From 15d04585e66f99eefbbbba2f9818eaf060ea956e Mon Sep 17 00:00:00 2001
From: jomo <github@jomo.tv>
Date: Tue, 17 Jun 2014 23:35:56 +0200
Subject: [PATCH] add password reset

---
 app/controllers/users_controller.rb    | 30 ++++++++++++++++++++++++++
 app/views/sessions/new.html.erb        |  4 ++++
 app/views/users/lost_password.html.erb | 22 +++++++++++++++++++
 config/routes.rb                       |  4 ++++
 4 files changed, 60 insertions(+)
 create mode 100644 app/views/users/lost_password.html.erb
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index f8c8899..1992d56 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -91,6 +91,7 @@ class UsersController < ApplicationController
         @user.ign  = user_profile["name"] # correct case
 
         if validate_token(@user.uuid, @user.email, params[:registration_token])
+          destroy_token(@user.email, params[:registration_token]) # tokens can be used to reset password
           @user.last_ip = request.remote_ip # showing in mail
           if @user.save
             session[:user_id] = @user.id
@@ -265,7 +266,31 @@ class UsersController < ApplicationController
     end
   end
 
+  def lost_password
+    if current_user
+      flash[:notice] = "You're already logged in!"
+      redirect_to current_user
+    end
+  end
 
+  def reset_password
+    user = User.find_by_email(params[:email])
+    if user && validate_token(user.uuid, user.email, params[:secret_token])
+      destroy_token(user.email, params[:secret_token]) # tokens can be used to reset password
+      user.password              = params[:new_password]
+      user.password_confirmation = params[:new_password]
+      if user.save
+        flash[:notice] = "Password reset"
+        redirect_to login_path
+      else
+        flash[:alert] = "Failed to update password"
+        render action: "lost_password"
+      end
+    else
+      flash[:alert] = "Token or Email adress invalid!"
+      render action: "lost_password"
+    end
+  end
 
   private
 
@@ -274,6 +299,11 @@ class UsersController < ApplicationController
     user_token && user_token.token == token
   end
 
+  def destroy_token(email, token)
+    user_token = RegisterToken.where(token: token, email: email).first
+    user_token && user_token.destroy
+  end
+
   def user_params(add = [])
     a = [:ign, :email, :password, :password_confirmation, :mail_own_thread_reply, :mail_other_thread_reply, :mail_own_blogpost_comment, :mail_other_blogpost_comment, :mail_mention] + add
     params.require(:user).permit(a)
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index fe1a2d7..5e4693e 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -10,6 +10,10 @@
       <td><%= label_tag :password %></td>
       <td><%= password_field_tag :password, nil, placeholder: "******" %></td>
     </tr>
+    <tr>
+      <td></td>
+      <td><%= link_to "Lost your password?", lost_password_users_path %></td>
+    </tr>
   </table>
   <p><%= submit_tag "Log in", class: "btn blue" %></p>
 <% end %>
\ No newline at end of file
diff --git a/app/views/users/lost_password.html.erb b/app/views/users/lost_password.html.erb
new file mode 100644
index 0000000..a6ff416
--- /dev/null
+++ b/app/views/users/lost_password.html.erb
@@ -0,0 +1,22 @@
+<% title "Reset password" %>
+
+<h1>Reset password</h1>
+<p>You lost your password? Don't do that!</p>
+<p>Luckily for you, you can reset your password. Please use the command <code>/tokengen &lt;your email adress&gt;</code>, then fill in the form below:</p>
+<%= form_tag reset_password_users_path do |f| %>
+  <table>
+    <tr>
+      <td><%= label_tag :email %></td>
+      <td><%= text_field_tag :email, nil, placeholder: "steve@example.com", required: true, pattern: ".+@.+", title: "enter valid email adress", "x-moz-errormessage" => "enter valid email adress" %></td>
+    </tr>
+    <tr>
+      <td><%= label_tag :secret_token %></td>
+      <td><%= text_field_tag :secret_token, nil, placeholder: "abcdef", required: true, pattern: "[a-z]{6}", title: "6 character token", "x-moz-errormessage" => "6 character token" %></td>
+    </tr>
+    <tr>
+      <td><%= label_tag :new_password %></td>
+      <td><%= password_field_tag :new_password, nil, placeholder: "secret", required: true, pattern: ".{8,}", title: "minimum 8 characters", "x-moz-errormessage" => "minimum 8 characters" %></td>
+    </tr>
+  </table>
+  <p><%= submit_tag "Reset password", class: "btn blue" %></p>
+<% end %>
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 4820151..58e7285 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -20,6 +20,10 @@ Redstoner::Application.routes.draw do
       get 'edit_notifications'
       put 'update_login'
     end
+    collection do
+      get  'lost_password'
+      post 'reset_password'
+    end
   end
 
   resources :forumgroups,  path: '/forums/groups'

<%= label_tag :email %>	<%= text_field_tag :email, nil, placeholder: "steve@example.com", required: true, pattern: ".+@.+", title: "enter valid email adress", "x-moz-errormessage" => "enter valid email adress" %>
<%= label_tag :secret_token %>	<%= text_field_tag :secret_token, nil, placeholder: "abcdef", required: true, pattern: "[a-z]{6}", title: "6 character token", "x-moz-errormessage" => "6 character token" %>
<%= label_tag :new_password %>	<%= password_field_tag :new_password, nil, placeholder: "secret", required: true, pattern: ".{8,}", title: "minimum 8 characters", "x-moz-errormessage" => "minimum 8 characters" %>