users: refactor password reset flow.
The old password reset flow: * User requests a password reset. * Danbooru generates a password reset nonce. * Danbooru emails user a password reset confirmation link. * User follows link to password reset confirmation page. * The link contains a nonce authenticating the user. * User confirms password reset. * Danbooru resets user's password to a random string. * Danbooru emails user their new password in plaintext. The new password reset flow: * User requests a password reset. * Danbooru emails user a password reset link. * User follows link to password edit page. * The link contains a signed_user_id param authenticating the user. * User changes their own password.
This commit is contained in:
evazion
@@ -1,5 +0,0 @@
|
||||
<h1>Password Reset Confirmation</h1>
|
||||
|
||||
<p>The password for the user "<%= @user.name %>" for the website <%= Danbooru.config.app_name %> has been reset. It is now <code><%= @new_password %></code>.</p>
|
||||
|
||||
<p>Please log in to the website and <%= link_to "change your password", edit_user_url(@user, :host => Danbooru.config.hostname, :only_path => false) %> as soon as possible.</p>
|
||||
@@ -1,4 +0,0 @@
|
||||
<h1>Password Reset Request</h1>
|
||||
|
||||
<p>Someone has requested that the password for "<%= @user.name %>" for the website <%= Danbooru.config.app_name %> be reset. If you did not request this, then you can ignore this email.</p>
|
||||
<p>To reset your password, please visit <%= link_to "this link", edit_maintenance_user_password_reset_url(:host => Danbooru.config.hostname, :only_path => false, :key => @nonce.key, :email => @nonce.email) %>.</p>
|
||||
@@ -1,19 +0,0 @@
|
||||
<% page_title "Reset Password" %>
|
||||
<%= render "sessions/secondary_links" %>
|
||||
|
||||
<div id="c-maintenance-user-password-resets">
|
||||
<div id="a-edit">
|
||||
<h1>Reset Password</h1>
|
||||
|
||||
<% if @nonce %>
|
||||
<%= form_tag(maintenance_user_password_reset_path, :method => :put) do %>
|
||||
<%= hidden_field_tag :email, params[:email] %>
|
||||
<%= hidden_field_tag :key, params[:key] %>
|
||||
<p>Do you wish to reset your password? A new password will be emailed to you.</p>
|
||||
<%= submit_tag "Reset" %>
|
||||
<% end %>
|
||||
<% else %>
|
||||
<p>Invalid key</p>
|
||||
<% end %>
|
||||
</div>
|
||||
</div>
|
||||
@@ -1,20 +0,0 @@
|
||||
<% page_title "Reset Password" %>
|
||||
<%= render "sessions/secondary_links" %>
|
||||
|
||||
<div id="c-maintenance-user-password-resets">
|
||||
<div id="a-new">
|
||||
<h1>Reset Password</h1>
|
||||
|
||||
<p>If you supplied an email address when signing up, <%= Danbooru.config.app_name %> can reset your password. You will receive an email confirming your request for a new password.</p>
|
||||
|
||||
<p>If you didn't supply a valid email address, you are out of luck.</p>
|
||||
|
||||
<%= form_tag(maintenance_user_password_reset_path, :class => "simple_form") do %>
|
||||
<div class="input email required">
|
||||
<label for="nonce_email" class="required">Email</label>
|
||||
<%= text_field :nonce, :email %>
|
||||
</div>
|
||||
<%= submit_tag "Submit" %>
|
||||
<% end %>
|
||||
</div>
|
||||
</div>
|
||||
Reference in New Issue
Block a user