users: refactor password reset flow.

The old password reset flow: * User requests a password reset. * Danbooru generates a password reset nonce. * Danbooru emails user a password reset confirmation link. * User follows link to password reset confirmation page. * The link contains a nonce authenticating the user. * User confirms password reset. * Danbooru resets user's password to a random string. * Danbooru emails user their new password in plaintext. The new password reset flow: * User requests a password reset. * Danbooru emails user a password reset link. * User follows link to password edit page. * The link contains a signed_user_id param authenticating the user. * User changes their own password.
2020-03-08 21:03:36 -05:00
parent f25bace766
commit 5625458f69
30 changed files with 133 additions and 395 deletions
--- a/app/views/passwords/edit.html.erb
+++ b/app/views/passwords/edit.html.erb
@@ -4,8 +4,14 @@
  <div id="a-edit">
    <h1>Change Password</h1>

+    <p>Enter a new password below.</p>
+
    <%= edit_form_for(@user, url: user_password_path(@user)) do |f| %>
-      <%= f.input :old_password, as: :password, hint: "Re-enter your current password." %>
+      <% if params[:signed_user_id] %>
+        <%= f.input :signed_user_id, as: :hidden, input_html: { value: params[:signed_user_id] }  %>
+      <% else %>
+        <%= f.input :old_password, as: :password, hint: "Re-enter your current password." %>
+      <% end %>
      <%= f.input :password, label: "New password", hint: "Must be at least 5 characters long." %>
      <%= f.input :password_confirmation, label: "Confirm new password" %>
      <%= f.submit "Save" %>