2022-07-25 19:31:54 -04:00
|
|
|
defmodule MemexWeb.UserResetPasswordController do
|
|
|
|
use MemexWeb, :controller
|
2021-03-11 21:12:55 -05:00
|
|
|
|
2022-07-25 19:31:54 -04:00
|
|
|
alias Memex.Accounts
|
2021-03-11 21:12:55 -05:00
|
|
|
|
|
|
|
plug :get_user_by_reset_password_token when action in [:edit, :update]
|
|
|
|
|
|
|
|
def new(conn, _params) do
|
2023-04-13 23:29:29 -04:00
|
|
|
render(conn, :new, page_title: gettext("forgot your password?"))
|
2021-03-11 21:12:55 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def create(conn, %{"user" => %{"email" => email}}) do
|
|
|
|
if user = Accounts.get_user_by_email(email) do
|
|
|
|
Accounts.deliver_user_reset_password_instructions(
|
|
|
|
user,
|
2023-04-13 23:29:29 -04:00
|
|
|
fn token -> url(MemexWeb.Endpoint, ~p"/users/reset_password/#{token}") end
|
2021-03-11 21:12:55 -05:00
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
# Regardless of the outcome, show an impartial success/error message.
|
|
|
|
conn
|
|
|
|
|> put_flash(
|
|
|
|
:info,
|
2022-02-25 21:53:04 -05:00
|
|
|
dgettext(
|
|
|
|
"prompts",
|
2023-04-14 19:19:58 -04:00
|
|
|
"if your email is in our system, you will receive instructions to reset your password shortly."
|
2022-02-25 21:53:04 -05:00
|
|
|
)
|
2021-03-11 21:12:55 -05:00
|
|
|
)
|
2023-04-14 19:51:14 -04:00
|
|
|
|> redirect(to: ~p"/")
|
2021-03-11 21:12:55 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def edit(conn, _params) do
|
2023-04-13 23:29:29 -04:00
|
|
|
render(conn, :edit,
|
2022-02-25 21:53:04 -05:00
|
|
|
changeset: Accounts.change_user_password(conn.assigns.user),
|
2023-04-14 19:19:58 -04:00
|
|
|
page_title: gettext("reset your password")
|
2022-02-25 21:53:04 -05:00
|
|
|
)
|
2021-03-11 21:12:55 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
# Do not log in the user after reset password to avoid a
|
|
|
|
# leaked token giving the user access to the account.
|
|
|
|
def update(conn, %{"user" => user_params}) do
|
|
|
|
case Accounts.reset_user_password(conn.assigns.user, user_params) do
|
|
|
|
{:ok, _} ->
|
|
|
|
conn
|
2023-04-14 19:19:58 -04:00
|
|
|
|> put_flash(:info, dgettext("prompts", "password reset successfully."))
|
2023-04-13 23:29:29 -04:00
|
|
|
|> redirect(to: ~p"/users/log_in")
|
2021-03-11 21:12:55 -05:00
|
|
|
|
|
|
|
{:error, changeset} ->
|
2023-04-13 23:29:29 -04:00
|
|
|
render(conn, :edit, changeset: changeset)
|
2021-03-11 21:12:55 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
defp get_user_by_reset_password_token(conn, _opts) do
|
|
|
|
%{"token" => token} = conn.params
|
|
|
|
|
|
|
|
if user = Accounts.get_user_by_reset_password_token(token) do
|
|
|
|
conn |> assign(:user, user) |> assign(:token, token)
|
|
|
|
else
|
|
|
|
conn
|
2022-02-25 21:53:04 -05:00
|
|
|
|> put_flash(
|
|
|
|
:error,
|
2023-04-14 19:19:58 -04:00
|
|
|
dgettext("errors", "reset password link is invalid or it has expired.")
|
2022-02-25 21:53:04 -05:00
|
|
|
)
|
2023-04-14 19:51:14 -04:00
|
|
|
|> redirect(to: ~p"/")
|
2021-03-11 21:12:55 -05:00
|
|
|
|> halt()
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|