From e8b91356b3c67ec04f876a3143f3174906d25960 Mon Sep 17 00:00:00 2001 From: iagirre Date: Fri, 23 Mar 2018 08:57:30 +0100 Subject: [PATCH] Backend functionality to let managers update users password The back button when the user changes the password (in the print password page) redirects to the edit manually page. The routes to access password edit pages has been added, along with the ones to send reset password email and reset password manually. --- .../management/account_controller.rb | 20 +++++++++++++++++++ app/controllers/management/base_controller.rb | 4 ++++ .../document_verifications_controller.rb | 1 + .../management/users_controller.rb | 1 + config/routes/management.rb | 9 ++++++++- 5 files changed, 34 insertions(+), 1 deletion(-) diff --git a/app/controllers/management/account_controller.rb b/app/controllers/management/account_controller.rb index 64e0ddf4d..fc99b25cc 100644 --- a/app/controllers/management/account_controller.rb +++ b/app/controllers/management/account_controller.rb @@ -5,6 +5,26 @@ class Management::AccountController < Management::BaseController def show end + def edit + end + + def print_password + end + + def reset_password + managed_user.send_reset_password_instructions + redirect_to management_account_path, notice: t("management.account.edit.password.reset_email_send") + end + + def change_password + if managed_user.reset_password(params[:user][:password], params[:user][:password]) + session[:new_password] = params[:user][:password] + redirect_to print_password_management_account_path + else + render :edit_password_manually + end + end + private def only_verified_users diff --git a/app/controllers/management/base_controller.rb b/app/controllers/management/base_controller.rb index c7610eba9..be6dd66c0 100644 --- a/app/controllers/management/base_controller.rb +++ b/app/controllers/management/base_controller.rb @@ -44,4 +44,8 @@ class Management::BaseController < ActionController::Base def current_budget Budget.current end + + def clear_password + session[:new_password] = nil + end end diff --git a/app/controllers/management/document_verifications_controller.rb b/app/controllers/management/document_verifications_controller.rb index f59c00c8f..1b3abc398 100644 --- a/app/controllers/management/document_verifications_controller.rb +++ b/app/controllers/management/document_verifications_controller.rb @@ -40,6 +40,7 @@ class Management::DocumentVerificationsController < Management::BaseController def set_document session[:document_type] = params[:document_verification][:document_type] session[:document_number] = params[:document_verification][:document_number] + clear_password end def clean_document_number diff --git a/app/controllers/management/users_controller.rb b/app/controllers/management/users_controller.rb index d46360d89..1c8c6ed53 100644 --- a/app/controllers/management/users_controller.rb +++ b/app/controllers/management/users_controller.rb @@ -44,6 +44,7 @@ class Management::UsersController < Management::BaseController def destroy_session session[:document_type] = nil session[:document_number] = nil + clear_password end def user_without_email diff --git a/config/routes/management.rb b/config/routes/management.rb index e7a746540..167fbfbe4 100644 --- a/config/routes/management.rb +++ b/config/routes/management.rb @@ -15,7 +15,14 @@ namespace :management do end end - resource :account, controller: "account", only: [:show] + resource :account, controller: "account", only: [:show] do + get :print_password + patch :change_password + get :reset_password + get :edit_password_email + get :edit_password_manually + end + resource :session, only: [:create, :destroy] get 'sign_in', to: 'sessions#create', as: :sign_in