mirror of
https://github.com/ryankazokas/turbovault-app.git
synced 2026-04-16 21:02:52 +00:00
47 lines
1.3 KiB
Ruby
47 lines
1.3 KiB
Ruby
class PasswordResetsController < ApplicationController
|
|
before_action :require_no_authentication, only: [ :new, :create, :edit, :update ]
|
|
before_action :set_user_by_token, only: [ :edit, :update ]
|
|
|
|
def new
|
|
end
|
|
|
|
def create
|
|
user = User.find_by(email: params[:email].downcase)
|
|
|
|
if user
|
|
user.generate_password_reset_token
|
|
PasswordResetMailer.reset_password(user).deliver_later
|
|
end
|
|
|
|
# Always show success message to prevent email enumeration
|
|
redirect_to login_path, notice: "If an account exists with that email, you will receive password reset instructions."
|
|
end
|
|
|
|
def edit
|
|
end
|
|
|
|
def update
|
|
if @user.update(password_params)
|
|
@user.update_columns(password_reset_token: nil, password_reset_sent_at: nil)
|
|
sign_in(@user)
|
|
redirect_to dashboard_path, notice: "Your password has been reset successfully."
|
|
else
|
|
render :edit, status: :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def set_user_by_token
|
|
@user = User.find_by(password_reset_token: params[:id])
|
|
|
|
unless @user && !@user.password_reset_expired?
|
|
redirect_to new_password_reset_path, alert: "Password reset link is invalid or has expired."
|
|
end
|
|
end
|
|
|
|
def password_params
|
|
params.require(:user).permit(:password, :password_confirmation)
|
|
end
|
|
end
|