password recovery wip

2021-03-21 10:36:09 +01:00 · 2021-03-21 10:36:09 +01:00 · 49998ee5b7
commit 49998ee5b7
parent cd40ef66c6
12 changed files with 70 additions and 1 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -8,4 +8,29 @@ class UsersController < ApplicationController
    session[:user_id] = @user.id
    redirect_to '/welcome'
  end
+
+  def send_password_recovery_email
+    @user = User.where(email: params['email']).first
+    UserMailer.with(user: @user).password_recovery.deliver_now
+  end
+
+  def password_recovery_email
+  end
+
+  def password_recovery
+    @recovery_code = params[:recovery_code]
+    @user_id = params[:id]
+  end
+
+  def recover_password
+    user = User.find(params[:user_id])
+    if user.password_recovery_code == params[:recovery_code]
+      user.password = params[:password]
+      user.password_confirmation = params[:repeated_password]
+      user.password_recovery_code = nil
+      if user.save
+        redirect_to '/welcome'
+      end
+    end
+  end
 end
--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
@ -0,0 +1,9 @@
+class UserMailer < ApplicationMailer
+  def password_recovery
+    @user = params[:user]
+    recovery_code = ('a'..'z').to_a.shuffle[0,8].join
+    @user.update(password_recovery_code: recovery_code)
+    @url  = "http://localhost:18210/password_recovery/#{@user.id}/#{recovery_code}"
+    mail(to: @user.email, subject: 'Password recovery')
+  end
+end
--- a/app/views/sessions/welcome.html.erb
+++ b/app/views/sessions/welcome.html.erb
@ -5,4 +5,5 @@
 <%else%>
  <%= button_to "Login", '/login', method: :get%>
  <%= button_to "Sign Up", '/users/new', method: :get%>
+  <%= button_to "Password recovery", '/password_recovery', method: :get%>
 <%end%>
--- a/app/views/user_mailer/password_recovery.html.erb
+++ b/app/views/user_mailer/password_recovery.html.erb
@ -0,0 +1 @@
+Please click the link to recover your password: <%= @url %>
--- a/app/views/users/password_recovery.html.erb
+++ b/app/views/users/password_recovery.html.erb
@ -0,0 +1,9 @@
+Recover password
+
+<%= form_with url: "/recover_password", method: :post do |form| %>
+  <%= form.text_field :password %>
+  <%= form.text_field :repeated_password %>
+  <%= form.hidden_field :recovery_code, :value => @recovery_code %>
+  <%= form.hidden_field :user_id, :value => @user_id %>
+  <%= form.submit "Change password" %>
+<% end %>
--- a/app/views/users/password_recovery_email.html.erb
+++ b/app/views/users/password_recovery_email.html.erb
@ -0,0 +1,4 @@
+<%= form_with url: "/password_recovery", method: :post do |form| %>
+  <%= form.text_field :email %>
+  <%= form.submit "Send email" %>
+<% end %>
--- a/app/views/users/send_password_recovery_email.html.erb
+++ b/app/views/users/send_password_recovery_email.html.erb
@ -0,0 +1 @@
+Recovery email sent.
				`@ -0,0 +1 @@`
				`Please click the link to recover your password: <%= @url %>`