Moving to github

app/controllers/password_resets_controller.rb

@@ -0,0 +1,46 @@
+class PasswordResetsController < ApplicationController
+  before_action :require_no_authentication, only: [ :new, :create, :edit, :update ]
+  before_action :set_user_by_token, only: [ :edit, :update ]
+
+  def new
+  end
+
+  def create
+    user = User.find_by(email: params[:email].downcase)
+
+    if user
+      user.generate_password_reset_token
+      PasswordResetMailer.reset_password(user).deliver_later
+    end
+
+    # Always show success message to prevent email enumeration
+    redirect_to login_path, notice: "If an account exists with that email, you will receive password reset instructions."
+  end
+
+  def edit
+  end
+
+  def update
+    if @user.update(password_params)
+      @user.update_columns(password_reset_token: nil, password_reset_sent_at: nil)
+      sign_in(@user)
+      redirect_to dashboard_path, notice: "Your password has been reset successfully."
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def set_user_by_token
+    @user = User.find_by(password_reset_token: params[:id])
+
+    unless @user && !@user.password_reset_expired?
+      redirect_to new_password_reset_path, alert: "Password reset link is invalid or has expired."
+    end
+  end
+
+  def password_params
+    params.require(:user).permit(:password, :password_confirmation)
+  end
+end