foodsoft/app/controllers/login_controller.rb

78 lines
2.7 KiB
Ruby
Raw Normal View History

2012-08-06 12:00:40 +02:00
# encoding: utf-8
2009-01-06 11:49:19 +01:00
class LoginController < ApplicationController
skip_before_filter :authenticate # no authentication since this is the login page
before_filter :validate_token, :only => [:new_password, :update_password]
2009-01-06 11:49:19 +01:00
# Display the form to enter an email address requesting a token to set a new password.
def forgot_password
@user = User.new
2009-01-06 11:49:19 +01:00
end
# Sends an email to a user with the token that allows setting a new password through action "password".
def reset_password
if request.get? || params[:user].nil? # Catch for get request and give better error message.
redirect_to forgot_password_url, alert: 'Ein Problem ist aufgetreten. Bitte erneut versuchen' and return
end
if (user = User.find_by_email(params[:user][:email]))
2009-01-06 11:49:19 +01:00
user.reset_password_token = user.new_random_password(16)
user.reset_password_expires = Time.now.advance(:days => 2)
if user.save
Mailer.reset_password(user).deliver
2009-01-06 11:49:19 +01:00
logger.debug("Sent password reset email to #{user.email}.")
end
end
2013-02-05 12:54:55 +01:00
redirect_to login_url, :notice => I18n.t('login.reset_password.notice')
2009-01-06 11:49:19 +01:00
end
# Set a new password with a token from the password reminder email.
# Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
def new_password
2009-01-06 11:49:19 +01:00
end
# Sets a new password.
# Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
def update_password
@user.attributes = params[:user]
if @user.valid?
@user.reset_password_token = nil
@user.reset_password_expires = nil
@user.save
2013-02-05 12:54:55 +01:00
redirect_to login_url, :notice => I18n.t('login.update_password.notice')
else
render :new_password
end
2009-01-06 11:49:19 +01:00
end
# For invited users.
def accept_invitation
@invite = Invite.find_by_token(params[:token])
if @invite.nil? || @invite.expires_at < Time.now
redirect_to login_url, alert: I18n.t('login.errors.invite_invalid')
2009-01-06 11:49:19 +01:00
elsif @invite.group.nil?
redirect_to login_url, alert: I18n.t('login.errors.group_invalid')
elsif request.post?
2009-01-06 11:49:19 +01:00
User.transaction do
@user = User.new(params[:user])
@user.email = @invite.email
2009-02-02 00:09:50 +01:00
if @user.save
2009-01-06 11:49:19 +01:00
Membership.new(:user => @user, :group => @invite.group).save!
@invite.destroy
2013-02-05 12:54:55 +01:00
redirect_to login_url, notice: I18n.t('login.accept_invitation.notice')
2009-01-06 11:49:19 +01:00
end
end
else
@user = User.new(:email => @invite.email)
end
end
protected
def validate_token
@user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
if (@user.nil? || @user.reset_password_expires < Time.now)
redirect_to forgot_password_url, alert: I18n.t('login.errors.token_invalid')
end
end
2009-01-06 11:49:19 +01:00
end