cartodb/app/controllers/password_change_controller.rb

80 lines
2.2 KiB
Ruby
Raw Normal View History

2020-06-15 10:58:47 +08:00
require_relative '../../lib/cartodb/stats/authentication'
class PasswordChangeController < ApplicationController
layout 'frontend'
ssl_required :edit, :update
PASSWORD_MATCH_MSG = 'Please ensure your passwords match'.freeze
WRONG_PASSWORD_MSG = 'Please ensure you typed the password correctly'.freeze
DIFFERENT_PASSWORD_MSG = 'Must be different than current password'.freeze
FORM_ERROR = 'Could not update the password. Please, try again'.freeze
before_filter :set_user
before_filter :set_errors
before_filter :check_password_expired
def edit; end
def update
opw = params[:old_password]
pw = params[:password]
pwc = params[:password_confirmation]
if !@user.validate_old_password(opw)
@old_password_error = WRONG_PASSWORD_MSG
render :edit
return
elsif pw.blank? || pwc.blank? || pw != pwc
@new_password_error = PASSWORD_MATCH_MSG
render :edit
return
elsif pw == opw
@new_password_error = DIFFERENT_PASSWORD_MSG
render :edit
return
end
@user.change_password(opw, pw, pwc)
unless @user.errors.empty?
@old_password_error = @user.errors[:old_password]
@new_password_error = @user.errors[:new_password]
render :edit
return
end
if @user.update_in_central && @user.save
warden.set_user(@user, scope: @user.username)
CartoDB::Stats::Authentication.instance.increment_login_counter(@user.email)
redirect_to session.delete('return_to') ||
(@user.public_url + CartoDB.path(self, 'dashboard', trailing_slash: true))
else
@password_error = FORM_ERROR
render :edit
end
end
private
def days_since_last_password_change
(Time.now.to_date - @user.password_date.to_date).to_i
end
def set_user
username = params[:id].strip.downcase
@user = User.where("email = ? OR username = ?", username, username).first
@organization = @user.organization
end
def set_errors
@password_error = "Out with the old, in with the new! Your password is more than #{days_since_last_password_change} days old; please create a brand new one to log in."
end
def check_password_expired
render_403 unless @user.password_expired?
end
end