5625458f69
The old password reset flow: * User requests a password reset. * Danbooru generates a password reset nonce. * Danbooru emails user a password reset confirmation link. * User follows link to password reset confirmation page. * The link contains a nonce authenticating the user. * User confirms password reset. * Danbooru resets user's password to a random string. * Danbooru emails user their new password in plaintext. The new password reset flow: * User requests a password reset. * Danbooru emails user a password reset link. * User follows link to password edit page. * The link contains a signed_user_id param authenticating the user. * User changes their own password.
15 lines
469 B
Ruby
15 lines
469 B
Ruby
class UserMailer < ApplicationMailer
|
|
add_template_helper ApplicationHelper
|
|
add_template_helper UsersHelper
|
|
|
|
def dmail_notice(dmail)
|
|
@dmail = dmail
|
|
mail(:to => "#{dmail.to.name} <#{dmail.to.email}>", :subject => "#{Danbooru.config.app_name} - Message received from #{dmail.from.name}")
|
|
end
|
|
|
|
def password_reset(user)
|
|
@user = user
|
|
mail to: "#{@user.name} <#{@user.email}>", subject: "#{Danbooru.config.app_name} password reset request"
|
|
end
|
|
end
|