heartcombo--devise/app/controllers/devise/passwords_controller.rb

class Devise::PasswordsController < DeviseController
  prepend_before_filter :require_no_authentication
  # Render the #edit only if coming from a reset password email link
  append_before_filter :assert_reset_token_passed, :only => :edit

  # GET /resource/password/new
  def new
    build_resource({})
  end

  # POST /resource/password
  def create
    self.resource = resource_class.send_reset_password_instructions(resource_params)

    if successfully_sent?(resource)
      respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name))
    else
      respond_with(resource)
    end
  end

  # GET /resource/password/edit?reset_password_token=abcdef
  def edit
    self.resource = resource_class.new
    resource.reset_password_token = params[:reset_password_token]
  end

  # PUT /resource/password
  def update
    self.resource = resource_class.reset_password_by_token(resource_params)

    if resource.errors.empty?
      resource.unlock_access! if unlockable?(resource)
      flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
      set_flash_message(:notice, flash_message) if is_navigational_format?
      sign_in(resource_name, resource)
      respond_with resource, :location => after_sign_in_path_for(resource)
    else
      respond_with resource
    end
  end

  protected

    # The path used after sending reset password instructions
    def after_sending_reset_password_instructions_path_for(resource_name)
      new_session_path(resource_name)
    end

    # Check if a reset_password_token is provided in the request
    def assert_reset_token_passed
      if params[:reset_password_token].blank?
        set_flash_message(:error, :no_token)
        redirect_to new_session_path(resource_name)
      end
    end

    # Check if proper Lockable module methods are present & unlock strategy
    # allows to unlock resource on password reset
    def unlockable?(resource)
      resource.respond_to?(:unlock_access!) &&
        resource.respond_to?(:unlock_strategy_enabled?) &&
        resource.unlock_strategy_enabled?(:email)
    end
end
Make all controllers inherit from a single DeviseController 2011-06-24 15:34:13 -04:00			`class Devise::PasswordsController < DeviseController`
Use prepend_before_filter in require_no_authentication. We need to be sure require_no_authentication runs before other user filters that may call some Devise helper (ie current_xxx). Conflicts: app/controllers/devise/passwords_controller.rb app/controllers/devise/registrations_controller.rb app/controllers/devise/sessions_controller.rb app/controllers/devise/unlocks_controller.rb lib/devise/controllers/internal_helpers.rb test/rails_app/app/controllers/application_controller.rb 2010-03-26 07:26:51 -04:00			`prepend_before_filter :require_no_authentication`
Redirect to sign in page when trying to access password#edit without a reset_password_token (i.e. not coming from a reset password email) 2012-06-08 04:08:35 -04:00			`# Render the #edit only if coming from a reset password email link`
			`append_before_filter :assert_reset_token_passed, :only => :edit`
Do not include Devise internal helpers in application controller. 2009-10-27 19:26:40 -04:00
Stub out other views for Registerable. 2010-02-08 13:07:24 -05:00			`# GET /resource/password/new`
			`def new`
Tidy up lose ends. 2010-07-13 13:46:44 -04:00			`build_resource({})`
Stub out other views for Registerable. 2010-02-08 13:07:24 -05:00			`end`

			`# POST /resource/password`
			`def create`
Add resource_params internal helper to param filtering In light of recent discussions around mass assignment security and the alternate solution of using the controller to filter params, not the model, a hook/helper is needed to be able to override how the params are filtered before they are used to build the resource. 2012-05-15 04:07:02 -04:00			`self.resource = resource_class.send_reset_password_instructions(resource_params)`
Refactoring the paranoid controller 2011-05-20 18:49:53 -04:00
jh - reworking paranoid mode in passwords controller Signed-off-by: José Valim <jose.valim@gmail.com> 2011-10-12 17:12:20 -04:00			`if successfully_sent?(resource)`
Update CHANGELOG. 2011-06-23 08:22:30 -04:00			`respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name))`
Refactoring passwords controller 2011-06-16 15:10:53 -04:00			`else`
Clean up as we don't need to call render_with_scope anymore. 2012-01-02 16:12:09 -05:00			`respond_with(resource)`
Stub out other views for Registerable. 2010-02-08 13:07:24 -05:00			`end`
			`end`

Tidying up encryptors. 2009-11-10 15:55:13 -05:00			`# GET /resource/password/edit?reset_password_token=abcdef`
Configuring session and password controllers as engine, and getting integration tests from devise example app. 2009-10-07 20:46:40 -04:00			`def edit`
Updating controllers to scope resource_class and changing mapping implementation to reload mapped class based on cache_classes configuration. 2009-10-10 10:05:56 -04:00			`self.resource = resource_class.new`
Separating perishable token into confirmation and reset_password tokens. Adding confirmation_sent_at attribute. 2009-10-18 07:14:52 -04:00			`resource.reset_password_token = params[:reset_password_token]`
Configuring session and password controllers as engine, and getting integration tests from devise example app. 2009-10-07 20:46:40 -04:00			`end`

Better documentation. 2009-10-17 11:10:15 -04:00			`# PUT /resource/password`
Configuring session and password controllers as engine, and getting integration tests from devise example app. 2009-10-07 20:46:40 -04:00			`def update`
Add resource_params internal helper to param filtering In light of recent discussions around mass assignment security and the alternate solution of using the controller to filter params, not the model, a hook/helper is needed to be able to override how the params are filtered before they are used to build the resource. 2012-05-15 04:07:02 -04:00			`self.resource = resource_class.reset_password_by_token(resource_params)`
Better documentation. 2009-10-17 11:10:15 -04:00
Tests with resource and resource_class 2009-10-10 08:32:51 -04:00			`if resource.errors.empty?`
Unlock user when re-setting password and unlock strategy is :email or :both 2012-11-07 04:45:46 -05:00			`resource.unlock_access! if unlockable?(resource)`
After a password reset, don't show "You are now signed in." if the user can't be signed-in anyway. 2011-08-31 18:24:10 -04:00			`flash_message = resource.active_for_authentication? ? :updated : :updated_not_active`
			`set_flash_message(:notice, flash_message) if is_navigational_format?`
Add support for non-navigational formats in PasswordsController Signed-off-by: José Valim <jose.valim@gmail.com> 2011-01-15 14:33:54 -05:00			`sign_in(resource_name, resource)`
after_sign_in_path_for now redirects to session[scope_return_to] if any value is stored in it 2011-09-29 07:07:13 -04:00			`respond_with resource, :location => after_sign_in_path_for(resource)`
Configuring session and password controllers as engine, and getting integration tests from devise example app. 2009-10-07 20:46:40 -04:00			`else`
Clean up as we don't need to call render_with_scope anymore. 2012-01-02 16:12:09 -05:00			`respond_with resource`
Configuring session and password controllers as engine, and getting integration tests from devise example app. 2009-10-07 20:46:40 -04:00			`end`
			`end`
Refactoring the paranoid controller 2011-05-20 18:49:53 -04:00
added ability to override redirect_to path after sending reset password instructions 2011-05-13 12:39:11 -04:00			`protected`

			`# The path used after sending reset password instructions`
			`def after_sending_reset_password_instructions_path_for(resource_name)`
			`new_session_path(resource_name)`
			`end`
Refactoring the paranoid controller 2011-05-20 18:49:53 -04:00
Redirect to sign in page when trying to access password#edit without a reset_password_token (i.e. not coming from a reset password email) 2012-06-08 04:08:35 -04:00			`# Check if a reset_password_token is provided in the request`
			`def assert_reset_token_passed`
			`if params[:reset_password_token].blank?`
			`set_flash_message(:error, :no_token)`
			`redirect_to new_session_path(resource_name)`
			`end`
			`end`
Unlock user when re-setting password and unlock strategy is :email or :both 2012-11-07 04:45:46 -05:00
			`# Check if proper Lockable module methods are present & unlock strategy`
			`# allows to unlock resource on password reset`
			`def unlockable?(resource)`
			`resource.respond_to?(:unlock_access!) &&`
			`resource.respond_to?(:unlock_strategy_enabled?) &&`
			`resource.unlock_strategy_enabled?(:email)`
			`end`
Configuring session and password controllers as engine, and getting integration tests from devise example app. 2009-10-07 20:46:40 -04:00			`end`