greenlight/app/controllers/password_resets_controller.rb

# frozen_string_literal: true

# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.

class PasswordResetsController < ApplicationController
  before_action :disable_password_reset, unless: -> { Rails.configuration.enable_email_verification }
  before_action :find_user,   only: [:edit, :update]
  before_action :valid_user, only: [:edit, :update]
  before_action :check_expiration, only: [:edit, :update]

  def index
  end

  def create
    @user = User.find_by(email: params[:password_reset][:email].downcase)
    if @user
      @user.create_reset_digest
      @user.send_password_reset_email(reset_link)
      flash[:success] = I18n.t("email_sent", email_type: t("reset_password.subtitle"))
      redirect_to root_path
    else
      flash[:alert] = I18n.t("no_user_email_exists")
      redirect_to new_password_reset_path
    end
  rescue => e
    logger.error "Error in email delivery: #{e}"
    redirect_to root_path, alert: I18n.t(params[:message], default: I18n.t("delivery_error"))
  end

  def edit
  end

  def update
    if params[:user][:password].empty?
      flash.now[:alert] = I18n.t("password_empty_notice")
      render 'edit'
    elsif params[:user][:password] != params[:user][:password_confirmation]
      flash.now[:alert] = I18n.t("password_different_notice")
      render 'edit'
    elsif current_user.update_attributes(user_params)
      flash[:success] = I18n.t("password_reset_success")
      redirect_to root_path
    else
      render 'edit'
    end
  end

  private

  def find_user
    @user = User.find_by(email: params[:email])
  end

  def current_user
    @user
  end

  def user_params
    params.require(:user).permit(:password, :password_confirmation)
  end

  # Checks expiration of reset token.
  def check_expiration
    redirect_to new_password_reset_url, alert: I18n.t("expired_reset_token") if current_user.password_reset_expired?
  end

  def reset_link
    request.base_url + edit_password_reset_path(@user.reset_token, email: @user.email)
  end

  # Confirms a valid user.
  def valid_user
    unless current_user.authenticated?(:reset, params[:id])
      current_user&.activate unless current_user&.activated?
      redirect_to root_url
    end
  end

  def disable_password_reset
    redirect_to '/404'
  end
end
Fixed #332 Allow users to reset their password (#335) * <Added password reset system> * <Added rspec tests> * <Fixed code style> * <Added rescue for invalid smtp configuration> 2018-12-21 11:56:52 -05:00			`# frozen_string_literal: true`

			`# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.`
			`#`
			`# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).`
			`#`
			`# This program is free software; you can redistribute it and/or modify it under the`
			`# terms of the GNU Lesser General Public License as published by the Free Software`
			`# Foundation; either version 3.0 of the License, or (at your option) any later`
			`# version.`
			`#`
			`# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY`
			`# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A`
			`# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU Lesser General Public License along`
			`# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.`

			`class PasswordResetsController < ApplicationController`
			`before_action :disable_password_reset, unless: -> { Rails.configuration.enable_email_verification }`
			`before_action :find_user, only: [:edit, :update]`
			`before_action :valid_user, only: [:edit, :update]`
			`before_action :check_expiration, only: [:edit, :update]`

			`def index`
			`end`

			`def create`
			`@user = User.find_by(email: params[:password_reset][:email].downcase)`
			`if @user`
			`@user.create_reset_digest`
GRN-45: Fixed the URL being sent in the password reset email (#351) * Fixed the url used in the reset password emails and added the ability to preview emails in the dev environment * Replaced localhost with example.com in email previews * Update password_reset.html.erb 2019-02-01 15:00:10 -05:00			`@user.send_password_reset_email(reset_link)`
Admin panel (#496) * Added the administrator role and functionality that comes with it (#403) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * Changed the way locales are shown * Updated the rest of the locales * Changed the way available_locales are defined * Updated locales in Russian * Updated locaales for German * Update user.rb * Update admins.js * GRN-15: Added the ability to change color and image from admin interface (#425) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * Changed the way locales are shown * Updated the rest of the locales * Changed the way available_locales are defined * Updated locales in Russian * Updated locaales for German * GRN-15: Added the ability for admins to customize color and image * Update user.rb * Update user.rb * Update routes.rb * Update admins_controller.rb * GRN-87:Added a super admin role and made changes to how to the design works (#430) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * Changed the way locales are shown * Updated the rest of the locales * Changed the way available_locales are defined * Updated locales in Russian * Updated locaales for German * GRN-15: Added the ability for admins to customize color and image * Added the super admin and completed the design tab * Update user.rb * Update themes_controller_spec.rb * Update routes.rb * Update admins_controller.rb * Removed duplicated code that broke the build after last merge * GRN-78: Restructured some of the views to make the UI more consistent and responsive (#435) * GRN-20: Added roles to the user model * GRN-75: Added a view for admins to see their users * GRN-77: Added Edit/Delete/Promote ability for admins * GRN-71: Added admin account by default * GRN-15: Added the ability for admins to customize color and image * Added the super admin and completed the design tab * GRN-78: Cleaned up buttons and moved signin to its own page * GRN-78: Moved the Rooms and Recordings link to nav bar * Merge fix * Views restructure fix (#458) * Added cache to gitlab-ci.yml * Restructured seed * GRN2-99 -> GRN2-106: UI cleanup and refactoring (#478) * GRN2-98: Change Fullname to Full name * GRN2-105: Changed View Users to Manage Users * GRN2-101/103: Updated email to match branding * GRN2-100: Updated Email Sent flash to be more descriptive * GRN2-104: Redirect user to sign in page w/ flash after clicking activation link * GRN2-102: Changed the wording in the verification email * GRN2-99: Added email form validation * GRN2-106: Cleaned up Users list front end * Fixes to rake and admin password validator for passing rubocop * GRN2-113: Fixed issues with admin panel (#479) * GRN2-116: Code clean up after restructure of views (#482) * Removed unused references * Rubocop * Added pagination to admin view (#483) * GRN2-114: Added the ability for admins to ban/unban users (#487) * Added the ability for admins to ban and unban users * Update sessions_helper.rb * Merge branch 'master' into admin-panel (#492) * Updated rubocop gem * Updated rubocop and fixed issues (#490) * Rubocop fixes * GRN2-122: Updated sign in flow for admins and switch design tab to site settings (#489) * Switched design tab to site settings * Update _header with spaces instead of tabs * Added more test cases to increase coverage (#494) 2019-05-03 13:05:12 -04:00			`flash[:success] = I18n.t("email_sent", email_type: t("reset_password.subtitle"))`
Fix issue with flash messages and activation link (#454) 2019-04-11 14:31:45 -04:00			`redirect_to root_path`
Fixed #332 Allow users to reset their password (#335) * <Added password reset system> * <Added rspec tests> * <Fixed code style> * <Added rescue for invalid smtp configuration> 2018-12-21 11:56:52 -05:00			`else`
Fix issue with flash messages and activation link (#454) 2019-04-11 14:31:45 -04:00			`flash[:alert] = I18n.t("no_user_email_exists")`
			`redirect_to new_password_reset_path`
Fixed #332 Allow users to reset their password (#335) * <Added password reset system> * <Added rspec tests> * <Fixed code style> * <Added rescue for invalid smtp configuration> 2018-12-21 11:56:52 -05:00			`end`
			`rescue => e`
			`logger.error "Error in email delivery: #{e}"`
GRN-11: Ability to configure room specific settings (#348) * Added the ability to set room settings on create or update * Added room settings alerts and made fixes to other alerts * Small bug fixes related to rubocop and the create room modal * Update test case and fixed issue with small edge case * Update room.js 2019-02-06 11:08:19 -05:00			`redirect_to root_path, alert: I18n.t(params[:message], default: I18n.t("delivery_error"))`
Fixed #332 Allow users to reset their password (#335) * <Added password reset system> * <Added rspec tests> * <Fixed code style> * <Added rescue for invalid smtp configuration> 2018-12-21 11:56:52 -05:00			`end`

			`def edit`
			`end`

			`def update`
			`if params[:user][:password].empty?`
GRN-11: Ability to configure room specific settings (#348) * Added the ability to set room settings on create or update * Added room settings alerts and made fixes to other alerts * Small bug fixes related to rubocop and the create room modal * Update test case and fixed issue with small edge case * Update room.js 2019-02-06 11:08:19 -05:00			`flash.now[:alert] = I18n.t("password_empty_notice")`
Fixed #332 Allow users to reset their password (#335) * <Added password reset system> * <Added rspec tests> * <Fixed code style> * <Added rescue for invalid smtp configuration> 2018-12-21 11:56:52 -05:00			`render 'edit'`
			`elsif params[:user][:password] != params[:user][:password_confirmation]`
GRN-11: Ability to configure room specific settings (#348) * Added the ability to set room settings on create or update * Added room settings alerts and made fixes to other alerts * Small bug fixes related to rubocop and the create room modal * Update test case and fixed issue with small edge case * Update room.js 2019-02-06 11:08:19 -05:00			`flash.now[:alert] = I18n.t("password_different_notice")`
Fixed #332 Allow users to reset their password (#335) * <Added password reset system> * <Added rspec tests> * <Fixed code style> * <Added rescue for invalid smtp configuration> 2018-12-21 11:56:52 -05:00			`render 'edit'`
			`elsif current_user.update_attributes(user_params)`
GRN-11: Ability to configure room specific settings (#348) * Added the ability to set room settings on create or update * Added room settings alerts and made fixes to other alerts * Small bug fixes related to rubocop and the create room modal * Update test case and fixed issue with small edge case * Update room.js 2019-02-06 11:08:19 -05:00			`flash[:success] = I18n.t("password_reset_success")`
			`redirect_to root_path`
Fixed #332 Allow users to reset their password (#335) * <Added password reset system> * <Added rspec tests> * <Fixed code style> * <Added rescue for invalid smtp configuration> 2018-12-21 11:56:52 -05:00			`else`
			`render 'edit'`
			`end`
			`end`

			`private`

			`def find_user`
			`@user = User.find_by(email: params[:email])`
			`end`

			`def current_user`
			`@user`
			`end`

			`def user_params`
			`params.require(:user).permit(:password, :password_confirmation)`
			`end`

			`# Checks expiration of reset token.`
			`def check_expiration`
Updated rubocop and fixed issues (#490) 2019-05-02 15:44:00 -04:00			`redirect_to new_password_reset_url, alert: I18n.t("expired_reset_token") if current_user.password_reset_expired?`
Fixed #332 Allow users to reset their password (#335) * <Added password reset system> * <Added rspec tests> * <Fixed code style> * <Added rescue for invalid smtp configuration> 2018-12-21 11:56:52 -05:00			`end`

GRN-45: Fixed the URL being sent in the password reset email (#351) * Fixed the url used in the reset password emails and added the ability to preview emails in the dev environment * Replaced localhost with example.com in email previews * Update password_reset.html.erb 2019-02-01 15:00:10 -05:00			`def reset_link`
			`request.base_url + edit_password_reset_path(@user.reset_token, email: @user.email)`
			`end`

Fixed #332 Allow users to reset their password (#335) * <Added password reset system> * <Added rspec tests> * <Fixed code style> * <Added rescue for invalid smtp configuration> 2018-12-21 11:56:52 -05:00			`# Confirms a valid user.`
			`def valid_user`
GRN-94: Make sure reset-password also works on non-verified accounts (#448) * Fix for issue with excesive requests to lb * Fixed issue with rspec on users not passing when run alone * Include dotenv in production * GRN-94: Make sure reset-password also works on non-verified accounts 2019-04-10 10:56:01 -04:00			`unless current_user.authenticated?(:reset, params[:id])`
			`current_user&.activate unless current_user&.activated?`
Fixed #332 Allow users to reset their password (#335) * <Added password reset system> * <Added rspec tests> * <Fixed code style> * <Added rescue for invalid smtp configuration> 2018-12-21 11:56:52 -05:00			`redirect_to root_url`
			`end`
			`end`

			`def disable_password_reset`
			`redirect_to '/404'`
			`end`
			`end`