users: refactor password reset flow.

The old password reset flow: * User requests a password reset. * Danbooru generates a password reset nonce. * Danbooru emails user a password reset confirmation link. * User follows link to password reset confirmation page. * The link contains a nonce authenticating the user. * User confirms password reset. * Danbooru resets user's password to a random string. * Danbooru emails user their new password in plaintext. The new password reset flow: * User requests a password reset. * Danbooru emails user a password reset link. * User follows link to password edit page. * The link contains a signed_user_id param authenticating the user. * User changes their own password.
2020-03-08 21:03:36 -05:00
parent f25bace766
commit 5625458f69
30 changed files with 133 additions and 395 deletions
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -45,7 +45,6 @@ Rails.application.routes.draw do
    namespace :user do
      resource :count_fixes, only: [:new, :create]
      resource :email_notification, :only => [:show, :destroy]
-      resource :password_reset, :only => [:new, :create, :edit, :update]
      resource :deletion, :only => [:show, :destroy]
      resource :email_change, :only => [:new, :create]
      resource :api_key, :only => [:show, :view, :update, :destroy] do
@@ -153,6 +152,7 @@ Rails.application.routes.draw do
  end
  resources :note_versions, :only => [:index, :show]
  resource :note_previews, :only => [:show]
+  resource :password_reset, only: [:create, :show]
  resources :pixiv_ugoira_frame_data, only: [:index]
  resources :pools do
    member do