kmx.io/kmxgit/lib/kmxgit_web/controllers/user_reset_password_controller.ex
-
Show log
Commit
-
Hash : e800e02b
Author :
Thomas de Grivel
Date : 2021-12-08T16:24:53
mix phx.gen.auth
-
lib/kmxgit_web/controllers/user_reset_password_controller.ex
-
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
defmodule KmxgitWeb.UserResetPasswordController do use KmxgitWeb, :controller alias Kmxgit.UserManager plug :get_user_by_reset_password_token when action in [:edit, :update] def new(conn, _params) do render(conn, "new.html") end def create(conn, %{"user" => %{"email" => email}}) do if user = UserManager.get_user_by_email(email) do UserManager.deliver_user_reset_password_instructions( user, &Routes.user_reset_password_url(conn, :edit, &1) ) end # In order to prevent user enumeration attacks, regardless of the outcome, show an impartial success/error message. conn |> put_flash( :info, "If your email is in our system, you will receive instructions to reset your password shortly." ) |> redirect(to: "/") end def edit(conn, _params) do render(conn, "edit.html", changeset: UserManager.change_user_password(conn.assigns.user)) end # Do not log in the user after reset password to avoid a # leaked token giving the user access to the account. def update(conn, %{"user" => user_params}) do case UserManager.reset_user_password(conn.assigns.user, user_params) do {:ok, _} -> conn |> put_flash(:info, "Password reset successfully.") |> redirect(to: Routes.user_session_path(conn, :new)) {:error, changeset} -> render(conn, "edit.html", changeset: changeset) end end defp get_user_by_reset_password_token(conn, _opts) do %{"token" => token} = conn.params if user = UserManager.get_user_by_reset_password_token(token) do conn |> assign(:user, user) |> assign(:token, token) else conn |> put_flash(:error, "Reset password link is invalid or it has expired.") |> redirect(to: "/") |> halt() end end end