80 lines
2.2 KiB
Ruby
80 lines
2.2 KiB
Ruby
require_relative '../../lib/cartodb/stats/authentication'
|
|
|
|
class PasswordChangeController < ApplicationController
|
|
|
|
layout 'frontend'
|
|
|
|
ssl_required :edit, :update
|
|
|
|
PASSWORD_MATCH_MSG = 'Please ensure your passwords match'.freeze
|
|
WRONG_PASSWORD_MSG = 'Please ensure you typed the password correctly'.freeze
|
|
DIFFERENT_PASSWORD_MSG = 'Must be different than current password'.freeze
|
|
FORM_ERROR = 'Could not update the password. Please, try again'.freeze
|
|
|
|
before_filter :set_user
|
|
before_filter :set_errors
|
|
before_filter :check_password_expired
|
|
|
|
def edit; end
|
|
|
|
def update
|
|
opw = params[:old_password]
|
|
pw = params[:password]
|
|
pwc = params[:password_confirmation]
|
|
|
|
if !@user.validate_old_password(opw)
|
|
@old_password_error = WRONG_PASSWORD_MSG
|
|
render :edit
|
|
return
|
|
elsif pw.blank? || pwc.blank? || pw != pwc
|
|
@new_password_error = PASSWORD_MATCH_MSG
|
|
render :edit
|
|
return
|
|
elsif pw == opw
|
|
@new_password_error = DIFFERENT_PASSWORD_MSG
|
|
render :edit
|
|
return
|
|
end
|
|
|
|
@user.change_password(opw, pw, pwc)
|
|
|
|
unless @user.errors.empty?
|
|
@old_password_error = @user.errors[:old_password]
|
|
@new_password_error = @user.errors[:new_password]
|
|
render :edit
|
|
return
|
|
end
|
|
|
|
if @user.update_in_central && @user.save
|
|
warden.set_user(@user, scope: @user.username)
|
|
CartoDB::Stats::Authentication.instance.increment_login_counter(@user.email)
|
|
|
|
redirect_to session.delete('return_to') ||
|
|
(@user.public_url + CartoDB.path(self, 'dashboard', trailing_slash: true))
|
|
else
|
|
@password_error = FORM_ERROR
|
|
render :edit
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def days_since_last_password_change
|
|
(Time.now.to_date - @user.password_date.to_date).to_i
|
|
end
|
|
|
|
def set_user
|
|
username = params[:id].strip.downcase
|
|
@user = User.where("email = ? OR username = ?", username, username).first
|
|
@organization = @user.organization
|
|
end
|
|
|
|
def set_errors
|
|
@password_error = "Out with the old, in with the new! Your password is more than #{days_since_last_password_change} days old; please create a brand new one to log in."
|
|
end
|
|
|
|
def check_password_expired
|
|
render_403 unless @user.password_expired?
|
|
end
|
|
end
|