Class: Rails::Auth::PasswordResetsController

Inherits:

ApplicationController

• Object
• ApplicationController
• ApplicationController
• Rails::Auth::PasswordResetsController

Defined in:

app/controllers/rails/auth/password_resets_controller.rb

Instance Method Summary

• #create ⇒ Object
• #edit ⇒ Object
• #new ⇒ Object
• #update ⇒ Object

Instance Method Details

#create ⇒ Object

# File 'app/controllers/rails/auth/password_resets_controller.rb', line 10

def create
  @user = Rails::Auth.user_class.find_by(email: params[:email])
  if @user
    @user.generate_password_reset_token!
    UserMailer.password_reset(@user).deliver_now
  end
  redirect_to rails_auth.new_session_path, notice: "If an account with that email exists, you will receive a password reset link shortly."
end

#edit ⇒ Object

# File 'app/controllers/rails/auth/password_resets_controller.rb', line 19

def edit
  unless @user&.password_reset_token_valid?
    redirect_to rails_auth.new_password_reset_path, alert: "Password reset link has expired or is invalid."
  end
end

#new ⇒ Object

# File 'app/controllers/rails/auth/password_resets_controller.rb', line 7

def new
end

#update ⇒ Object

# File 'app/controllers/rails/auth/password_resets_controller.rb', line 25

def update
  if @user.password_reset_token_valid?
    if @user.update(password_params)
      @user.clear_password_reset_token!
      @user.sessions.destroy_all # Security: Sign out of all sessions after password change
      sign_in(@user)
      redirect_to main_app.root_path, notice: "Password has been reset successfully and all other sessions have been signed out."
    else
      render :edit, status: :unprocessable_entity
    end
  else
    redirect_to rails_auth.new_password_reset_path, alert: "Password reset link has expired."
  end
end