Added reset password f functionality

nolith · Nov 16, 2008 · 8bbc485 · 8bbc485
1 parent 64e3ab7
commit 8bbc485
Show file tree

Hide file tree

Showing 11 changed files with 102 additions and 5 deletions.
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -1,6 +1,7 @@
 class UsersController < ApplicationController
-  before_filter :require_no_user, :only => [:new, :create]
+  before_filter :require_no_user, :only => [:new, :create, :forgot_password, :request_password_reset, :edit_password, :update_password]
   before_filter :require_user, :only => [:show, :edit, :update]
+  before_filter :load_user_using_password_reset_token, :only => [:edit_password, :update_password]
 
   def new
     @user = User.new
@@ -33,4 +34,36 @@ def update
       render :action => :edit
     end
   end
+
+  def request_password_reset
+    @user = User.find_by_email(params[:email])
+    if @user
+      @user.deliver_password_reset_instructions!
+      flash[:notice] = "Instructions to reset your password have been emailed to you. Please check your email."
+      redirect_to default_url
+    else
+      flash[:notice] = "No user was found with that email address"
+      render :action => :forgot_password
+    end
+  end
+
+  def update_password
+    @user.password = params[:user][:password]
+    @user.confirm_password = params[:user][:confirm_password]
+    if @user.save
+      flash[:notice] = "Password successfully updated"
+      redirect_to account_url
+    else
+      render :action => :edit_password
+    end
+  end
+
+  private
+    def load_user_using_password_reset_token
+      @user = User.find_using_password_reset_token(params[:password_reset_token])
+      unless @user
+        flash[:notice] = "We're sorry, but we could not locate your account. If you are having issues try copying and pasting the URL from your email into your browser or restarting the reset password process."
+        redirect_to default_url
+      end
+    end
 end
diff --git a/app/models/notifier.rb b/app/models/notifier.rb
@@ -0,0 +1,11 @@
+class Notifier < ActionMailer::Base
+  default_url_options[:host] = "authlogic_example.binarylogic.com"
+
+  def password_reset_instructions(user)
+    subject       "Password Reset Instructions"
+    from          "Binary Logic Notifier <noreply@binarylogic.com>"
+    recipients    user.email
+    sent_on       Time.now
+    body          :edit_password_url => edit_password_account_url(:password_reset_token => user.password_reset_token)
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -1,3 +1,11 @@
 class User < ActiveRecord::Base
   acts_as_authentic
+
+  validates_presence_of :email
+  validates_uniqueness_of :email
+
+  def deliver_password_reset_instructions!
+    reset_password_reset_token!
+    Notifier.deliver_password_reset_instructions(self)
+  end
 end
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
@@ -10,7 +10,7 @@
 </head>
 <body>
 
-<span style="float: right;"><%= link_to "Source code", "http://github.com/binarylogic/authlogic_example" %> | <%= link_to "Tutorial", "http://www.binarylogic.com/2008/11/3/tutorial-authlogic-basic-setup" %> | <%= link_to "Authlogic Repo", "http://github.com/binarylogic/authlogic" %> | <%= link_to "Authlogic Doc", "http://authlogic.rubyforge.org/" %></span>
+<span style="float: right;"><%= link_to "Source code", "http://github.com/binarylogic/authlogic_example" %> | <%= link_to "Setup tutorial", "http://www.binarylogic.com/2008/11/3/tutorial-authlogic-basic-setup" %> | <%= link_to "Password reset tutorial", "http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic" %> | <%= link_to "Authlogic Repo", "http://github.com/binarylogic/authlogic" %> | <%= link_to "Authlogic Doc", "http://authlogic.rubyforge.org/" %></span>
 <h1>Authlogic Example App</h1>
 <%= pluralize User.logged_in.count, "user" %> currently logged in<br /> <!-- This based on last_request_at, if they were active < 10 minutes they are logged in -->
 <br />
@@ -19,7 +19,8 @@
 
 <% if !current_user %>
   <%= link_to "Register", new_account_path %> |
-  <%= link_to "Log In", new_user_session_path %>
+  <%= link_to "Log In", new_user_session_path %> |
+  <%= link_to "Forgot password", forgot_password_account_path %>
 <% else %>
   <%= link_to "My Account", account_path %> |
   <%= link_to "Logout", user_session_path, :method => :delete, :confirm => "Are you sure you want to logout?" %>

diff --git a/app/views/notifier/password_reset_instructions.erb b/app/views/notifier/password_reset_instructions.erb
@@ -0,0 +1,5 @@
+A request to reset your password has been made. If you did not make this request, simply ignore this email. If you did make this request just click the link below:
+
+<%= @edit_password_url %>
+
+If the above URL does not work try copying and pasting it into your browser. If you continue to have problem please feel free to contact us.
diff --git a/app/views/users/_form.erb b/app/views/users/_form.erb
@@ -6,4 +6,7 @@
 <br />
 <%= form.label :confirm_password%><br />
 <%= form.password_field :confirm_password %><br />
+<br />
+<%= form.label :email %><br />
+<%= form.text_field :email %><br />
 <br />
diff --git a/app/views/users/edit_password.html.erb b/app/views/users/edit_password.html.erb
@@ -0,0 +1,12 @@
+<h1>Change My Password</h1>
+
+<% form_for @user, :url => update_password_account_path(:password_reset_token => params[:password_reset_token]) do |f| %>
+  <%= f.error_messages %>
+  <%= f.label :password %><br />
+  <%= f.password_field :password %><br />
+  <br />
+  <%= f.label :confirm_password %><br />
+  <%= f.password_field :confirm_password %><br />
+  <br />
+  <%= f.submit "Update my password and log me in" %>
+<% end %>
diff --git a/app/views/users/forgot_password.html.erb b/app/views/users/forgot_password.html.erb
@@ -0,0 +1,11 @@
+<h1>Forgot Password</h1>
+
+Fill out the form below and instructions to reset your password will be emailed to you:<br />
+<br />
+
+<% form_tag request_password_reset_account_path do %>
+  <label>Email:</label><br />
+  <%= text_field_tag "email" %><br />
+  <br />
+  <%= submit_tag "Reset my password" %>
+<% end %>
diff --git a/config/routes.rb b/config/routes.rb
@@ -1,5 +1,5 @@
 ActionController::Routing::Routes.draw do |map|
-  map.resource :account, :controller => "users"
+  map.resource :account, :controller => "users", :collection => {:forgot_password => :get, :request_password_reset => :post, :edit_password => :get, :update_password => :put}
   map.resources :users
   map.resource :user_session
   map.default "/", :controller => "user_sessions", :action => "new"

diff --git a/db/migrate/20081103171327_create_users.rb b/db/migrate/20081103171327_create_users.rb
@@ -16,7 +16,6 @@ def self.up
 
     add_index :users, :login
     add_index :users, :remember_token
-    add_index :users, :single_access_token
     add_index :users, :last_request_at
   end
 

diff --git a/db/migrate/20081116172851_add_users_password_reset_fields.rb b/db/migrate/20081116172851_add_users_password_reset_fields.rb
@@ -0,0 +1,14 @@
+class AddUsersPasswordResetFields < ActiveRecord::Migration
+  def self.up
+    add_column :users, :password_reset_token, :string, :default => "", :null => false
+    add_column :users, :email, :string, :default => "", :null => false
+
+    add_index :users, :password_reset_token
+    add_index :users, :email
+  end
+
+  def self.down
+    remove_column :users, :password_reset_token
+    remove_column :users, :email
+  end
+end