cartodb/app/controllers/password_resets_controller.rb

class PasswordResetsController < ApplicationController

  layout "frontend"

  before_action :load_organization_from_request, only: [:new, :create, :sent, :changed]
  before_action :load_user_and_organization, only: [:edit, :update]

  def new; end

  def create
    email = params[:email]

    if email.blank?
      @error = "Email cannot be blank"
      render :new
      return
    end

    @user = Carto::User.find_by_email(email)
    @user.try(:send_password_reset!)

    respond_to do |format|
      format.html { redirect_to CartoDB.path(self, "sent_password_reset") }
      format.js   { head :ok }
    end
  end

  def edit; end

  def update
    # check if it's valid token
    if @user.password_reset_sent_at < 48.hours.ago
      redirect_to(new_password_reset_path, alert: "Password reset has expired")
      return
    end

    # form validation. Has to be done this way as it's non-standard
    pw  = params[:carto_user][:password]
    pwc = params[:carto_user][:password_confirmation]

    if (pw.blank? || pwc.blank?) || (pw != pwc)
      @user.errors.add(:password, "Please ensure your passwords match")
      @user.errors.add(:password_confirmation, "Please ensure your passwords match")
      render :edit
      return
    end

    @user.valid_password?(:password, pw, pwc)
    return render :edit unless @user.errors.empty?

    @user.password = pw
    @user.password_confirmation = pwc
    if @user.save
      @user.update_attribute(:password_reset_token, nil)
      redirect_to build_url('changed')
    else
      render :edit
    end
  end

  def sent; end

  def changed; end

  private

  def load_organization_from_request
    @organization = Carto::Organization.where(name: CartoDB.extract_subdomain(request)).first
  end

  def load_user_and_organization
    @user = Carto::User.find_by_password_reset_token!(params[:id])
    @organization = @user.organization
  end

  def build_url(view_name)
    organization_name = @user.organization.try(:name)
    base_url = CartoDB.base_url(organization_name)
    path = CartoDB.path(self, "#{view_name}_password_reset")
    "#{base_url}#{path}"
  end

end
Initial commit 2020-06-15 10:58:47 +08:00			`class PasswordResetsController < ApplicationController`

			`layout "frontend"`

			`before_action :load_organization_from_request, only: [:new, :create, :sent, :changed]`
			`before_action :load_user_and_organization, only: [:edit, :update]`

			`def new; end`

			`def create`
			`email = params[:email]`

			`if email.blank?`
			`@error = "Email cannot be blank"`
			`render :new`
			`return`
			`end`

			`@user = Carto::User.find_by_email(email)`
			`@user.try(:send_password_reset!)`

			`respond_to do \|format\|`
			`format.html { redirect_to CartoDB.path(self, "sent_password_reset") }`
			`format.js { head :ok }`
			`end`
			`end`

			`def edit; end`

			`def update`
			`# check if it's valid token`
			`if @user.password_reset_sent_at < 48.hours.ago`
			`redirect_to(new_password_reset_path, alert: "Password reset has expired")`
			`return`
			`end`

			`# form validation. Has to be done this way as it's non-standard`
			`pw = params[:carto_user][:password]`
			`pwc = params[:carto_user][:password_confirmation]`

			`if (pw.blank? \|\| pwc.blank?) \|\| (pw != pwc)`
			`@user.errors.add(:password, "Please ensure your passwords match")`
			`@user.errors.add(:password_confirmation, "Please ensure your passwords match")`
			`render :edit`
			`return`
			`end`

			`@user.valid_password?(:password, pw, pwc)`
			`return render :edit unless @user.errors.empty?`

			`@user.password = pw`
			`@user.password_confirmation = pwc`
			`if @user.save`
			`@user.update_attribute(:password_reset_token, nil)`
			`redirect_to build_url('changed')`
			`else`
			`render :edit`
			`end`
			`end`

			`def sent; end`

			`def changed; end`

			`private`

			`def load_organization_from_request`
			`@organization = Carto::Organization.where(name: CartoDB.extract_subdomain(request)).first`
			`end`

			`def load_user_and_organization`
			`@user = Carto::User.find_by_password_reset_token!(params[:id])`
			`@organization = @user.organization`
			`end`

			`def build_url(view_name)`
			`organization_name = @user.organization.try(:name)`
			`base_url = CartoDB.base_url(organization_name)`
			`path = CartoDB.path(self, "#{view_name}_password_reset")`
			`"#{base_url}#{path}"`
			`end`

			`end`