jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
5625458f69ed8d9ba06f2e7c2640523122d3b6ab
danbooru/app/views/user_mailer/password_reset.html.erb
evazion 5625458f69 users: refactor password reset flow. 
The old password reset flow:

* User requests a password reset.
* Danbooru generates a password reset nonce.
* Danbooru emails user a password reset confirmation link.
* User follows link to password reset confirmation page.
* The link contains a nonce authenticating the user.
* User confirms password reset.
* Danbooru resets user's password to a random string.
* Danbooru emails user their new password in plaintext.

The new password reset flow:

* User requests a password reset.
* Danbooru emails user a password reset link.
* User follows link to password edit page.
* The link contains a signed_user_id param authenticating the user.
* User changes their own password.
2020-03-08 23:18:15 -05:00

23 lines
721 B
Plaintext
Raw Blame History

<!doctype html>
<html>
<body>
<h2>Hi <%= @user.name %>,</h2>
<p>
You recently requested your password to be reset for your <%= Danbooru.config.app_name %>
account. Click the link below to login to <%= Danbooru.config.app_name %>
and reset your password.
</p>
<p>
<%= link_to "Reset password", edit_user_password_url(@user, signed_user_id: Danbooru::MessageVerifier.new(:login).generate(@user.id, expires_in: 30.minutes)) %>
</p>
<p>
If you did not request for your <%= Danbooru.config.app_name %> password to
be reset, please ignore this email or reply to let us know. This link
will only be valid for the next 30 minutes.
</p>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink