philomena/lib/philomena_web/controllers/password_controller.ex

defmodule PhilomenaWeb.PasswordController do
  use PhilomenaWeb, :controller

  alias Philomena.Users

  plug PhilomenaWeb.CaptchaPlug when action in [:new, :create]
  plug PhilomenaWeb.CheckCaptchaPlug when action in [:create]
  plug PhilomenaWeb.CompromisedPasswordCheckPlug when action in [:update]
  plug :get_user_by_reset_password_token when action in [:edit, :update]

  def new(conn, _params) do
    render(conn, "new.html")
  end

  def create(conn, %{"user" => %{"email" => email}}) do
    if user = Users.get_user_by_email(email) do
      Users.deliver_user_reset_password_instructions(
        user,
        &url(~p"/passwords/#{&1}/edit")
      )
    end

    # Regardless of the outcome, show an impartial success/error message.
    conn
    |> put_flash(
      :info,
      "If your email is in our system, you will receive instructions to reset your password shortly."
    )
    |> redirect(to: "/")
  end

  def edit(conn, _params) do
    render(conn, "edit.html", changeset: Users.change_user_password(conn.assigns.user))
  end

  # Do not log in the user after reset password to avoid a
  # leaked token giving the user access to the account.
  def update(conn, %{"user" => user_params}) do
    case Users.reset_user_password(conn.assigns.user, user_params) do
      {:ok, _} ->
        conn
        |> put_flash(:info, "Password reset successfully.")
        |> redirect(to: ~p"/sessions/new")

      {:error, changeset} ->
        render(conn, "edit.html", changeset: changeset)
    end
  end

  defp get_user_by_reset_password_token(conn, _opts) do
    %{"id" => token} = conn.params

    if user = Users.get_user_by_reset_password_token(token) do
      conn |> assign(:user, user) |> assign(:token, token)
    else
      conn
      |> put_flash(:error, "Reset password link is invalid or it has expired.")
      |> redirect(to: "/")
      |> halt()
    end
  end
end
Replace Pow with generated Phoenix auth (#10) 2020-07-28 22:56:26 +02:00			`defmodule PhilomenaWeb.PasswordController do`
			`use PhilomenaWeb, :controller`

			`alias Philomena.Users`

hCaptcha (#19) 2020-09-12 19:43:16 +02:00			`plug PhilomenaWeb.CaptchaPlug when action in [:new, :create]`
			`plug PhilomenaWeb.CheckCaptchaPlug when action in [:create]`
Replace Pow with generated Phoenix auth (#10) 2020-07-28 22:56:26 +02:00			`plug PhilomenaWeb.CompromisedPasswordCheckPlug when action in [:update]`
			`plug :get_user_by_reset_password_token when action in [:edit, :update]`

			`def new(conn, _params) do`
			`render(conn, "new.html")`
			`end`

			`def create(conn, %{"user" => %{"email" => email}}) do`
			`if user = Users.get_user_by_email(email) do`
			`Users.deliver_user_reset_password_instructions(`
			`user,`
mix convert_to_verified_routes && mix format 2024-04-29 02:55:27 +02:00			`&url(~p"/passwords/#{&1}/edit")`
Replace Pow with generated Phoenix auth (#10) 2020-07-28 22:56:26 +02:00			`)`
			`end`

			`# Regardless of the outcome, show an impartial success/error message.`
			`conn`
			`\|> put_flash(`
			`:info,`
			`"If your email is in our system, you will receive instructions to reset your password shortly."`
			`)`
			`\|> redirect(to: "/")`
			`end`

			`def edit(conn, _params) do`
			`render(conn, "edit.html", changeset: Users.change_user_password(conn.assigns.user))`
			`end`

			`# Do not log in the user after reset password to avoid a`
			`# leaked token giving the user access to the account.`
			`def update(conn, %{"user" => user_params}) do`
			`case Users.reset_user_password(conn.assigns.user, user_params) do`
			`{:ok, _} ->`
			`conn`
			`\|> put_flash(:info, "Password reset successfully.")`
mix convert_to_verified_routes && mix format 2024-04-29 02:55:27 +02:00			`\|> redirect(to: ~p"/sessions/new")`
Replace Pow with generated Phoenix auth (#10) 2020-07-28 22:56:26 +02:00
			`{:error, changeset} ->`
			`render(conn, "edit.html", changeset: changeset)`
			`end`
			`end`

			`defp get_user_by_reset_password_token(conn, _opts) do`
			`%{"id" => token} = conn.params`

			`if user = Users.get_user_by_reset_password_token(token) do`
			`conn \|> assign(:user, user) \|> assign(:token, token)`
			`else`
			`conn`
			`\|> put_flash(:error, "Reset password link is invalid or it has expired.")`
			`\|> redirect(to: "/")`
			`\|> halt()`
			`end`
			`end`
			`end`