5625458f69
The old password reset flow: * User requests a password reset. * Danbooru generates a password reset nonce. * Danbooru emails user a password reset confirmation link. * User follows link to password reset confirmation page. * The link contains a nonce authenticating the user. * User confirms password reset. * Danbooru resets user's password to a random string. * Danbooru emails user their new password in plaintext. The new password reset flow: * User requests a password reset. * Danbooru emails user a password reset link. * User follows link to password edit page. * The link contains a signed_user_id param authenticating the user. * User changes their own password.
12 lines
253 B
Ruby
12 lines
253 B
Ruby
class UserMailerPreview < ActionMailer::Preview
|
|
def dmail_notice
|
|
dmail = User.admins.first.dmails.first
|
|
UserMailer.dmail_notice(dmail)
|
|
end
|
|
|
|
def password_reset
|
|
user = User.find(params[:id])
|
|
UserMailer.password_reset(user)
|
|
end
|
|
end
|