Sha256: cec5d37c3c1e4fd11cce113a1e50745093cb9574bb737b9f6a4c10d8e1d540aa
Contents?: true
Size: 1.43 KB
Versions: 2
Compression:
Stored size: 1.43 KB
Contents
class Identity::PasswordResetsController < ApplicationController
skip_before_action :authenticate
<%- if options.lockable? -%>
before_action :require_locking, only: :create
<%- end -%>
before_action :set_user, only: %i[ edit update ]
def new
end
def edit
end
def create
if @user = User.find_by(email: params[:email], verified: true)
UserMailer.with(user: @user).password_reset.deliver_later
redirect_to sign_in_path, notice: "Check your email for reset instructions"
else
redirect_to new_identity_password_reset_path, alert: "You can't reset your password until you verify your email"
end
end
def update
if @user.update(user_params)
redirect_to sign_in_path, notice: "Your password was reset successfully. Please sign in"
else
render :edit, status: :unprocessable_entity
end
end
private
def set_user
@user = User.find_signed!(params[:token], purpose: :password_reset)
rescue
redirect_to new_identity_password_reset_path, alert: "That password reset link is invalid"
end
def user_params
params.permit(:password, :password_confirmation)
end
<%- if options.lockable? %>
def require_locking
Locking.lock_on("password_reset_lock:#{request.remote_ip}", wait: 1.hour, attempts: 10) do
redirect_to new_identity_password_reset_path, alert: "You've exceeded the maximum number of attempts"
end
end
<%- end -%>
end
Version data entries
2 entries across 2 versions & 1 rubygems