Class: Protected::PasswordsController

Inherits:
Devise::PasswordsController
  • Object
show all
Defined in:
app/controllers/protected/passwords_controller.rb

Instance Method Summary collapse

Instance Method Details

#createObject 



27
28
29
30
31
32
33
34
35
36
37
 
# File 'app/controllers/protected/passwords_controller.rb', line 27

def create

  # Refactor Me:
  # This currently redireccts the user to a success message regardless if the email is in the database or not.
  # This is done to prevent others from determining what emails are "good" within the system but may confuse 
  # a user who tries to reset their password but uses an incorrect address. Because they know they have an
  # account and received a success message they will infer the application is broken when no email arrives.
  self.resource = resource_class.reset_password_and_send_password_instructions(params[resource_name])
  flash[:notice] = "Instructions on how to reset your password have been sent to #{resource.email}."
  redirect_to new_user_session_url
end

#editObject 



17
18
19
20
21
22
23
24
25
 
# File 'app/controllers/protected/passwords_controller.rb', line 17

def edit
  unless params[:reset_password_token].present?
    flash[:notice] = "A valid password token was not found"
    redirect_to root_url and return false
  else
    self.resource = resource_class.new
    resource.reset_password_token = params[:reset_password_token]
  end
end

#newObject 



13
14
15
 
# File 'app/controllers/protected/passwords_controller.rb', line 13

def new
  build_resource({})
end

#updateObject 



3
4
5
6
7
8
9
10
11
 
# File 'app/controllers/protected/passwords_controller.rb', line 3

def update
  self.resource = resource_class.reset_password_by_token(params[resource_name])
  if resource.errors.empty?
    flash[:notice] = "Your password has been changed, please log in again."
    sign_out_all_scopes
    redirect_to new_user_session_url and return false
  end
  render :template => 'protected/passwords/edit.html.haml'
end