Added password reset with perishable tokens

Author: Breccan

app/controllers/password_resets_controller.rb

@@ -0,0 +1,52 @@
+class PasswordResetsController < ApplicationController  
+  before_filter :require_no_user
+
+  def new  
+    render  
+  end  
+
+  def create  
+    @user = User.find_by_email(params[:email])  
+    if @user  
+      @user.deliver_password_reset_instructions!  
+      flash[:notice] = "Instructions to reset your password have been emailed to you. " +  
+        "Please check your email."  
+      redirect_to root_url  
+    else  
+      flash[:notice] = "No user was found with that email address"  
+      render :action => :new  
+    end  
+  end  
+
+  def edit
+    render
+  end
+
+
+  def update  
+    @user.password = params[:user][:password]  
+    @user.password_confirmation = params[:user][: password_confirmation]  
+    if @user.save  
+      flash[:notice] = "Password successfully updated"  
+      redirect_to account_url  
+    else  
+      render :action => :edit  
+    end  
+  end  
+
+  private
+
+  def load_user_using_perishable_token  
+    @user = User.find_using_perishable_token(params[:id])  
+    unless @user  
+      flash[:notice] = "We're sorry, but we could not locate your account. " +  
+        "If you are having issues try copying and pasting the URL " +  
+        "from your email into your browser or restarting the " +  
+        "reset password process."  
+      redirect_to root_url  
+    end  
+  end  
+
+end
+
+

app/helpers/password_resets_helper.rb

@@ -0,0 +1,2 @@
+module PasswordResetsHelper
+end

app/models/notifier.rb

@@ -0,0 +1,12 @@
+class Notifier < ActiveRecord::Base
+  default_url_options[:host] = "authlogic_example.binarylogic.com"
+
+  def password_reset_instructions(user)  
+    subject       "Password Reset Instructions"  
+    from          "Binary Logic Notifier "  
+    recipients    user.email  
+    sent_on       Time.now  
+    body          :edit_password_reset_url => edit_password_reset_url(user.perishable_token)  
+  end  
+
+end

app/models/user.rb

@@ -1,4 +1,13 @@
 class User < ActiveRecord::Base
     acts_as_authentic do |c|
     end
+
+    def active?
+      active
+    end
+
+    def deliver_password_reset_instructions!
+      reset_perishable_token!  
+      Notifier.deliver_password_reset_instructions(self)  
+    end
 end

app/views/notifier/password_reset_instructions.erb

@@ -0,0 +1,5 @@
+ A request to reset your password has been made. If you did not make this request, simply ignore this email. If you did make this request just click the link below:
+  
+ <%= @edit_password_reset_url %>
+  
+ If the above URL does not work try copying and pasting it into your browser. If you continue to have problem please feel free to contact us.

app/views/password_resets/edit.html.erb

@@ -0,0 +1,12 @@
+<h1>Change My Password</h1>
+
+<% form_for @user, :url => password_reset_path, :method => :put do |f| %>
+  <%= f.error_messages %>
+  <%= f.label :password %><br />
+  <%= f.password_field :password %><br />
+  <br />
+  <%= f.label :password_confirmation %><br />
+  <%= f.password_field :password_confirmation %><br />
+  <br />
+  <%= f.submit "Update my password and log me in" %>
+<% end %>

app/views/password_resets/new.html.erb

@@ -0,0 +1,11 @@
+<h1>Forgot Password</h1>
+
+Fill out the form below and instructions to reset your password will be emailed to you:<br />
+<br />
+
+<% form_tag password_resets_path do %>
+  <label>Email:</label><br />
+  <%= text_field_tag "email" %><br />
+  <br />
+  <%= submit_tag "Reset my password" %>
+<% end %>

app/views/user_sessions/new.html.erb

@@ -12,3 +12,5 @@
   <br />
   <%= f.submit "Login" %>
 <% end %>
+
+<%= link_to "Forgot your password?", password_reset_path %>

config/routes.rb

@@ -4,6 +4,7 @@
   map.root :controller => "user_sessions", :action => "new"
   map.resource :account, :controller => "users"
   map.resources :users
+  map.resources :password_resets
 
   # The priority is based upon order of creation: first created -> highest priority.
 

db/migrate/20091003043358_add_active_to_users.rb

@@ -0,0 +1,9 @@
+class AddActiveToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :active, :boolean, :default => false, :null => false
+  end
+
+  def self.down
+    remove_column :users, :active
+  end
+end