Skip to content
This repository
Fetching contributors…

Cannot retrieve contributors at this time

file 91 lines (76 sloc) 2.554 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
class Clearance::PasswordsController < ApplicationController
  unloadable

  skip_before_filter :authenticate, :only => [:new, :create, :edit, :update]
  before_filter :forbid_missing_token, :only => [:edit, :update]
  before_filter :forbid_non_existent_user, :only => [:edit, :update]

  def new
    render :template => 'passwords/new'
  end

  def create
    if user = ::User.find_by_email(params[:password][:email])
      user.forgot_password!
      ::ClearanceMailer.change_password(user).deliver
      flash_notice_after_create
      redirect_to(url_after_create)
    else
      flash_failure_after_create
      render :template => 'passwords/new'
    end
  end

  def edit
    @user = ::User.find_by_id_and_confirmation_token(
                   params[:user_id], params[:token])
    render :template => 'passwords/edit'
  end

  def update
    @user = ::User.find_by_id_and_confirmation_token(
                   params[:user_id], params[:token])

    if @user.update_password(params[:user][:password],
                             params[:user][:password_confirmation])
      sign_in(@user)
      flash_success_after_update
      redirect_to(url_after_update)
    else
      render :template => 'passwords/edit'
    end
  end

  private

  def forbid_missing_token
    if params[:token].blank?
      flash_failure_when_forbidden
      render :template => 'passwords/new'
    end
  end

  def forbid_non_existent_user
    unless ::User.find_by_id_and_confirmation_token(
                  params[:user_id], params[:token])
      flash_failure_when_forbidden
      render :template => 'passwords/new'
    end
  end

  def flash_failure_when_forbidden
    flash.now[:failure] = translate(:forbidden,
      :scope => [:clearance, :controllers, :passwords],
      :default => "Please double check the URL or try submitting the form again.")
  end

  def flash_notice_after_create
    flash[:notice] = translate(:deliver_change_password,
      :scope => [:clearance, :controllers, :passwords],
      :default => "You will receive an email within the next few minutes. " <<
                  "It contains instructions for changing your password.")
  end

  def flash_failure_after_create
    flash.now[:failure] = translate(:unknown_email,
      :scope => [:clearance, :controllers, :passwords],
      :default => "Unknown email.")
  end

  def flash_success_after_update
    flash[:success] = translate(:signed_in, :default => "Signed in.")
  end

  def url_after_create
    sign_in_url
  end

  def url_after_update
    '/'
  end
end
Something went wrong with that request. Please try again.