cannery/lib/cannery_web/controllers/user_reset_password_controller.ex

69 lines
1.9 KiB
Elixir
Raw Permalink Normal View History

2021-03-11 21:12:55 -05:00
defmodule CanneryWeb.UserResetPasswordController do
use CanneryWeb, :controller
alias Cannery.Accounts
plug :get_user_by_reset_password_token when action in [:edit, :update]
def new(conn, _params) do
2023-04-14 23:34:11 -04:00
render(conn, :new, page_title: gettext("Forgot your password?"))
2021-03-11 21:12:55 -05:00
end
def create(conn, %{"user" => %{"email" => email}}) do
if user = Accounts.get_user_by_email(email) do
Accounts.deliver_user_reset_password_instructions(
user,
2023-04-14 23:34:11 -04:00
fn token -> url(CanneryWeb.Endpoint, ~p"/users/reset_password/#{token}") end
2021-03-11 21:12:55 -05:00
)
end
# Regardless of the outcome, show an impartial success/error message.
conn
|> put_flash(
:info,
2022-02-09 00:13:01 -05:00
dgettext(
"prompts",
2023-04-14 23:34:11 -04:00
"If your email is in our system, you will receive instructions to reset your password shortly."
2022-02-09 00:13:01 -05:00
)
2021-03-11 21:12:55 -05:00
)
2023-04-14 23:34:11 -04:00
|> redirect(to: ~p"/")
2021-03-11 21:12:55 -05:00
end
def edit(conn, _params) do
2023-04-14 23:34:11 -04:00
render(conn, :edit,
changeset: Accounts.change_user_password(conn.assigns.user),
page_title: gettext("Reset your password")
)
2021-03-11 21:12:55 -05:00
end
# Do not log in the user after reset password to avoid a
# leaked token giving the user access to the account.
def update(conn, %{"user" => user_params}) do
case Accounts.reset_user_password(conn.assigns.user, user_params) do
{:ok, _} ->
conn
2022-02-09 00:13:01 -05:00
|> put_flash(:info, dgettext("prompts", "Password reset successfully."))
2023-04-14 23:34:11 -04:00
|> redirect(to: ~p"/users/log_in")
2021-03-11 21:12:55 -05:00
{:error, changeset} ->
2023-04-14 23:34:11 -04:00
render(conn, :edit, changeset: changeset)
2021-03-11 21:12:55 -05:00
end
end
defp get_user_by_reset_password_token(conn, _opts) do
%{"token" => token} = conn.params
if user = Accounts.get_user_by_reset_password_token(token) do
conn |> assign(:user, user) |> assign(:token, token)
else
conn
2022-02-09 00:13:01 -05:00
|> put_flash(
:error,
dgettext("errors", "Reset password link is invalid or it has expired.")
)
2023-04-14 23:34:11 -04:00
|> redirect(to: ~p"/")
2021-03-11 21:12:55 -05:00
|> halt()
end
end
end