Add password reset

Author: khin-alu

app/controllers/password_resets_controller.rb

@@ -0,0 +1,67 @@
+class PasswordResetsController < ApplicationController
+  before_action :get_user, only: [:edit, :update]
+  before_action :valid_user, only: [:edit, :update]
+  before_action :check_expiration, only: [:edit, :update]
+
+  def new
+  end
+
+  def create
+    @user = User.find_by(email: params[:password_reset][:email].downcase)
+    if @user
+      @user.create_reset_digest
+
+      @user.send_password_reset_email
+      flash[:info] = "Email sent with password reset instructions"
+      redirect_to root_url
+    else
+      flash.now[:danger] = "Email address not found"
+      render "new", status: :unprocessable_entity
+    end
+  end
+
+  def edit
+  end
+
+  def update
+    if params[:user][:password].empty?
+      @user.errors.add(:password, "can't be empty")
+      render "edit", status: :unprocessable_entity
+    elsif @user.update(user_params)
+      reset_session
+      log_in @user
+      flash[:success] = "Password has been reset."
+      redirect_to @user
+    else
+      render "edit", status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(:password,
+                                 :password_confirmation)
+  end
+
+  # Before filters
+  def get_user
+    @user = User.find_by(email: params[:email])
+  end
+
+  # Confirms a valid user.
+  def valid_user
+    unless (@user && @user.activated? &&
+            @user.authenticated?(:reset, params[:id]))
+      redirect_to root_url
+    end
+  end
+
+  # Checks expiration of reset token.
+  def check_expiration
+    if @user.password_reset_expired?
+      flash[:danger] = "Password reset has expired."
+      redirect_to new_password_reset_url
+    end
+  end
+end

app/helpers/password_resets_helper.rb

@@ -0,0 +1,2 @@
+module PasswordResetsHelper
+end

app/mailers/user_mailer.rb

@@ -9,8 +9,8 @@ def account_activation(user)
     mail to: user.email, subject: "Account activation"
   end
 
-  def password_reset
-    @greeting = "Hi"
-    mail to: "[email protected]"
+  def password_reset(user)
+    @user = user
+    mail to: user.email, subject: "Password reset"
   end
 end

app/models/user.rb

@@ -1,5 +1,5 @@
 class User < ApplicationRecord
-  attr_accessor :remember_token, :activation_token
+  attr_accessor :remember_token, :activation_token, :reset_token
   before_save :downcase_email
   before_create :create_activation_digest
   validates :name, presence: true, length: { maximum: 50 }
@@ -56,6 +56,22 @@ def send_activation_email
     UserMailer.account_activation(self).deliver_now
   end
 
+  def create_reset_digest
+    self.reset_token = User.new_token
+    update_attribute(:reset_digest, User.digest(reset_token))
+    update_attribute(:reset_sent_at, Time.zone.now)
+  end
+
+  # Sends password reset email.
+  def send_password_reset_email
+    UserMailer.password_reset(self).deliver_now
+  end
+
+  # Returns true if a password reset has expired.
+  def password_reset_expired?
+    reset_sent_at < 2.hours.ago
+  end
+
   private
 
   # Converts email to all lowercase.

app/views/password_resets/edit.html.erb

@@ -0,0 +1,15 @@
+<% provide(:title, 'Reset password') %>
+<h1>Reset password</h1>
+<div class="row">
+    <div class="col-md-6 offset-md-3">
+        <%= form_with(model: @user, url: password_reset_path(params[:id])) do |f| %>
+        <%= render 'shared/error_messages' %>
+        <%= hidden_field_tag :email, @user.email %>
+        <%= f.label :password %>
+        <%= f.password_field :password, class: 'form-control' %>
+        <%= f.label :password_confirmation, "Confirmation" %>
+        <%= f.password_field :password_confirmation, class: 'form-control' %>
+        <%= f.submit "Update password", class: "btn btn-primary" %>
+        <% end %>
+    </div>
+</div>

app/views/password_resets/new.html.erb

@@ -0,0 +1,11 @@
+<% provide(:title, "Forgot password") %>
+<h1>Forgot password</h1>
+<div class="row">
+    <div class="col-md-6 offset-md-3">
+        <%= form_with(url: password_resets_path, scope: :password_reset) do |f| %>
+        <%= f.label :email %>
+        <%= f.email_field :email, class: 'form-control' %>
+        <%= f.submit "Submit", class: "btn btn-primary" %>
+        <% end %>
+    </div>
+</div>

app/views/sessions/new.html.erb

@@ -6,6 +6,7 @@
         <%= f.label :email %>
         <%= f.email_field :email, class: 'form-control' %>
         <%= f.label :password %>
+        <%= link_to "(forgot password)", new_password_reset_path %>
         <%= f.password_field :password, class: 'form-control' %>
         <%= f.label :remember_me, class: "checkbox inline" do %>
         <%= f.check_box :remember_me %>

app/views/user_mailer/password_reset.html.erb

@@ -1,5 +1,9 @@
-<h1>User#password_reset</h1>
-
+<h1>Password reset</h1>
+<p>To reset your password click the link below:</p>
+<%= link_to "Reset password", edit_password_reset_url(@user.reset_token,
+email: @user.email) %>
+<p>This link will expire in two hours.</p>
 <p>
-  <%= @greeting %>, find me in app/views/user_mailer/password_reset.html.erb
-</p>
+    If you did not request your password to be reset, please ignore this email and
+    your password will stay as it is.
+</p>

app/views/user_mailer/password_reset.text.erb

@@ -1,3 +1,5 @@
-User#password_reset
-
-<%= @greeting %>, find me in app/views/user_mailer/password_reset.text.erb
+To reset your password click the link below:
+<%= edit_password_reset_url(@user.reset_token, email: @user.email) %>
+This link will expire in two hours.
+If you did not request your password to be reset, please ignore this email and
+your password will stay as it is.

config/routes.rb

@@ -1,4 +1,6 @@
 Rails.application.routes.draw do
+  get "password_resets/new"
+  get "password_resets/edit"
   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
   root "static_pages#home"
   get "/help", to: "static_pages#help"
@@ -20,4 +22,5 @@
   # root "posts#index"
   resources :users
   resources :account_activations, only: [:edit]
+  resources :password_resets, only: [:new, :create, :edit, :update]
 end