Separate page for password change

Dmitriy Zaporozhets
1 parent 7af1bc3b
Showing 2 changed files with 72 additions and 1 deletions Show diff stats
app/controllers/profiles/passwords_controller.rb
app/views/profiles/passwords/edit.html.haml
 class Profiles::PasswordsController < ApplicationController
-  layout 'navless'
+  layout :determine_layout
  
   skip_before_filter :check_password_expiration
  
   before_filter :set_user
   before_filter :set_title
+  before_filter :authorize_change_password!
  
   def new
   end
@@ -26,6 +27,32 @@ class Profiles::PasswordsController &lt; ApplicationController
     end
   end
  
+  def edit
+  end
+
+  def update
+    password_attributes = params[:user].select do |key, value|
+      %w(password password_confirmation).include?(key.to_s)
+    end
+
+    unless @user.valid_password?(params[:user][:current_password])
+      redirect_to edit_profile_password_path, alert: 'You must provide a valid current password'
+      return
+    end
+
+    if @user.update_attributes(password_attributes)
+      flash[:notice] = "Password was successfully updated. Please login with it"
+      redirect_to new_user_session_path
+    else
+      render 'account'
+    end
+  end
+
+  def reset
+    current_user.send_reset_password_instructions
+    redirect_to edit_profile_password_path, notice: 'We sent you an email with reset password instructions'
+  end
+
   private
  
   def set_user
@@ -35,4 +62,16 @@ class Profiles::PasswordsController &lt; ApplicationController
   def set_title
     @title = "New password"
   end
+
+  def determine_layout
+    if [:new, :create].include?(action_name.to_sym)
+      'navless'
+    else
+      'profile'
+    end
+  end
+
+  def authorize_change_password!
+    return render_404 if @user.ldap_user?
+  end
 end
@@ -0,0 +1,32 @@
+%h3.page-title Password
+%p.light
+  Change your password or recover your current one.
+%hr
+.update-password
+  = form_for @user, url: profile_password_path, method: :put do |f|
+    %div
+      %p.slead
+        You must provide current password in order to change it.
+        %br
+        After a successful password update you will be redirected to login page where you should login with your new password
+      -if @user.errors.any?
+        .alert.alert-error
+          %ul
+            - @user.errors.full_messages.each do |msg|
+              %li= msg
+      .control-group
+        = f.label :current_password
+        .controls
+          = f.password_field :current_password, required: true
+          %div
+            = link_to "Forgot your password?", reset_profile_password_path, method: :put
+
+      .control-group
+        = f.label :password, 'New password'
+        .controls= f.password_field :password, required: true
+      .control-group
+        = f.label :password_confirmation
+        .controls
+          = f.password_field :password_confirmation, required: true
+      .form-actions
+        = f.submit 'Save password', class: "btn btn-save"
1	1	class Profiles::PasswordsController < ApplicationController
2		- layout 'navless'
	2	+ layout :determine_layout
3	3
4	4	skip_before_filter :check_password_expiration
5	5
6	6	before_filter :set_user
7	7	before_filter :set_title
	8	+ before_filter :authorize_change_password!
8	9
9	10	def new
10	11	end
...	...	@@ -26,6 +27,32 @@ class Profiles::PasswordsController < ApplicationController
26	27	end
27	28	end
28	29
	30	+ def edit
	31	+ end
	32	+
	33	+ def update
	34	+ password_attributes = params[:user].select do \|key, value\|
	35	+ %w(password password_confirmation).include?(key.to_s)
	36	+ end
	37	+
	38	+ unless @user.valid_password?(params[:user][:current_password])
	39	+ redirect_to edit_profile_password_path, alert: 'You must provide a valid current password'
	40	+ return
	41	+ end
	42	+
	43	+ if @user.update_attributes(password_attributes)
	44	+ flash[:notice] = "Password was successfully updated. Please login with it"
	45	+ redirect_to new_user_session_path
	46	+ else
	47	+ render 'account'
	48	+ end
	49	+ end
	50	+
	51	+ def reset
	52	+ current_user.send_reset_password_instructions
	53	+ redirect_to edit_profile_password_path, notice: 'We sent you an email with reset password instructions'
	54	+ end
	55	+
29	56	private
30	57
31	58	def set_user
...	...	@@ -35,4 +62,16 @@ class Profiles::PasswordsController < ApplicationController
35	62	def set_title
36	63	@title = "New password"
37	64	end
	65	+
	66	+ def determine_layout
	67	+ if [:new, :create].include?(action_name.to_sym)
	68	+ 'navless'
	69	+ else
	70	+ 'profile'
	71	+ end
	72	+ end
	73	+
	74	+ def authorize_change_password!
	75	+ return render_404 if @user.ldap_user?
	76	+ end
38	77	end
...	...
...	...	@@ -0,0 +1,32 @@
	1	+%h3.page-title Password
	2	+%p.light
	3	+ Change your password or recover your current one.
	4	+%hr
	5	+.update-password
	6	+ = form_for @user, url: profile_password_path, method: :put do \|f\|
	7	+ %div
	8	+ %p.slead
	9	+ You must provide current password in order to change it.
	10	+ %br
	11	+ After a successful password update you will be redirected to login page where you should login with your new password
	12	+ -if @user.errors.any?
	13	+ .alert.alert-error
	14	+ %ul
	15	+ - @user.errors.full_messages.each do \|msg\|
	16	+ %li= msg
	17	+ .control-group
	18	+ = f.label :current_password
	19	+ .controls
	20	+ = f.password_field :current_password, required: true
	21	+ %div
	22	+ = link_to "Forgot your password?", reset_profile_password_path, method: :put
	23	+
	24	+ .control-group
	25	+ = f.label :password, 'New password'
	26	+ .controls= f.password_field :password, required: true
	27	+ .control-group
	28	+ = f.label :password_confirmation
	29	+ .controls
	30	+ = f.password_field :password_confirmation, required: true
	31	+ .form-actions
	32	+ = f.submit 'Save password', class: "btn btn-save"
...	...