has_secure_password :recovery_password

2021-03-21 11:12:14 +01:00 · 2021-03-21 11:12:14 +01:00 · 639eb2ba04
commit 639eb2ba04
parent 49998ee5b7
5 changed files with 14 additions and 7 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -24,10 +24,10 @@ class UsersController < ApplicationController

  def recover_password
    user = User.find(params[:user_id])
-    if user.password_recovery_code == params[:recovery_code]
+    if user.authenticate_recovery_password(params[:recovery_code])
      user.password = params[:password]
      user.password_confirmation = params[:repeated_password]
-      user.password_recovery_code = nil
+      user.recovery_password_digest = nil
      if user.save
        redirect_to '/welcome'
      end
--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
@ -1,9 +1,10 @@
 class UserMailer < ApplicationMailer
  def password_recovery
    @user = params[:user]
-    recovery_code = ('a'..'z').to_a.shuffle[0,8].join
-    @user.update(password_recovery_code: recovery_code)
-    @url  = "http://localhost:18210/password_recovery/#{@user.id}/#{recovery_code}"
+    recovery_password = ('a'..'z').to_a.shuffle[0,8].join
+    @user.recovery_password = recovery_password
+    @user.save
+    @url  = "http://localhost:18210/password_recovery/#{@user.id}/#{recovery_password}"
    mail(to: @user.email, subject: 'Password recovery')
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -1,3 +1,4 @@
 class User < ApplicationRecord
  has_secure_password
+  has_secure_password :recovery_password, validations: false
 end
--- a/db/migrate/20210321093857_change_password_recovery_code_to_recovery_password_digest.rb
+++ b/db/migrate/20210321093857_change_password_recovery_code_to_recovery_password_digest.rb
@ -0,0 +1,5 @@
+class ChangePasswordRecoveryCodeToRecoveryPasswordDigest < ActiveRecord::Migration[6.1]
+  def change
+    rename_column :users, :password_recovery_code, :recovery_password_digest
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 2021_03_20_233401) do
+ActiveRecord::Schema.define(version: 2021_03_21_093857) do

  create_table "authors", force: :cascade do |t|
    t.string "first_name"
@ -43,7 +43,7 @@ ActiveRecord::Schema.define(version: 2021_03_20_233401) do
    t.string "password_digest"
    t.datetime "created_at", precision: 6, null: false
    t.datetime "updated_at", precision: 6, null: false
-    t.string "password_recovery_code"
+    t.string "recovery_password_digest"
  end

 end