password reset requests

app/controllers/admin/auth_controller.rb

@@ -21,5 +21,44 @@ module Admin
       reset_session
       redirect_to admin_login_path
     end
+
+    def reset_request
+    end
+
+    def send_reset
+      user = User.find_by(email: request_params[:email])
+      redirect_to(admin_reset_request_path) and return if user.nil?
+
+      user.setup_reset
+      # TODO: user mailer deliver_now
+      redirect_to admin_reset_request_path,
+                  success: "Reset request sent! Please check your email for instructions."
+    end
+
+    def reset
+      user = User.find_by(reset_token: params[:reset_token])
+      redirect_to(admin_reset_request_path) and return if user.nil?
+    end
+
+    def reset_password
+      user = User.find_by(reset_token: params[:reset_token])
+      redirect_to(admin_reset_request_path) and return if user.nil?
+
+      if user.update(reset_params)
+        redirect_to admin_login_path, success: "Password has been reset. Please log in."
+      else
+        redirect_to(admin_reset_request_path)
+      end
+    end
+
+    private
+
+      def request_params
+        params.require(:auth).permit(:email)
+      end
+
+      def reset_params
+        params.require(:auth).permit(:password, :password_confirmation)
+      end
   end
 end

app/controllers/admin/profile_controller.rb

@@ -19,7 +19,10 @@ module Admin
       end
     end
 
-    def lost_password
+    private
+
+      def user_params
+        params.require(:user).permit(:name, :email, :password, :password_confirmation)
       end
   end
 end

app/models/user.rb

@@ -5,4 +5,20 @@ class User < ApplicationRecord
   validates_presence_of :email
   validates_presence_of :name
   validates_presence_of :role
+  validates :reset_token, uniqueness: true, allow_nil: true
+
+  def setup_reset
+    gen_reset_token
+    save
+  end
+
+  private
+
+    def gen_reset_token
+      loop do
+        self[:reset_token] = SecureRandom.urlsafe_base64(10)
+        self[:reset_timestamp] = DateTime.now
+        break unless User.exists?(reset_token: self[:reset_token])
+      end
+    end
 end

app/views/admin/auth/login.html.erb

@@ -4,10 +4,6 @@
 
 <h1>Admin Login</h1>
 
-<% if flash[:error].present? %>
-  <div class="error"><%= flash[:error] %></div>
-<% end %>
-
 <%= form_for :auth, url: admin_login_path do |form| %>
   <div class="form-group">
     <%= form.label :email %>

app/views/admin/auth/reset.html.erb

@@ -0,0 +1,21 @@
+<%
+  content_for :main_class, "intro_tpl"
+%>
+
+<h1>Password Reset</h1>
+
+<%= form_for :auth, url: admin_reset_password_path do |form| %>
+  <%= hidden_field_tag :reset_token, params[:reset_token] %>
+
+  <div class="form-group">
+    <%= form.label :password %>
+    <%= form.password_field :password %>
+  </div>
+
+  <div class="form-group">
+    <%= form.label :password_confirmation %>
+    <%= form.password_field :password_confirmation %>
+  </div>
+
+  <%= submit_tag "Reset Password" %>
+<% end %>

app/views/admin/auth/reset_request.html.erb

@@ -0,0 +1,17 @@
+<%
+  content_for :main_class, "intro_tpl"
+%>
+
+<h1>Password Reset</h1>
+
+<%= raw(ap User.find_by(email: 'alan.admin@mailinator.com')) %>
+
+<%= form_for :auth, url: admin_send_reset_path do |form| %>
+
+  <div class="form-group">
+    <%= form.label :email %>
+    <%= form.email_field :email %>
+  </div>
+
+  <%= submit_tag "Request Password Reset" %>
+<% end %>

app/views/admin/profile/lost_password.html.erb

@@ -1,2 +0,0 @@
-<h1>Admin::Profile#lost_password</h1>
-<p>Find me in app/views/admin/profile/lost_password.html.erb</p>