kmx.io/kmxgit/lib/kmxgit_web/controllers/user_reset_password_controller.ex

Branch : - branch - master nif nif2 nif2_rebased nif3 nif4 nif4_rebased nif_rebased v0.1 v0.2 v0.3 v0.4 - tag - v0 v0.1.0 v0.1.1 v0.2.0 v0.3.0 v0.3.1 v0.3.2 v0.3.3 v0.4.0

• Show log

  Commit

• Author : Thomas de Grivel
  Date : 2022-11-02 18:24:08
  Hash : 4d8f6ed5
  Message : licence

• lib/kmxgit_web/controllers/user_reset_password_controller.ex

• ## kmxgit
  ## Copyright 2022 kmx.io <contact@kmx.io>
  ##
  ## Permission is hereby granted to use this software granted
  ## the above copyright notice and this permission paragraph
  ## are included in all copies and substantial portions of this
  ## software.
  ##
  ## THIS SOFTWARE IS PROVIDED "AS-IS" WITHOUT ANY GUARANTEE OF
  ## PURPOSE AND PERFORMANCE. IN NO EVENT WHATSOEVER SHALL THE
  ## AUTHOR BE CONSIDERED LIABLE FOR THE USE AND PERFORMANCE OF
  ## THIS SOFTWARE.
  
  defmodule KmxgitWeb.UserResetPasswordController do
    use KmxgitWeb, :controller
  
    alias Kmxgit.UserManager
  
    plug :get_user_by_reset_password_token when action in [:edit, :update]
  
    def new(conn, _params) do
      render(conn, "new.html")
    end
  
    def create(conn, %{"user" => %{"email" => email}}) do
      if user = UserManager.get_user_by_email(email) do
        UserManager.deliver_user_reset_password_instructions(
          user,
          &Routes.user_reset_password_url(conn, :edit, &1)
        )
      end
  
      # In order to prevent user enumeration attacks, regardless of the outcome, show an impartial success/error message.
      conn
      |> put_flash(
        :info,
        "If your email is in our system, you will receive instructions to reset your password shortly."
      )
      |> redirect(to: "/")
    end
  
    def edit(conn, _params) do
      render(conn, "edit.html", changeset: UserManager.change_user_password(conn.assigns.user))
    end
  
    # Do not log in the user after reset password to avoid a
    # leaked token giving the user access to the account.
    def update(conn, %{"user" => user_params}) do
      case UserManager.reset_user_password(conn.assigns.user, user_params) do
        {:ok, _} ->
          conn
          |> put_flash(:info, "Password reset successfully.")
          |> redirect(to: Routes.user_session_path(conn, :new))
  
        {:error, changeset} ->
          render(conn, "edit.html", changeset: changeset)
      end
    end
  
    defp get_user_by_reset_password_token(conn, _opts) do
      %{"token" => token} = conn.params
  
      if user = UserManager.get_user_by_reset_password_token(token) do
        conn |> assign(:user, user) |> assign(:token, token)
      else
        conn
        |> put_flash(:error, "Reset password link is invalid or it has expired.")
        |> redirect(to: "/")
        |> halt()
      end
    end
  end