70 lines
1.8 KiB
Ruby
70 lines
1.8 KiB
Ruby
# frozen_string_literal: true
|
|
module Admin
|
|
class AuthController < AdminController
|
|
skip_before_action :authorize_user
|
|
|
|
# bypass pundit lockdowns for auth requests.
|
|
after_action :skip_policy_scope
|
|
after_action :skip_authorization
|
|
|
|
def login
|
|
end
|
|
|
|
def auth
|
|
user = User.find_by(email: auth_params[:email])
|
|
|
|
if user && user.authenticate(auth_params[:password])
|
|
session[:user] = user.to_i
|
|
redirect_to session[:request] || admin_path
|
|
else
|
|
redirect_to admin_login_path,
|
|
flash: { error: "Sorry, incorrect email or password. Please try again." }
|
|
end
|
|
end
|
|
|
|
def logout
|
|
reset_session
|
|
redirect_to admin_login_path
|
|
end
|
|
|
|
def reset_request
|
|
end
|
|
|
|
def send_reset
|
|
user = User.find_by(email: request_params[:email])
|
|
redirect_to(admin_reset_request_path) and return if user.nil?
|
|
|
|
user.setup_reset
|
|
UserMailer.password_reset(user).deliver_later
|
|
redirect_to admin_reset_request_path,
|
|
success: "Reset request sent! Please check your email for instructions."
|
|
end
|
|
|
|
def reset
|
|
user = User.find_by(reset_token: params[:reset_token])
|
|
redirect_to(admin_reset_request_path) and return if user.nil?
|
|
end
|
|
|
|
def reset_password
|
|
user = User.find_by(reset_token: params[:reset_token])
|
|
redirect_to(admin_reset_request_path) and return if user.nil?
|
|
|
|
if user.update(reset_params)
|
|
redirect_to admin_login_path, success: "Password has been reset. Please log in."
|
|
else
|
|
redirect_to admin_reset_request_path, flash: { error: "Password was not updated." }
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def request_params
|
|
params.require(:auth).permit(:email)
|
|
end
|
|
|
|
def reset_params
|
|
params.require(:auth).permit(:password, :password_confirmation)
|
|
end
|
|
end
|
|
end
|