 'passwords/new'
  end

  def create
    if user = ::User.find_by_email(params[:password][:email])
      user.forgot_password!
      ::ClearanceMailer.deliver_change_password user
      flash[:notice] = translate(:deliver_change_password,
        :scope   => [:clearance, :controllers, :passwords],
        :default => "You will receive an email within the next few minutes. " <<
                    "It contains instructions for changing your password.")
      redirect_to url_after_create
    else
      flash.now[:failure] = translate(:unknown_email,
        :scope   => [:clearance, :controllers, :passwords],
        :default => "Unknown email.")
      render :template => 'passwords/new'
    end
  end

  def edit
    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
    render :template => 'passwords/edit'
  end

  def update
    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])

    if @user.update_password(params[:user][:password],
                             params[:user][:password_confirmation])
      @user.confirm_email! unless @user.email_confirmed?
      sign_user_in(@user)
      flash[:success] = translate(:signed_in, :default => "Signed in.")
      redirect_to url_after_update
    else
      render :template => 'passwords/edit'
    end
  end

  private

  def forbid_missing_token
    if params[:token].blank?
      raise ActionController::Forbidden, "missing token"
    end
  end

  def forbid_non_existent_user
    unless ::User.find_by_id_and_token(params[:user_id], params[:token])
      raise ActionController::Forbidden, "non-existent user"
    end
  end

  def url_after_create
    new_session_url
  end

  def url_after_update
    root_url
  end
end

Version data entries

6 entries across 6 versions & 3 rubygems

Version Path
activerain-clearance-0.6.6 app/controllers/clearance/passwords_controller.rb
activerain-clearance-0.6.6001 app/controllers/clearance/passwords_controller.rb
activerain-clearance-0.6.6002 app/controllers/clearance/passwords_controller.rb
hui-clearance-0.6.6 app/controllers/clearance/passwords_controller.rb
thoughtbot-clearance-0.6.5 app/controllers/clearance/passwords_controller.rb
thoughtbot-clearance-0.6.6 app/controllers/clearance/passwords_controller.rb