diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index f8c8899..1992d56 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -91,6 +91,7 @@ class UsersController < ApplicationController
@user.ign = user_profile["name"] # correct case
if validate_token(@user.uuid, @user.email, params[:registration_token])
+ destroy_token(@user.email, params[:registration_token]) # tokens can be used to reset password
@user.last_ip = request.remote_ip # showing in mail
if @user.save
session[:user_id] = @user.id
@@ -265,7 +266,31 @@ class UsersController < ApplicationController
end
end
+ def lost_password
+ if current_user
+ flash[:notice] = "You're already logged in!"
+ redirect_to current_user
+ end
+ end
+ def reset_password
+ user = User.find_by_email(params[:email])
+ if user && validate_token(user.uuid, user.email, params[:secret_token])
+ destroy_token(user.email, params[:secret_token]) # tokens can be used to reset password
+ user.password = params[:new_password]
+ user.password_confirmation = params[:new_password]
+ if user.save
+ flash[:notice] = "Password reset"
+ redirect_to login_path
+ else
+ flash[:alert] = "Failed to update password"
+ render action: "lost_password"
+ end
+ else
+ flash[:alert] = "Token or Email adress invalid!"
+ render action: "lost_password"
+ end
+ end
private
@@ -274,6 +299,11 @@ class UsersController < ApplicationController
user_token && user_token.token == token
end
+ def destroy_token(email, token)
+ user_token = RegisterToken.where(token: token, email: email).first
+ user_token && user_token.destroy
+ end
+
def user_params(add = [])
a = [:ign, :email, :password, :password_confirmation, :mail_own_thread_reply, :mail_other_thread_reply, :mail_own_blogpost_comment, :mail_other_blogpost_comment, :mail_mention] + add
params.require(:user).permit(a)
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index fe1a2d7..5e4693e 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -10,6 +10,10 @@
| <%= label_tag :password %> |
<%= password_field_tag :password, nil, placeholder: "******" %> |
+
+ |
+ <%= link_to "Lost your password?", lost_password_users_path %> |
+
<%= submit_tag "Log in", class: "btn blue" %>
<% end %>
\ No newline at end of file
diff --git a/app/views/users/lost_password.html.erb b/app/views/users/lost_password.html.erb
new file mode 100644
index 0000000..a6ff416
--- /dev/null
+++ b/app/views/users/lost_password.html.erb
@@ -0,0 +1,22 @@
+<% title "Reset password" %>
+
+Reset password
+You lost your password? Don't do that!
+Luckily for you, you can reset your password. Please use the command /tokengen <your email adress>, then fill in the form below:
+<%= form_tag reset_password_users_path do |f| %>
+
+
+ | <%= label_tag :email %> |
+ <%= text_field_tag :email, nil, placeholder: "steve@example.com", required: true, pattern: ".+@.+", title: "enter valid email adress", "x-moz-errormessage" => "enter valid email adress" %> |
+
+
+ | <%= label_tag :secret_token %> |
+ <%= text_field_tag :secret_token, nil, placeholder: "abcdef", required: true, pattern: "[a-z]{6}", title: "6 character token", "x-moz-errormessage" => "6 character token" %> |
+
+
+ | <%= label_tag :new_password %> |
+ <%= password_field_tag :new_password, nil, placeholder: "secret", required: true, pattern: ".{8,}", title: "minimum 8 characters", "x-moz-errormessage" => "minimum 8 characters" %> |
+
+
+ <%= submit_tag "Reset password", class: "btn blue" %>
+<% end %>
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 4820151..58e7285 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -20,6 +20,10 @@ Redstoner::Application.routes.draw do
get 'edit_notifications'
put 'update_login'
end
+ collection do
+ get 'lost_password'
+ post 'reset_password'
+ end
end
resources :forumgroups, path: '/forums/groups'