Module: Authenticate::Model::PasswordReset

Extended by:

ActiveSupport::Concern

Defined in:

lib/authenticate/model/password_reset.rb

Overview

Support ‘forgot my password’ functionality.

Columns

• password_reset_token - token required to reset a password

• password_reset_sent_at - datetime password reset token was emailed to user

• email - email address of user

Methods

• update_password(new_password) - call password setter below, generate a new session token if user.valid?, & save

• forgot_password! - generate a new password reset token, timestamp, and save

• reset_password_period_valid? - is the password reset token still usable?

Class Method Summary

• .required_fields(_klass) ⇒ Object

Instance Method Summary

• #forgot_password! ⇒ Boolean

  Generates a #password_reset_token for the user, which allows them to reset their password via an email link.

• #reset_password_period_valid? ⇒ Boolean

  Checks if the reset password token is within the time limit.

• #update_password(new_password) ⇒ Boolean

  Sets the user’s password to the new value.

Class Method Details

.required_fields(_klass) ⇒ Object

# File 'lib/authenticate/model/password_reset.rb', line 18

def self.required_fields(_klass)
  [:password_reset_token, :password_reset_sent_at, :email]
end

Instance Method Details

#forgot_password! ⇒ Boolean

Generates a #password_reset_token for the user, which allows them to reset their password via an email link.

The user model is saved without validations. Any other changes you made to this user instance will also be persisted, without validation. It is intended to be called on an instance with no changes (‘dirty? == false`).

Returns:

• (Boolean) —

  Was the save successful?

# File 'lib/authenticate/model/password_reset.rb', line 50

def forgot_password!
  self.password_reset_token = Authenticate::Token.new
  self.password_reset_sent_at = Time.now.utc
  save validate: false
end

#reset_password_period_valid? ⇒ Boolean

Checks if the reset password token is within the time limit. If the application’s reset_password_within is nil, then always return true.

Example:

# reset_password_within = 1.day and reset_password_sent_at = today
reset_password_period_valid?   # returns true

Returns:

• (Boolean)

# File 'lib/authenticate/model/password_reset.rb', line 63

def reset_password_period_valid?
  reset_within = Authenticate.configuration.reset_password_within
  return true if reset_within.nil?
  return true if password_reset_sent_at.nil? && password_reset_token.nil?
  password_reset_sent_at && password_reset_sent_at.utc >= reset_within.ago.utc
end

#update_password(new_password) ⇒ Boolean

Sets the user’s password to the new value. The new password will be encrypted with the selected encryption scheme (defaults to Bcrypt).

Updating the user password also generates a new session token.

Validations will be run as part of this update. If the user instance is not valid, the password change will not be persisted, and this method will return ‘false`.

Returns:

• (Boolean) —

  Was the save successful?

# File 'lib/authenticate/model/password_reset.rb', line 32

def update_password(new_password)
  return false unless reset_password_period_valid?
  self.password = new_password
  if valid?
    clear_reset_password_token
    generate_session_token
  end
  save
end