5faa323729
Pull the password reauthentication logic out of the user model and put it in the password update controller where it belongs. This fixes an issue where when a new user was created the user model had an incorrect password error set on it by `encrypt_password_on_update`. It was trying to verify the old password even though we don't have one when creating a new user. This error caused the user create action to redirect back to the signup page because `respond_with` thought that creating the user failed.
25 lines
892 B
Ruby
25 lines
892 B
Ruby
class PasswordsController < ApplicationController
|
|
respond_to :html, :xml, :json
|
|
|
|
def edit
|
|
@user = authorize User.find(params[:user_id]), policy_class: PasswordPolicy
|
|
respond_with(@user)
|
|
end
|
|
|
|
def update
|
|
@user = authorize User.find(params[:user_id]), policy_class: PasswordPolicy
|
|
|
|
if User.authenticate(@user.name, params[:user][:old_password])
|
|
@user.update(password: params[:user][:password], password_confirmation: params[:user][:password_confirmation])
|
|
elsif @user.authenticate_login_key(params[:user][:signed_user_id])
|
|
@user.update(password: params[:user][:password], password_confirmation: params[:user][:password_confirmation])
|
|
else
|
|
@user.errors[:base] << "Incorrect password"
|
|
end
|
|
|
|
flash[:notice] = @user.errors.none? ? "Password updated" : @user.errors.full_messages.join("; ")
|
|
|
|
respond_with(@user, location: @user)
|
|
end
|
|
end
|