Fixed password reset and trim of signup
This commit is contained in:
parent
4758357bc8
commit
9691d815cd
|
|
@ -25,7 +25,7 @@ gem 'rails-observers', '0.1.2'
|
|||
gem 'protected_attributes' # needed to support attr_accessible
|
||||
|
||||
gem "activerecord-import", "~> 0.4.1"
|
||||
|
||||
gem "auto_strip_attributes"
|
||||
|
||||
gem 'uuidtools', '2.1.2'
|
||||
gem 'bcrypt-ruby', '3.0.1'
|
||||
|
|
|
|||
|
|
@ -66,6 +66,8 @@ GEM
|
|||
amq-protocol (>= 1.3.0)
|
||||
eventmachine
|
||||
arel (6.0.3)
|
||||
auto_strip_attributes (2.0.6)
|
||||
activerecord (>= 3.0)
|
||||
aws-sdk (1.66.0)
|
||||
aws-sdk-v1 (= 1.66.0)
|
||||
aws-sdk-v1 (1.66.0)
|
||||
|
|
@ -445,6 +447,7 @@ DEPENDENCIES
|
|||
activerecord (> 4.2)
|
||||
activerecord-import (~> 0.4.1)
|
||||
amqp (= 1.0.2)
|
||||
auto_strip_attributes
|
||||
aws-sdk (~> 1)
|
||||
bcrypt-ruby (= 3.0.1)
|
||||
builder
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ require "rails/observers/active_model"
|
|||
require "rails/observers/activerecord/active_record"
|
||||
require "carrierwave"
|
||||
require "carrierwave/orm/activerecord"
|
||||
require "auto_strip_attributes"
|
||||
require "jampb"
|
||||
require "uuidtools"
|
||||
require "logging"
|
||||
|
|
|
|||
|
|
@ -6,7 +6,9 @@ module JamRuby
|
|||
|
||||
include Geokit::ActsAsMappable::Glue unless defined?(acts_as_mappable)
|
||||
include HtmlSanitize
|
||||
#include ::AutoStripAttributes
|
||||
html_sanitize strict: [:first_name, :last_name, :city, :state, :country, :biography]
|
||||
auto_strip_attributes :first_name, :last_name, :email
|
||||
|
||||
#devise: for later: :trackable
|
||||
|
||||
|
|
@ -895,8 +897,23 @@ module JamRuby
|
|||
|
||||
def self.set_password_from_token(email, token, new_password, new_password_confirmation)
|
||||
user = User.where("email ILIKE ?", email).first
|
||||
if user.nil? || user.reset_password_token != token || Time.now - user.reset_password_token_created > 3.days || new_password.length < 6 || new_password != new_password_confirmation
|
||||
raise JamRuby::JamArgumentError
|
||||
if user.nil?
|
||||
raise JamRuby::JamArgumentError.new("Email no longer exists", "email")
|
||||
end
|
||||
if user.reset_password_token != token
|
||||
raise JamRuby::JamArgumentError.new("Invalid reset token", "token")
|
||||
end
|
||||
if Time.now - user.reset_password_token_created > 3.days
|
||||
raise JamRuby::JamArgumentError.new("Password reset has expired", "token")
|
||||
end
|
||||
if new_password.nil? || new_password == ""
|
||||
raise JamRuby::JamArgumentError.new("Password is empty", "password")
|
||||
end
|
||||
if new_password.length < 6
|
||||
raise JamRuby::JamArgumentError.new("Password is too short", "password")
|
||||
end
|
||||
if new_password != new_password_confirmation
|
||||
raise JamRuby::JamArgumentError.new("Passwords do not match", "password_confirmation")
|
||||
end
|
||||
user.reset_password_token = nil
|
||||
user.reset_password_token_created = nil
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ else
|
|||
end
|
||||
gem 'rails', '> 4.2'
|
||||
gem 'railties', '> 4.2'
|
||||
gem 'auto_strip_attributes', '2.6.0'
|
||||
gem 'protected_attributes'
|
||||
gem 'rails-observers'
|
||||
gem 'responders', '~> 2.0'
|
||||
|
|
|
|||
|
|
@ -77,6 +77,8 @@ GEM
|
|||
arr-pm (0.0.10)
|
||||
cabin (> 0)
|
||||
attr_required (1.0.1)
|
||||
auto_strip_attributes (2.6.0)
|
||||
activerecord (>= 4.0)
|
||||
autoparse (0.3.3)
|
||||
addressable (>= 2.3.1)
|
||||
extlib (>= 0.9.15)
|
||||
|
|
@ -747,6 +749,7 @@ DEPENDENCIES
|
|||
aasm
|
||||
activerecord-import (~> 0.4.1)
|
||||
amqp (= 0.9.8)
|
||||
auto_strip_attributes (= 2.6.0)
|
||||
aws-sdk (~> 1)
|
||||
bcrypt-ruby (= 3.0.1)
|
||||
bootstrap-will_paginate (= 0.0.6)
|
||||
|
|
|
|||
|
|
@ -301,20 +301,23 @@ class UsersController < ApplicationController
|
|||
def reset_password_token
|
||||
render 'reset_password_token', :layout => 'landing'
|
||||
end
|
||||
|
||||
def reset_password_complete
|
||||
|
||||
def reset_password_token_post
|
||||
begin
|
||||
User.set_password_from_token(params[:jam_ruby_user][:email], params[:jam_ruby_user][:token],
|
||||
params[:jam_ruby_user][:password], params[:jam_ruby_user][:password_confirmation])
|
||||
render 'reset_password_complete', :layout => 'landing'
|
||||
rescue JamRuby::JamArgumentError
|
||||
@password_error = "Entries don't match or are too short"
|
||||
User.set_password_from_token(params[:jam_ruby_user][:email], params[:jam_ruby_user][:token], params[:jam_ruby_user][:password], params[:jam_ruby_user][:password_confirmation])
|
||||
redirect_to reset_password_complete_path({email: params[:jam_ruby_user][:email]})
|
||||
rescue JamRuby::JamArgumentError => e
|
||||
@password_error = e.field_message
|
||||
params[:email] = params[:jam_ruby_user][:email]
|
||||
params[:token] = params[:jam_ruby_user][:token]
|
||||
render 'reset_password_token', :layout => 'landing'
|
||||
end
|
||||
end
|
||||
|
||||
def reset_password_complete
|
||||
render 'reset_password_complete', :layout => 'landing'
|
||||
end
|
||||
|
||||
def finalize_update_email
|
||||
# this corresponds to when the user clink a link in their new email address to configure they want to use it,
|
||||
# and verify their new address is real
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
<!-- inner wrapper -->
|
||||
<div class="ftue-inner">
|
||||
Password successfully changed for <%= params[:jam_ruby_user][:email] %>
|
||||
Password successfully changed for <%= params[:email] %>
|
||||
<br clear="all" />
|
||||
<br />
|
||||
Please return to the <a href="/">home page</a> and log in with your new password.
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
<!-- inner wrapper -->
|
||||
<div class="ftue-inner">
|
||||
|
||||
<%= form_tag '/reset_password_complete', :method => "post" do -%>
|
||||
<%= form_tag '/reset_password_token', :method => "post" do -%>
|
||||
<%= hidden_field :jam_ruby_user, :email, :value => params[:email] %>
|
||||
<%= hidden_field :jam_ruby_user, :token, :value => params[:token] %>
|
||||
|
||||
|
|
@ -30,7 +30,7 @@
|
|||
</div>
|
||||
|
||||
<br clear="all" />
|
||||
<div class="login-error-msg">
|
||||
<div class="login-error-msg" style="color:red; font-weight:bold">
|
||||
<%=
|
||||
@password_error.nil? ? '' : @password_error
|
||||
%>
|
||||
|
|
|
|||
|
|
@ -120,7 +120,8 @@ Rails.application.routes.draw do
|
|||
get '/request_reset_password' => 'users#request_reset_password'
|
||||
post '/reset_password' => 'users#reset_password'
|
||||
get '/reset_password_token' => 'users#reset_password_token'
|
||||
post '/reset_password_complete' => 'users#reset_password_complete'
|
||||
post '/reset_password_token' => 'users#reset_password_token_post'
|
||||
get '/reset_password_complete' => 'users#reset_password_complete', :as => 'reset_password_complete'
|
||||
|
||||
match '/unsubscribe/:user_token' => 'users#unsubscribe', via: [:get, :post]
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue