diff options
| author | floppydiskette <floppydisk@hyprcat.net> | 2024-09-13 12:58:12 +0100 |
|---|---|---|
| committer | floppydiskette <floppydisk@hyprcat.net> | 2024-09-13 12:59:16 +0100 |
| commit | 2c3400fb4f5a22951d42f286975201bf817d7883 (patch) | |
| tree | a08b06f5f6d5df4f6774da7645d85418609a4cf2 /src/actions/password_resets | |
| parent | d8915dcca4d9752f6f254e86afa39ef7f83617d1 (diff) | |
wronglucky
Diffstat (limited to 'src/actions/password_resets')
| -rw-r--r-- | src/actions/password_resets/create.cr | 17 | ||||
| -rw-r--r-- | src/actions/password_resets/edit.cr | 8 | ||||
| -rw-r--r-- | src/actions/password_resets/new.cr | 20 |
3 files changed, 45 insertions, 0 deletions
diff --git a/src/actions/password_resets/create.cr b/src/actions/password_resets/create.cr new file mode 100644 index 0000000..da1e711 --- /dev/null +++ b/src/actions/password_resets/create.cr @@ -0,0 +1,17 @@ +class PasswordResets::Create < BrowserAction + include Auth::PasswordResets::Base + include Auth::PasswordResets::TokenFromSession + + post "/password_resets/:user_id" do + ResetPassword.update(user, params) do |operation, user| + if operation.saved? + session.delete(:password_reset_token) + sign_in user + flash.success = "Your password has been reset" + redirect to: Home::Index + else + html NewPage, operation: operation, user_id: user_id.to_i64 + end + end + end +end diff --git a/src/actions/password_resets/edit.cr b/src/actions/password_resets/edit.cr new file mode 100644 index 0000000..9408109 --- /dev/null +++ b/src/actions/password_resets/edit.cr @@ -0,0 +1,8 @@ +class PasswordResets::Edit < BrowserAction + include Auth::PasswordResets::Base + include Auth::PasswordResets::TokenFromSession + + get "/password_resets/:user_id/edit" do + html NewPage, operation: ResetPassword.new, user_id: user_id.to_i64 + end +end diff --git a/src/actions/password_resets/new.cr b/src/actions/password_resets/new.cr new file mode 100644 index 0000000..5503468 --- /dev/null +++ b/src/actions/password_resets/new.cr @@ -0,0 +1,20 @@ +class PasswordResets::New < BrowserAction + include Auth::PasswordResets::Base + + param token : String + + get "/password_resets/:user_id" do + redirect_to_edit_form_without_token_param + end + + # This is to prevent password reset tokens from being scraped in the HTTP Referer header + # See more info here: https://github.com/thoughtbot/clearance/pull/707 + private def redirect_to_edit_form_without_token_param + make_token_available_to_future_actions + redirect to: PasswordResets::Edit.with(user_id) + end + + private def make_token_available_to_future_actions + session.set(:password_reset_token, token) + end +end |