app/controllers/users_controller.rb

@@ -8,4 +8,29 @@ class UsersController < ApplicationController
     session[:user_id] = @user.id
     redirect_to '/welcome'
   end
+
+  def send_password_recovery_email
+    @user = User.where(email: params['email']).first
+    UserMailer.with(user: @user).password_recovery.deliver_now
+  end
+
+  def password_recovery_email
+  end
+
+  def password_recovery
+    @recovery_code = params[:recovery_code]
+    @user_id = params[:id]
+  end
+
+  def recover_password
+    user = User.find(params[:user_id])
+    if user.password_recovery_code == params[:recovery_code]
+      user.password = params[:password]
+      user.password_confirmation = params[:repeated_password]
+      user.password_recovery_code = nil
+      if user.save
+        redirect_to '/welcome'
+      end
+    end
+  end
 end

app/mailers/user_mailer.rb

@@ -0,0 +1,9 @@
+class UserMailer < ApplicationMailer
+  def password_recovery
+    @user = params[:user]
+    recovery_code = ('a'..'z').to_a.shuffle[0,8].join
+    @user.update(password_recovery_code: recovery_code)
+    @url  = "http://localhost:18210/password_recovery/#{@user.id}/#{recovery_code}"
+    mail(to: @user.email, subject: 'Password recovery')
+  end
+end

app/views/sessions/welcome.html.erb

@@ -5,4 +5,5 @@
 <%else%>
   <%= button_to "Login", '/login', method: :get%>
   <%= button_to "Sign Up", '/users/new', method: :get%>
+  <%= button_to "Password recovery", '/password_recovery', method: :get%>
 <%end%>

app/views/user_mailer/password_recovery.html.erb

@@ -0,0 +1 @@
+Please click the link to recover your password: <%= @url %>

app/views/users/password_recovery.html.erb

@@ -0,0 +1,9 @@
+Recover password
+
+<%= form_with url: "/recover_password", method: :post do |form| %>
+  <%= form.text_field :password %>
+  <%= form.text_field :repeated_password %>
+  <%= form.hidden_field :recovery_code, :value => @recovery_code %>
+  <%= form.hidden_field :user_id, :value => @user_id %>
+  <%= form.submit "Change password" %>
+<% end %>

app/views/users/password_recovery_email.html.erb

@@ -0,0 +1,4 @@
+<%= form_with url: "/password_recovery", method: :post do |form| %>
+  <%= form.text_field :email %>
+  <%= form.submit "Send email" %>
+<% end %>

app/views/users/send_password_recovery_email.html.erb

@@ -0,0 +1 @@
+Recovery email sent.

config/routes.rb

@@ -4,5 +4,9 @@ Rails.application.routes.draw do
   get 'logout', to: 'sessions#delete'
   post 'login', to: 'sessions#create'
   get 'welcome', to: 'sessions#welcome'
+  get 'password_recovery/:id/:recovery_code', to: 'users#password_recovery'
+  get 'password_recovery', to: 'users#password_recovery_email'
+  post 'password_recovery', to: 'users#send_password_recovery_email'
+  post 'recover_password', to: 'users#recover_password'
   resources :books
 end

db/migrate/20210320233401_add_password_recovery_code_to_users.rb

@@ -0,0 +1,5 @@
+class AddPasswordRecoveryCodeToUsers < ActiveRecord::Migration[6.1]
+  def change
+    add_column :users, :password_recovery_code, :string
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2021_03_20_212922) do
+ActiveRecord::Schema.define(version: 2021_03_20_233401) do
 
   create_table "authors", force: :cascade do |t|
     t.string "first_name"
@@ -43,6 +43,7 @@ ActiveRecord::Schema.define(version: 2021_03_20_212922) do
     t.string "password_digest"
     t.datetime "created_at", precision: 6, null: false
     t.datetime "updated_at", precision: 6, null: false
+    t.string "password_recovery_code"
   end
 
 end

spec/mailers/previews/user_mailer_preview.rb

@@ -0,0 +1,4 @@
+# Preview all emails at http://localhost:3000/rails/mailers/user
+class UserMailerPreview < ActionMailer::Preview
+
+end

spec/mailers/user_mailer_spec.rb

@@ -0,0 +1,5 @@
+require "rails_helper"
+
+RSpec.describe UserMailer, type: :mailer do
+  pending "add some examples to (or delete) #{__FILE__}"
+end