skill-assessment-app/app/controllers/admin/auth_controller.rb
2016-09-21 15:20:43 -05:00

70 lines
1.8 KiB
Ruby

# frozen_string_literal: true
module Admin
class AuthController < AdminController
skip_before_action :authorize_user
# bypass pundit lockdowns for auth requests.
after_action :skip_policy_scope
after_action :skip_authorization
def login
end
def auth
user = User.find_by(email: auth_params[:email])
if user && user.authenticate(auth_params[:password])
session[:user] = user.to_i
redirect_to admin_path
else
redirect_to admin_login_path,
flash: { error: "Sorry, incorrect email or password. Please try again." }
end
end
def logout
reset_session
redirect_to admin_login_path
end
def reset_request
end
def send_reset
user = User.find_by(email: request_params[:email])
redirect_to(admin_reset_request_path) and return if user.nil?
user.setup_reset
UserMailer.password_reset(user).deliver_later
redirect_to admin_reset_request_path,
success: "Reset request sent! Please check your email for instructions."
end
def reset
user = User.find_by(reset_token: params[:reset_token])
redirect_to(admin_reset_request_path) and return if user.nil?
end
def reset_password
user = User.find_by(reset_token: params[:reset_token])
redirect_to(admin_reset_request_path) and return if user.nil?
if user.update(reset_params)
redirect_to admin_login_path, success: "Password has been reset. Please log in."
else
redirect_to admin_reset_request_path, flash: { error: "Password was not updated." }
end
end
private
def request_params
params.require(:auth).permit(:email)
end
def reset_params
params.require(:auth).permit(:password, :password_confirmation)
end
end
end