diff options
Diffstat (limited to 'lib/aggiedit_web/controllers/user_reset_password_controller.ex')
| -rw-r--r-- | lib/aggiedit_web/controllers/user_reset_password_controller.ex | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/lib/aggiedit_web/controllers/user_reset_password_controller.ex b/lib/aggiedit_web/controllers/user_reset_password_controller.ex new file mode 100644 index 0000000..ff2a9f6 --- /dev/null +++ b/lib/aggiedit_web/controllers/user_reset_password_controller.ex @@ -0,0 +1,58 @@ +defmodule AggieditWeb.UserResetPasswordController do + use AggieditWeb, :controller + + alias Aggiedit.Accounts + + plug :get_user_by_reset_password_token when action in [:edit, :update] + + def new(conn, _params) do + render(conn, "new.html") + end + + def create(conn, %{"user" => %{"email" => email}}) do + if user = Accounts.get_user_by_email(email) do + Accounts.deliver_user_reset_password_instructions( + user, + &Routes.user_reset_password_url(conn, :edit, &1) + ) + end + + conn + |> put_flash( + :info, + "If your email is in our system, you will receive instructions to reset your password shortly." + ) + |> redirect(to: "/") + end + + def edit(conn, _params) do + render(conn, "edit.html", changeset: Accounts.change_user_password(conn.assigns.user)) + end + + # Do not log in the user after reset password to avoid a + # leaked token giving the user access to the account. + def update(conn, %{"user" => user_params}) do + case Accounts.reset_user_password(conn.assigns.user, user_params) do + {:ok, _} -> + conn + |> put_flash(:info, "Password reset successfully.") + |> redirect(to: Routes.user_session_path(conn, :new)) + + {:error, changeset} -> + render(conn, "edit.html", changeset: changeset) + end + end + + defp get_user_by_reset_password_token(conn, _opts) do + %{"token" => token} = conn.params + + if user = Accounts.get_user_by_reset_password_token(token) do + conn |> assign(:user, user) |> assign(:token, token) + else + conn + |> put_flash(:error, "Reset password link is invalid or it has expired.") + |> redirect(to: "/") + |> halt() + end + end +end |