aboutsummaryrefslogtreecommitdiff
path: root/src/actions/password_resets/new.cr
blob: 5503468697fc5290ebf43242b1076296fca079ac (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

class PasswordResets::New < BrowserAction
  include Auth::PasswordResets::Base

  param token : String

  get "/password_resets/:user_id" do
    redirect_to_edit_form_without_token_param
  end

  # This is to prevent password reset tokens from being scraped in the HTTP Referer header
  # See more info here: https://github.com/thoughtbot/clearance/pull/707
  private def redirect_to_edit_form_without_token_param
    make_token_available_to_future_actions
    redirect to: PasswordResets::Edit.with(user_id)
  end

  private def make_token_available_to_future_actions
    session.set(:password_reset_token, token)
  end
end
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-01 04:42:17 +0000