Files

36 lines
990 B
Ruby

# frozen_string_literal: true
class PasswordsController < ApplicationController
allow_unauthenticated_access
before_action :set_user_by_token, only: %i[edit update]
def new; end
def create
if user = User.find_by(email_address: params[:email_address])
PasswordsMailer.reset(user).deliver_later
end
redirect_to new_session_path, notice: 'Password reset instructions sent (if user with that email address exists).'
end
def edit
end
def update
if @user.update(params.permit(:password, :password_confirmation))
redirect_to new_session_path, notice: 'Password has been reset.'
else
redirect_to edit_password_path(params[:token]), alert: 'Passwords did not match.'
end
end
private
def set_user_by_token
@user = User.find_by_password_reset_token!(params[:token])
rescue ActiveSupport::MessageVerifier::InvalidSignature
redirect_to new_password_path, alert: 'Password reset link is invalid or has expired.'
end
end