philomena/lib/philomena_web/controllers/password_controller.ex
2020-09-12 13:43:16 -04:00

62 lines
1.9 KiB
Elixir

defmodule PhilomenaWeb.PasswordController do
use PhilomenaWeb, :controller
alias Philomena.Users
plug PhilomenaWeb.CaptchaPlug when action in [:new, :create]
plug PhilomenaWeb.CheckCaptchaPlug when action in [:create]
plug PhilomenaWeb.CompromisedPasswordCheckPlug when action in [:update]
plug :get_user_by_reset_password_token when action in [:edit, :update]
def new(conn, _params) do
render(conn, "new.html")
end
def create(conn, %{"user" => %{"email" => email}}) do
if user = Users.get_user_by_email(email) do
Users.deliver_user_reset_password_instructions(
user,
&Routes.password_url(conn, :edit, &1)
)
end
# Regardless of the outcome, show an impartial success/error message.
conn
|> put_flash(
:info,
"If your email is in our system, you will receive instructions to reset your password shortly."
)
|> redirect(to: "/")
end
def edit(conn, _params) do
render(conn, "edit.html", changeset: Users.change_user_password(conn.assigns.user))
end
# Do not log in the user after reset password to avoid a
# leaked token giving the user access to the account.
def update(conn, %{"user" => user_params}) do
case Users.reset_user_password(conn.assigns.user, user_params) do
{:ok, _} ->
conn
|> put_flash(:info, "Password reset successfully.")
|> redirect(to: Routes.session_path(conn, :new))
{:error, changeset} ->
render(conn, "edit.html", changeset: changeset)
end
end
defp get_user_by_reset_password_token(conn, _opts) do
%{"id" => token} = conn.params
if user = Users.get_user_by_reset_password_token(token) do
conn |> assign(:user, user) |> assign(:token, token)
else
conn
|> put_flash(:error, "Reset password link is invalid or it has expired.")
|> redirect(to: "/")
|> halt()
end
end
end