heartcombo--devise/lib/devise/models/recoverable.rb

module Devise
  module Models

    # Recoverable takes care of resetting the user password and send reset instructions.
    #
    # ==Options
    #
    # Recoverable adds the following options to devise_for:
    #
    #   * +reset_password_keys+: the keys you want to use when recovering the password for an account
    #
    # == Examples
    #
    #   # resets the user password and save the record, true if valid passwords are given, otherwise false
    #   User.find(1).reset_password!('password123', 'password123')
    #
    #   # only resets the user password, without saving the record
    #   user = User.find(1)
    #   user.reset_password('password123', 'password123')
    #
    #   # creates a new token and send it with instructions about how to reset the password
    #   User.find(1).send_reset_password_instructions
    #
    module Recoverable
      extend ActiveSupport::Concern

      def self.required_fields(klass)
        [:reset_password_sent_at, :reset_password_token]
      end

      # Update password saving the record and clearing token. Returns true if
      # the passwords are valid and the record was saved, false otherwise.
      def reset_password!(new_password, new_password_confirmation)
        self.password = new_password
        self.password_confirmation = new_password_confirmation

        if valid?
          clear_reset_password_token
          after_password_reset
        end

        save
      end

      # Resets reset password token and send reset password instructions by email.
      # Returns the token sent in the e-mail.
      def send_reset_password_instructions
        token = set_reset_password_token
        send_reset_password_instructions_notification(token)

        token
      end

      # Checks if the reset password token sent is within the limit time.
      # We do this by calculating if the difference between today and the
      # sending date does not exceed the confirm in time configured.
      # Returns true if the resource is not responding to reset_password_sent_at at all.
      # reset_password_within is a model configuration, must always be an integer value.
      #
      # Example:
      #
      #   # reset_password_within = 1.day and reset_password_sent_at = today
      #   reset_password_period_valid?   # returns true
      #
      #   # reset_password_within = 5.days and reset_password_sent_at = 4.days.ago
      #   reset_password_period_valid?   # returns true
      #
      #   # reset_password_within = 5.days and reset_password_sent_at = 5.days.ago
      #   reset_password_period_valid?   # returns false
      #
      #   # reset_password_within = 0.days
      #   reset_password_period_valid?   # will always return false
      #
      def reset_password_period_valid?
        reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago
      end

      protected

        # Removes reset_password token
        def clear_reset_password_token
          self.reset_password_token = nil
          self.reset_password_sent_at = nil
        end

        def after_password_reset
        end

        def set_reset_password_token
          raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)

          self.reset_password_token   = enc
          self.reset_password_sent_at = Time.now.utc
          self.save(validate: false)
          raw
        end

        def send_reset_password_instructions_notification(token)
          send_devise_notification(:reset_password_instructions, token, {})
        end

      module ClassMethods
        # Attempt to find a user by password reset token. If a user is found, return it
        # If a user is not found, return nil
        def with_reset_password_token(token)
          reset_password_token = Devise.token_generator.digest(self, :reset_password_token, token)
          to_adapter.find_first(reset_password_token: reset_password_token)
        end

        # Attempt to find a user by its email. If a record is found, send new
        # password instructions to it. If user is not found, returns a new user
        # with an email not found error.
        # Attributes must contain the user's email
        def send_reset_password_instructions(attributes={})
          recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
          recoverable.send_reset_password_instructions if recoverable.persisted?
          recoverable
        end

        # Attempt to find a user by its reset_password_token to reset its
        # password. If a user is found and token is still valid, reset its password and automatically
        # try saving the record. If not user is found, returns a new user
        # containing an error in reset_password_token attribute.
        # Attributes must contain reset_password_token, password and confirmation
        def reset_password_by_token(attributes={})
          original_token       = attributes[:reset_password_token]
          reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token)

          recoverable = find_or_initialize_with_error_by(:reset_password_token, reset_password_token)

          if recoverable.persisted?
            if recoverable.reset_password_period_valid?
              recoverable.reset_password!(attributes[:password], attributes[:password_confirmation])
            else
              recoverable.errors.add(:reset_password_token, :expired)
            end
          end

          recoverable.reset_password_token = original_token
          recoverable
        end

        Devise::Models.config(self, :reset_password_keys, :reset_password_within)
      end
    end
  end
end
Creating recoverable module, reseting passwords and sending reset instructions. Some minor refactorings. 2009-09-18 10:20:45 -03:00			`module Devise`
Moving modules inside respective Models module. 2009-10-09 08:30:25 -03:00			`module Models`
Adding some documentation. 2009-10-09 09:27:44 -03:00
Update recoverable.rb Fix type-o. 2013-03-21 18:49:19 -06:00			`# Recoverable takes care of resetting the user password and send reset instructions.`
Add OAuth2 documentation. 2010-07-15 13:01:31 +02:00			`#`
Allowing reset_password_keys and unlock_keys to be set through the config 2010-12-29 16:06:55 +08:00			`# ==Options`
			`#`
			`# Recoverable adds the following options to devise_for:`
			`#`
			`# * +reset_password_keys+: the keys you want to use when recovering the password for an account`
			`#`
Add OAuth2 documentation. 2010-07-15 13:01:31 +02:00			`# == Examples`
Adding some documentation. 2009-10-09 09:27:44 -03:00			`#`
			`# # resets the user password and save the record, true if valid passwords are given, otherwise false`
			`# User.find(1).reset_password!('password123', 'password123')`
Assert validations API inside validatable module. 2009-11-24 13:56:54 -02:00			`#`
Adding some documentation. 2009-10-09 09:27:44 -03:00			`# # only resets the user password, without saving the record`
			`# user = User.find(1)`
			`# user.reset_password('password123', 'password123')`
Assert validations API inside validatable module. 2009-11-24 13:56:54 -02:00			`#`
Adding some documentation. 2009-10-09 09:27:44 -03:00			`# # creates a new token and send it with instructions about how to reset the password`
			`# User.find(1).send_reset_password_instructions`
Add OAuth2 documentation. 2010-07-15 13:01:31 +02:00			`#`
Moving modules inside respective Models module. 2009-10-09 08:30:25 -03:00			`module Recoverable`
Use ActiveSupport::Concern. 2010-02-17 12:35:38 +01:00			`extend ActiveSupport::Concern`
Creating recoverable module, reseting passwords and sending reset instructions. Some minor refactorings. 2009-09-18 10:20:45 -03:00
Added required_fields to recoverable 2012-02-20 09:14:06 -02:00			`def self.required_fields(klass)`
			`[:reset_password_sent_at, :reset_password_token]`
			`end`

Clearing perishable token when confirming or reseting password. 2009-10-15 17:36:44 -03:00			`# Update password saving the record and clearing token. Returns true if`
			`# the passwords are valid and the record was saved, false otherwise.`
Moving modules inside respective Models module. 2009-10-09 08:30:25 -03:00			`def reset_password!(new_password, new_password_confirmation)`
Added skip_confirmation! It skips confirmation token generation, e-mail sending and automatically sets confirmed_at. 2009-12-15 00:30:28 +01:00			`self.password = new_password`
			`self.password_confirmation = new_password_confirmation`
Deprecate and disable old behavior accumulated with time. 2011-12-04 23:58:19 +01:00
Resetting password should confirm implicitly 2011-07-29 14:26:19 -07:00			`if valid?`
			`clear_reset_password_token`
Refactor to use method and override 2011-08-02 12:08:38 -07:00			`after_password_reset`
Resetting password should confirm implicitly 2011-07-29 14:26:19 -07:00			`end`

Clearing perishable token when confirming or reseting password. 2009-10-15 17:36:44 -03:00			`save`
Creating recoverable module, reseting passwords and sending reset instructions. Some minor refactorings. 2009-09-18 10:20:45 -03:00			`end`
Adding find and reset password method to recoverable 2009-09-18 10:47:12 -03:00
Use HMAC on tokens stored in the DB 2013-08-05 18:56:07 +02:00			`# Resets reset password token and send reset password instructions by email.`
			`# Returns the token sent in the e-mail.`
Moving modules inside respective Models module. 2009-10-09 08:30:25 -03:00			`def send_reset_password_instructions`
split send_reset_password_instructions into two parts for better hooking 2014-05-05 13:41:08 +05:30			`token = set_reset_password_token`
rename method + remove extra db call 2014-05-06 01:23:55 +05:30			`send_reset_password_instructions_notification(token)`
Use HMAC on tokens stored in the DB 2013-08-05 18:56:07 +02:00
split send_reset_password_instructions into two parts for better hooking 2014-05-05 13:41:08 +05:30			`token`
Moving modules inside respective Models module. 2009-10-09 08:30:25 -03:00			`end`
Use HMAC on tokens stored in the DB 2013-08-05 18:56:07 +02:00
Add reset_password_within configuration variable. 2011-01-24 23:48:44 +08:00			`# Checks if the reset password token sent is within the limit time.`
			`# We do this by calculating if the difference between today and the`
			`# sending date does not exceed the confirm in time configured.`
Fixes a little typo. 2011-04-29 11:26:12 -07:00			`# Returns true if the resource is not responding to reset_password_sent_at at all.`
Add reset_password_within configuration variable. 2011-01-24 23:48:44 +08:00			`# reset_password_within is a model configuration, must always be an integer value.`
			`#`
			`# Example:`
			`#`
			`# # reset_password_within = 1.day and reset_password_sent_at = today`
			`# reset_password_period_valid? # returns true`
			`#`
			`# # reset_password_within = 5.days and reset_password_sent_at = 4.days.ago`
			`# reset_password_period_valid? # returns true`
			`#`
			`# # reset_password_within = 5.days and reset_password_sent_at = 5.days.ago`
			`# reset_password_period_valid? # returns false`
			`#`
			`# # reset_password_within = 0.days`
			`# reset_password_period_valid? # will always return false`
			`#`
			`def reset_password_period_valid?`
Add tests to previous commit. 2011-04-21 13:56:10 +02:00			`reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago`
Add reset_password_within configuration variable. 2011-01-24 23:48:44 +08:00			`end`

Separating perishable token into confirmation and reset_password tokens. Adding confirmation_sent_at attribute. 2009-10-18 09:14:52 -02:00			`protected`

			`# Removes reset_password token`
			`def clear_reset_password_token`
			`self.reset_password_token = nil`
Deprecate and disable old behavior accumulated with time. 2011-12-04 23:58:19 +01:00			`self.reset_password_sent_at = nil`
Separating perishable token into confirmation and reset_password tokens. Adding confirmation_sent_at attribute. 2009-10-18 09:14:52 -02:00			`end`

Refactor to use method and override 2011-08-02 12:08:38 -07:00			`def after_password_reset`
			`end`

split send_reset_password_instructions into two parts for better hooking 2014-05-05 13:41:08 +05:30			`def set_reset_password_token`
			`raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)`

			`self.reset_password_token = enc`
rename method + remove extra db call 2014-05-06 01:23:55 +05:30			`self.reset_password_sent_at = Time.now.utc`
split send_reset_password_instructions into two parts for better hooking 2014-05-05 13:41:08 +05:30			`self.save(validate: false)`
			`raw`
			`end`

rename method + remove extra db call 2014-05-06 01:23:55 +05:30			`def send_reset_password_instructions_notification(token)`
split send_reset_password_instructions into two parts for better hooking 2014-05-05 13:41:08 +05:30			`send_devise_notification(:reset_password_instructions, token, {})`
			`end`

Moving modules inside respective Models module. 2009-10-09 08:30:25 -03:00			`module ClassMethods`
Find a resource based off its encrypted reset_password_token 2014-03-31 14:51:13 +01:00			`# Attempt to find a user by password reset token. If a user is found, return it`
			`# If a user is not found, return nil`
			`def with_reset_password_token(token)`
			`reset_password_token = Devise.token_generator.digest(self, :reset_password_token, token)`
Use the ORM Adapter API 2014-03-31 15:24:55 +01:00			`to_adapter.find_first(reset_password_token: reset_password_token)`
Find a resource based off its encrypted reset_password_token 2014-03-31 14:51:13 +01:00			`end`

reverting part of #2164 which was a mistake 2012-12-02 00:24:09 +05:30			`# Attempt to find a user by its email. If a record is found, send new`
minor documentation grammar update 2012-11-29 17:15:15 +05:30			`# password instructions to it. If user is not found, returns a new user`
Moving modules inside respective Models module. 2009-10-09 08:30:25 -03:00			`# with an email not found error.`
minor documentation grammar update 2012-11-29 17:15:15 +05:30			`# Attributes must contain the user's email`
Updating sessions controller to use resource oriented style. Changing authenticate method to accept a hash of attributes. 2009-10-10 16:20:23 -03:00			`def send_reset_password_instructions(attributes={})`
By default, just require e-mail on recover and lockable. 2010-12-28 23:00:23 +01:00			`recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)`
Use persisted? instead of new_record? In order to be more ActiveModel compliant, lets use persisted? whereever we can. Particularly for datamapper, new_record? causes api warnings. Better to stick to the ActiveModel api I think. 2010-03-28 13:26:07 -07:00			`recoverable.send_reset_password_instructions if recoverable.persisted?`
Moving modules inside respective Models module. 2009-10-09 08:30:25 -03:00			`recoverable`
			`end`

Fix usage of "its" / "it's" in documentation 2011-08-16 22:06:13 +02:00			`# Attempt to find a user by its reset_password_token to reset its`
Add reset_password_within configuration variable. 2011-01-24 23:48:44 +08:00			`# password. If a user is found and token is still valid, reset its password and automatically`
Separating perishable token into confirmation and reset_password tokens. Adding confirmation_sent_at attribute. 2009-10-18 09:14:52 -02:00			`# try saving the record. If not user is found, returns a new user`
Refactoring find by confirmation and reset password token and updating TODO. 2009-10-18 10:16:30 -02:00			`# containing an error in reset_password_token attribute.`
Separating perishable token into confirmation and reset_password tokens. Adding confirmation_sent_at attribute. 2009-10-18 09:14:52 -02:00			`# Attributes must contain reset_password_token, password and confirmation`
Clean up lockable and class methods API. 2010-03-10 16:13:54 +01:00			`def reset_password_by_token(attributes={})`
Only allow insecure token lookup if a flag is given 2013-08-06 11:55:13 +02:00			`original_token = attributes[:reset_password_token]`
Use HMAC on tokens stored in the DB 2013-08-05 18:56:07 +02:00			`reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token)`

			`recoverable = find_or_initialize_with_error_by(:reset_password_token, reset_password_token)`

Add reset_password_within configuration variable. 2011-01-24 23:48:44 +08:00			`if recoverable.persisted?`
			`if recoverable.reset_password_period_valid?`
implementation of a much simpler solution 2011-11-05 16:53:27 +01:00			`recoverable.reset_password!(attributes[:password], attributes[:password_confirmation])`
Add reset_password_within configuration variable. 2011-01-24 23:48:44 +08:00			`else`
Mark the token as expired, because invalid gives no clue of what to do next. 2011-04-21 19:17:21 +02:00			`recoverable.errors.add(:reset_password_token, :expired)`
Add reset_password_within configuration variable. 2011-01-24 23:48:44 +08:00			`end`
			`end`
Only allow insecure token lookup if a flag is given 2013-08-06 11:55:13 +02:00
			`recoverable.reset_password_token = original_token`
Moving modules inside respective Models module. 2009-10-09 08:30:25 -03:00			`recoverable`
			`end`
Allowing reset_password_keys and unlock_keys to be set through the config 2010-12-29 16:06:55 +08:00
Tidy up previous commits. 2011-03-30 15:35:38 +02:00			`Devise::Models.config(self, :reset_password_keys, :reset_password_within)`
Adding find and reset password method to recoverable 2009-09-18 10:47:12 -03:00			`end`
Creating recoverable module, reseting passwords and sending reset instructions. Some minor refactorings. 2009-09-18 10:20:45 -03:00			`end`
			`end`
			`end`