Class: QuoVadis::PasswordResetsController

Inherits:

ApplicationController

• Object
• ApplicationController
• QuoVadis::PasswordResetsController

Defined in:

app/controllers/quo_vadis/password_resets_controller.rb

Instance Method Summary

• #create ⇒ Object
• #edit ⇒ Object

  emailed password-reset link points here.

• #index ⇒ Object

  holding page for after the create action.

• #new ⇒ Object
• #update ⇒ Object

  really reset the password.

Instance Method Details

#create ⇒ Object

# File 'app/controllers/quo_vadis/password_resets_controller.rb', line 15

def create
  account = QuoVadis.find_account_by_identifier_in_params params

  if account
    token = QuoVadis::PasswordResetToken.generate account
    QuoVadis.deliver :reset_password, {email: account.model.email, url: quo_vadis.password_reset_url(token)}
  end

  redirect_to password_resets_path, notice: QuoVadis.translate('flash.password_reset.create')
end

#edit ⇒ Object

emailed password-reset link points here

# File 'app/controllers/quo_vadis/password_resets_controller.rb', line 28

def edit
  account = PasswordResetToken.find_account params[:token]

  unless account  # expired or password already changed
    redirect_to new_password_reset_path, alert: QuoVadis.translate('flash.password_reset.unknown') and return
  end

  # Ensure the flash notice set in the create action does not appear when the user clicks the
  # link in the email they were sent.
  flash.delete :notice

  @password = QuoVadis::Password.new
end

#index ⇒ Object

holding page for after the create action

# File 'app/controllers/quo_vadis/password_resets_controller.rb', line 7

def index
end

#new ⇒ Object

# File 'app/controllers/quo_vadis/password_resets_controller.rb', line 11

def new
end

#update ⇒ Object

really reset the password

# File 'app/controllers/quo_vadis/password_resets_controller.rb', line 44

def update
  account = PasswordResetToken.find_account params[:token]

  unless account  # expired or password already changed
    redirect_to new_password_reset_path, alert: QuoVadis.translate('flash.password_reset.unknown') and return
  end

  @password = account.password
  if @password.reset params[:password][:password], params[:password][:password_confirmation]
    # Logout account's sessions because password has changed.
    # Note model is not logged in here.
    @password.account.sessions.destroy_all

    qv.log @password.account, Log::PASSWORD_RESET
    QuoVadis.notify :password_reset_notification, email: @password.account.model.email

    login @password.account.model, true
    redirect_to qv.path_after_authentication, notice: QuoVadis.translate('flash.password_reset.reset')
  else
    render :edit, status: :unprocessable_entity
  end
end