/
passwords_controller.rb
54 lines (48 loc) · 1.74 KB
/
passwords_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
class PasswordsController < ApplicationController
before_action :redirect_if_authenticated
def create
@user = User.find_by(email: params[:user][:email].downcase)
if @user.present?
if @user.confirmed?
@user.send_password_reset_email!
redirect_to root_path, notice: "If that user exists we've sent instructions to their email."
else
redirect_to new_confirmation_path, alert: "Please confirm your email first."
end
else
redirect_to root_path, notice: "If that user exists we've sent instructions to their email."
end
end
def edit
@user = User.find_by(password_reset_token: params[:password_reset_token])
if @user.present? && @user.unconfirmed?
redirect_to new_confirmation_path, alert: "You must confirm your email before you can sign in."
elsif @user.nil? || @user.password_reset_token_has_expired?
redirect_to new_password_path, alert: "Invalid or expired token."
end
end
def new
end
def update
@user = User.find_by(password_reset_token: params[:password_reset_token])
if @user
if @user.unconfirmed?
redirect_to new_confirmation_path, alert: "You must confirm your email before you can sign in."
elsif @user.password_reset_token_has_expired?
redirect_to new_password_path, alert: "Incorrect email or password."
elsif @user.update(password_params)
redirect_to login_path, notice: "Password updated."
else
flash.now[:alert] = @user.errors.full_messages.to_sentence
render :edit
end
else
flash.now[:alert] = "Incorrect email or password."
render :new
end
end
private
def password_params
params.require(:user).permit(:password, :password_confirmation)
end
end