users: refactor password reset flow.

The old password reset flow:

* User requests a password reset.
* Danbooru generates a password reset nonce.
* Danbooru emails user a password reset confirmation link.
* User follows link to password reset confirmation page.
* The link contains a nonce authenticating the user.
* User confirms password reset.
* Danbooru resets user's password to a random string.
* Danbooru emails user their new password in plaintext.

The new password reset flow:

* User requests a password reset.
* Danbooru emails user a password reset link.
* User follows link to password edit page.
* The link contains a signed_user_id param authenticating the user.
* User changes their own password.

This commit is contained in:

evazion

2020-03-08 21:03:36 -05:00

parent f25bace766

commit 5625458f69

30 changed files with 133 additions and 395 deletions

									
										3

test/factories/user_password_reset_nonce.rb
									
												View File
											
				@@ -1,3 +0,0 @@

				FactoryBot.define do

				  factory(:user_password_reset_nonce)

				end

users: refactor password reset flow.

3 test/factories/user_password_reset_nonce.rb Unescape Escape View File

3

test/factories/user_password_reset_nonce.rb

View File