Separate page for password change

2013-10-09 16:17:40 +03:00 · 2013-10-09 16:17:40 +03:00 · c41e66db52
commit c41e66db52
parent 7af1bc3b88
2 changed files with 72 additions and 1 deletions
--- a/app/controllers/profiles/passwords_controller.rb
+++ b/app/controllers/profiles/passwords_controller.rb
@ -1,10 +1,11 @@
 class Profiles::PasswordsController < ApplicationController
-  layout 'navless'
+  layout :determine_layout

  skip_before_filter :check_password_expiration

  before_filter :set_user
  before_filter :set_title
+  before_filter :authorize_change_password!

  def new
  end
@ -26,6 +27,32 @@ class Profiles::PasswordsController < ApplicationController
    end
  end

+  def edit
+  end
+
+  def update
+    password_attributes = params[:user].select do |key, value|
+      %w(password password_confirmation).include?(key.to_s)
+    end
+
+    unless @user.valid_password?(params[:user][:current_password])
+      redirect_to edit_profile_password_path, alert: 'You must provide a valid current password'
+      return
+    end
+
+    if @user.update_attributes(password_attributes)
+      flash[:notice] = "Password was successfully updated. Please login with it"
+      redirect_to new_user_session_path
+    else
+      render 'account'
+    end
+  end
+
+  def reset
+    current_user.send_reset_password_instructions
+    redirect_to edit_profile_password_path, notice: 'We sent you an email with reset password instructions'
+  end
+
  private

  def set_user
@ -35,4 +62,16 @@ class Profiles::PasswordsController < ApplicationController
  def set_title
    @title = "New password"
  end
+
+  def determine_layout
+    if [:new, :create].include?(action_name.to_sym)
+      'navless'
+    else
+      'profile'
+    end
+  end
+
+  def authorize_change_password!
+    return render_404 if @user.ldap_user?
+  end
 end
--- a/app/views/profiles/passwords/edit.html.haml
+++ b/app/views/profiles/passwords/edit.html.haml
@ -0,0 +1,32 @@
+%h3.page-title Password
+%p.light
+  Change your password or recover your current one.
+%hr
+.update-password
+  = form_for @user, url: profile_password_path, method: :put do |f|
+    %div
+      %p.slead
+        You must provide current password in order to change it.
+        %br
+        After a successful password update you will be redirected to login page where you should login with your new password
+      -if @user.errors.any?
+        .alert.alert-error
+          %ul
+            - @user.errors.full_messages.each do |msg|
+              %li= msg
+      .control-group
+        = f.label :current_password
+        .controls
+          = f.password_field :current_password, required: true
+          %div
+            = link_to "Forgot your password?", reset_profile_password_path, method: :put
+
+      .control-group
+        = f.label :password, 'New password'
+        .controls= f.password_field :password, required: true
+      .control-group
+        = f.label :password_confirmation
+        .controls
+          = f.password_field :password_confirmation, required: true
+      .form-actions
+        = f.submit 'Save password', class: "btn btn-save"