Fixed bug in password reset feature.
* Translated messages * Cleaned up some code
This commit is contained in:
parent
394b4b161f
commit
c6187ebade
3 changed files with 31 additions and 39 deletions
|
@ -1,6 +1,7 @@
|
||||||
class LoginController < ApplicationController
|
class LoginController < ApplicationController
|
||||||
skip_before_filter :authenticate # no authentication since this is the login page
|
skip_before_filter :authenticate # no authentication since this is the login page
|
||||||
filter_parameter_logging "password" # do not log "password" parameter
|
filter_parameter_logging "password" # do not log "password" parameter
|
||||||
|
before_filter :validate_token, :only => [:password, :update_password]
|
||||||
|
|
||||||
verify :method => :post, :only => [:login, :reset_password, :new], :redirect_to => { :action => :index }
|
verify :method => :post, :only => [:login, :reset_password, :new], :redirect_to => { :action => :index }
|
||||||
|
|
||||||
|
@ -57,45 +58,28 @@ class LoginController < ApplicationController
|
||||||
logger.debug("Sent password reset email to #{user.email}.")
|
logger.debug("Sent password reset email to #{user.email}.")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
flash[:notice] = _("If your email address is listed in our system, you will now receive an email with the instructions how to change your password.")
|
flash[:notice] = "Wenn Deine E-Mail hier registiert ist bekommst Du jetzt eine Nachricht mit einem Passwort-Zurücksetzen-Link."
|
||||||
render :action => 'login'
|
render :action => 'login'
|
||||||
end
|
end
|
||||||
|
|
||||||
# Set a new password with a token from the password reminder email.
|
# Set a new password with a token from the password reminder email.
|
||||||
# Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
|
# Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
|
||||||
def password
|
def password
|
||||||
@user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
|
|
||||||
if (@user.nil? || @user.reset_password_expires < Time.now)
|
|
||||||
flash[:error] = _("Invalid or expired token, password cannot be changed.")
|
|
||||||
render :action => 'forgot_password'
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# Sets a new password.
|
# Sets a new password.
|
||||||
# Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
|
# Called with params :id => User.id and :token => User.reset_password_token to specify a new password.
|
||||||
def new
|
def update_password
|
||||||
@user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
|
@user.attributes = params[:user]
|
||||||
if (@user.nil? || @user.reset_password_expires < Time.now)
|
if @user.valid?
|
||||||
flash[:error] = _("Invalid or expired token, password cannot be changed.")
|
|
||||||
redirect_to :action => 'forgot_password'
|
|
||||||
else
|
|
||||||
@user.set_password({:required => true}, params[:user][:password], params[:user][:password_confirmation])
|
|
||||||
if @user.errors.empty?
|
|
||||||
@user.reset_password_token = nil
|
@user.reset_password_token = nil
|
||||||
@user.reset_password_expires = nil
|
@user.reset_password_expires = nil
|
||||||
if @user.save
|
@user.save
|
||||||
flash[:notice] = _("New password has been saved, please log in.")
|
flash[:notice] = "Dein Passwort wurde aktualisiert. Du kannst Dich jetzt anmelden."
|
||||||
render :action => 'login'
|
render :action => 'login'
|
||||||
else
|
else
|
||||||
@user = User.find(@user.id) # reload to refetch token
|
|
||||||
flash[:error] = _("When trying to save your new password an error has occured. Please try again.")
|
|
||||||
render :action => 'password'
|
render :action => 'password'
|
||||||
end
|
end
|
||||||
else
|
|
||||||
flash[:error] = _("Error: #{@user.errors.on_base}.")
|
|
||||||
render :action => 'password'
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# Invited users.
|
# Invited users.
|
||||||
|
@ -125,4 +109,13 @@ class LoginController < ApplicationController
|
||||||
flash[:error] = "Ein Fehler ist aufgetreten. Bitte erneut versuchen."
|
flash[:error] = "Ein Fehler ist aufgetreten. Bitte erneut versuchen."
|
||||||
end
|
end
|
||||||
|
|
||||||
|
protected
|
||||||
|
|
||||||
|
def validate_token
|
||||||
|
@user = User.find_by_id_and_reset_password_token(params[:id], params[:token])
|
||||||
|
if (@user.nil? || @user.reset_password_expires < Time.now)
|
||||||
|
flash[:error] = "Ungültiger oder abgelaufener Token. Bitte versuch es erneut."
|
||||||
|
render :action => 'forgot_password'
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
Du erhälst dann eine E-Mail mit weiteren Instruktionen.
|
Du erhälst dann eine E-Mail mit weiteren Instruktionen.
|
||||||
|
|
||||||
.edit_form{:style => "width:25em"}
|
.edit_form{:style => "width:25em"}
|
||||||
- form_tag(:action => 'reset_passwort') do
|
- form_tag(:action => 'reset_password') do
|
||||||
%p
|
%p
|
||||||
E-Mail:
|
E-Mail:
|
||||||
%br/
|
%br/
|
||||||
|
|
|
@ -1,17 +1,16 @@
|
||||||
- title "Neues Passwort"
|
- title "Neues Passwort"
|
||||||
%p=h "Bitte neues Passwort für #{@user.nick} eingeben."
|
%p=h "Bitte neues Passwort für #{@user.nick} eingeben."
|
||||||
- if flash[:error]
|
|
||||||
%p{:style => "color: red"}= flash[:error]
|
|
||||||
.edit_form{:style => "width:25em"}
|
.edit_form{:style => "width:25em"}
|
||||||
- form_tag(:action => 'new', :id => @user.id, :token => @user.reset_password_token) do
|
- form_for @user, :url => {:action => 'update_password', :id => @user.id, :token => @user.reset_password_token} do |form|
|
||||||
|
= form.error_messages :header_message => ""
|
||||||
%p
|
%p
|
||||||
Neues Passwort
|
Neues Passwort
|
||||||
%br/
|
%br/
|
||||||
= password_field_tag "user[password]"
|
= form.password_field :password
|
||||||
%p
|
%p
|
||||||
Passwort wiederholen
|
Passwort wiederholen
|
||||||
%br/
|
%br/
|
||||||
= password_field_tag "user[password_confirmation]"
|
= form.password_field :password_confirmation
|
||||||
= submit_tag 'Speichern'
|
= form.submit 'Speichern'
|
||||||
|
|
|
|
||||||
= link_to 'abbrechen', :action => 'login'
|
= link_to 'Abbrechen', :action => 'login'
|
||||||
|
|
Loading…
Reference in a new issue