lib/rodauth/features/reset_password.rb in rodauth-1.23.0 vs lib/rodauth/features/reset_password.rb in rodauth-2.0.0
- old
+ new
@@ -2,12 +2,10 @@
module Rodauth
Feature.define(:reset_password, :ResetPassword) do
depends :login, :email_base, :login_password_requirements_base
- def_deprecated_alias :no_matching_reset_password_key_error_flash, :no_matching_reset_password_key_message
-
notice_flash "Your password has been reset"
notice_flash "An email has been sent to you with a link to reset the password for your account", 'reset_password_email_sent'
error_flash "There was an error resetting your password"
error_flash "There was an error requesting a password reset", 'reset_password_request'
error_flash "An email has recently been sent to you with a link to reset your password", 'reset_password_email_recently_sent'
@@ -26,24 +24,23 @@
redirect
redirect(:reset_password_email_sent){default_post_email_redirect}
redirect(:reset_password_email_recently_sent){default_post_email_redirect}
auth_value_method :reset_password_deadline_column, :deadline
- auth_value_method :reset_password_deadline_interval, {:days=>1}
- auth_value_method :reset_password_email_subject, 'Reset Password'
+ auth_value_method :reset_password_deadline_interval, {:days=>1}.freeze
+ translatable_method :reset_password_email_subject, 'Reset Password'
auth_value_method :reset_password_key_param, 'key'
auth_value_method :reset_password_autologin?, false
auth_value_method :reset_password_table, :account_password_reset_keys
auth_value_method :reset_password_id_column, :id
auth_value_method :reset_password_key_column, :key
- auth_value_method :reset_password_email_last_sent_column, nil
- auth_value_method :reset_password_explanatory_text, "<p>If you have forgotten your password, you can request a password reset:</p>"
+ auth_value_method :reset_password_email_last_sent_column, :email_last_sent
+ translatable_method :reset_password_explanatory_text, "<p>If you have forgotten your password, you can request a password reset:</p>"
auth_value_method :reset_password_skip_resend_email_within, 300
+ translatable_method :reset_password_request_link_text, "Forgot Password?"
session_key :reset_password_session_key, :reset_password_key
- auth_value_methods :reset_password_request_link
-
auth_methods(
:create_reset_password_key,
:create_reset_password_email,
:get_reset_password_key,
:get_reset_password_email_last_sent,
@@ -67,11 +64,19 @@
r.get do
reset_password_request_view
end
r.post do
- if account_from_login(param(login_param)) && open_account?
+ catch_error do
+ unless account_from_login(param(login_param))
+ throw_error_status(no_matching_login_error_status, login_param, no_matching_login_message)
+ end
+
+ unless open_account?
+ throw_error_status(unopen_account_error_status, login_param, unverified_account_message)
+ end
+
if reset_password_email_recently_sent?
set_redirect_error_flash reset_password_email_recently_sent_error_flash
redirect reset_password_email_recently_sent_redirect
end
@@ -82,34 +87,33 @@
send_reset_password_email
after_reset_password_request
end
set_notice_flash reset_password_email_sent_notice_flash
- else
- set_redirect_error_status(no_matching_login_error_status)
- set_redirect_error_flash reset_password_request_error_flash
+ redirect reset_password_email_sent_redirect
end
- redirect reset_password_email_sent_redirect
+ set_error_flash reset_password_request_error_flash
+ reset_password_request_view
end
end
route do |r|
check_already_logged_in
before_reset_password_route
r.get do
if key = param_or_nil(reset_password_key_param)
- session[reset_password_session_key] = key
+ set_session_value(reset_password_session_key, key)
redirect(r.path)
end
if key = session[reset_password_session_key]
if account_from_reset_password_key(key)
reset_password_view
else
- session[reset_password_session_key] = nil
+ remove_session_value(reset_password_session_key)
set_redirect_error_flash no_matching_reset_password_key_error_flash
redirect require_login_redirect
end
end
end
@@ -142,14 +146,14 @@
remove_reset_password_key
after_reset_password
end
if reset_password_autologin?
- update_session
+ autologin_session('reset_password')
end
- session[reset_password_session_key] = nil
+ remove_session_value(reset_password_session_key)
set_notice_flash reset_password_notice_flash
redirect reset_password_redirect
end
set_error_flash reset_password_error_flash
@@ -190,18 +194,10 @@
ds = password_reset_ds(id)
ds.where(Sequel::CURRENT_TIMESTAMP > reset_password_deadline_column).delete
ds.get(reset_password_key_column)
end
- def login_form_footer
- super + reset_password_request_link
- end
-
- def reset_password_request_link
- "<p><a href=\"#{reset_password_request_path}\">Forgot Password?</a></p>"
- end
-
def set_reset_password_email_last_sent
password_reset_ds.update(reset_password_email_last_sent_column=>Sequel::CURRENT_TIMESTAMP) if reset_password_email_last_sent_column
end
def get_reset_password_email_last_sent
@@ -211,9 +207,13 @@
end
end
end
private
+
+ def _login_form_footer_links
+ super << [20, reset_password_request_path, reset_password_request_link_text]
+ end
def reset_password_email_recently_sent?
(email_last_sent = get_reset_password_email_last_sent) && (Time.now - email_last_sent < reset_password_skip_resend_email_within)
end