Backend functionality to let managers update users password

The back button when the user changes the password (in the print password page) redirects to the edit manually page. The routes to access password edit pages has been added, along with the ones to send reset password email and reset password manually.
2018-03-23 08:57:30 +01:00
parent 3a62fc9bda
commit e8b91356b3
5 changed files with 34 additions and 1 deletions
--- a/app/controllers/management/account_controller.rb
+++ b/app/controllers/management/account_controller.rb
@@ -5,6 +5,26 @@ class Management::AccountController < Management::BaseController
  def show
  end

+  def edit
+  end
+
+  def print_password
+  end
+
+  def reset_password
+    managed_user.send_reset_password_instructions
+    redirect_to management_account_path, notice: t("management.account.edit.password.reset_email_send")
+  end
+
+  def change_password
+    if managed_user.reset_password(params[:user][:password], params[:user][:password])
+      session[:new_password] = params[:user][:password]
+      redirect_to print_password_management_account_path
+    else
+      render :edit_password_manually
+    end
+  end
+
  private

    def only_verified_users
--- a/app/controllers/management/base_controller.rb
+++ b/app/controllers/management/base_controller.rb
@@ -44,4 +44,8 @@ class Management::BaseController < ActionController::Base
    def current_budget
      Budget.current
    end
+
+    def clear_password
+      session[:new_password] = nil
+    end
 end
--- a/app/controllers/management/document_verifications_controller.rb
+++ b/app/controllers/management/document_verifications_controller.rb
@@ -40,6 +40,7 @@ class Management::DocumentVerificationsController < Management::BaseController
    def set_document
      session[:document_type] = params[:document_verification][:document_type]
      session[:document_number] = params[:document_verification][:document_number]
+      clear_password
    end

    def clean_document_number
--- a/app/controllers/management/users_controller.rb
+++ b/app/controllers/management/users_controller.rb
@@ -44,6 +44,7 @@ class Management::UsersController < Management::BaseController
    def destroy_session
      session[:document_type] = nil
      session[:document_number] = nil
+      clear_password
    end

    def user_without_email
--- a/config/routes/management.rb
+++ b/config/routes/management.rb
@@ -15,7 +15,14 @@ namespace :management do
    end
  end

-  resource :account, controller: "account", only: [:show]
+  resource :account, controller: "account", only: [:show] do
+    get :print_password
+    patch :change_password
+    get :reset_password
+    get :edit_password_email
+    get :edit_password_manually
+  end
+
  resource :session, only: [:create, :destroy]
  get 'sign_in', to: 'sessions#create', as: :sign_in