aboutsummaryrefslogtreecommitdiff
path: root/src/actions/password_resets/new.cr
diff options
context:
space:
mode:
Diffstat (limited to 'src/actions/password_resets/new.cr')
-rw-r--r--src/actions/password_resets/new.cr20
1 files changed, 20 insertions, 0 deletions
diff --git a/src/actions/password_resets/new.cr b/src/actions/password_resets/new.cr
new file mode 100644
index 0000000..5503468
--- /dev/null
+++ b/src/actions/password_resets/new.cr
@@ -0,0 +1,20 @@
+class PasswordResets::New < BrowserAction
+ include Auth::PasswordResets::Base
+
+ param token : String
+
+ get "/password_resets/:user_id" do
+ redirect_to_edit_form_without_token_param
+ end
+
+ # This is to prevent password reset tokens from being scraped in the HTTP Referer header
+ # See more info here: https://github.com/thoughtbot/clearance/pull/707
+ private def redirect_to_edit_form_without_token_param
+ make_token_available_to_future_actions
+ redirect to: PasswordResets::Edit.with(user_id)
+ end
+
+ private def make_token_available_to_future_actions
+ session.set(:password_reset_token, token)
+ end
+end
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-01 04:33:35 +0000