From c41e66db520c43fdcfc0e1e49208a23bb02835a7 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Wed, 9 Oct 2013 16:17:40 +0300
Subject: [PATCH] Separate page for password change

---
 app/controllers/profiles/passwords_controller.rb | 41 ++++++++++++++++++++++++++++++++++++++++-
 app/views/profiles/passwords/edit.html.haml      | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+), 1 deletion(-)
 create mode 100644 app/views/profiles/passwords/edit.html.haml

diff --git a/app/controllers/profiles/passwords_controller.rb b/app/controllers/profiles/passwords_controller.rb
index 432899f..b8d8395 100644
--- a/app/controllers/profiles/passwords_controller.rb
+++ b/app/controllers/profiles/passwords_controller.rb
@@ -1,10 +1,11 @@
 class Profiles::PasswordsController < ApplicationController
-  layout 'navless'
+  layout :determine_layout
 
   skip_before_filter :check_password_expiration
 
   before_filter :set_user
   before_filter :set_title
+  before_filter :authorize_change_password!
 
   def new
   end
@@ -26,6 +27,32 @@ class Profiles::PasswordsController < ApplicationController
     end
   end
 
+  def edit
+  end
+
+  def update
+    password_attributes = params[:user].select do |key, value|
+      %w(password password_confirmation).include?(key.to_s)
+    end
+
+    unless @user.valid_password?(params[:user][:current_password])
+      redirect_to edit_profile_password_path, alert: 'You must provide a valid current password'
+      return
+    end
+
+    if @user.update_attributes(password_attributes)
+      flash[:notice] = "Password was successfully updated. Please login with it"
+      redirect_to new_user_session_path
+    else
+      render 'account'
+    end
+  end
+
+  def reset
+    current_user.send_reset_password_instructions
+    redirect_to edit_profile_password_path, notice: 'We sent you an email with reset password instructions'
+  end
+
   private
 
   def set_user
@@ -35,4 +62,16 @@ class Profiles::PasswordsController < ApplicationController
   def set_title
     @title = "New password"
   end
+
+  def determine_layout
+    if [:new, :create].include?(action_name.to_sym)
+      'navless'
+    else
+      'profile'
+    end
+  end
+
+  def authorize_change_password!
+    return render_404 if @user.ldap_user?
+  end
 end
diff --git a/app/views/profiles/passwords/edit.html.haml b/app/views/profiles/passwords/edit.html.haml
new file mode 100644
index 0000000..a5fa6e7
--- /dev/null
+++ b/app/views/profiles/passwords/edit.html.haml
@@ -0,0 +1,32 @@
+%h3.page-title Password
+%p.light
+  Change your password or recover your current one.
+%hr
+.update-password
+  = form_for @user, url: profile_password_path, method: :put do |f|
+    %div
+      %p.slead
+        You must provide current password in order to change it.
+        %br
+        After a successful password update you will be redirected to login page where you should login with your new password
+      -if @user.errors.any?
+        .alert.alert-error
+          %ul
+            - @user.errors.full_messages.each do |msg|
+              %li= msg
+      .control-group
+        = f.label :current_password
+        .controls
+          = f.password_field :current_password, required: true
+          %div
+            = link_to "Forgot your password?", reset_profile_password_path, method: :put
+
+      .control-group
+        = f.label :password, 'New password'
+        .controls= f.password_field :password, required: true
+      .control-group
+        = f.label :password_confirmation
+        .controls
+          = f.password_field :password_confirmation, required: true
+      .form-actions
+        = f.submit 'Save password', class: "btn btn-save"
--
libgit2 0.21.2