PasswordResetsController.create() - Code Metrics - Inspection of "GRN2-346: Another attempt at short sha (#2508)" - farhatahmad/greenlight - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 23b088...27bc68 )

by Ahmad

created 2021-02-04 23:21 UTC

PasswordResetsController.create() A

↳ Parent: PasswordResetsController

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	3
dl	0
loc	12
rs	9.8
c	0
b	0
f	0

# frozen_string_literal: true

# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.

class PasswordResetsController < ApplicationController
  include Emailer

  before_action :disable_password_reset, unless: -> { Rails.configuration.enable_email_verification }
  before_action :find_user, only: [:edit, :update]
  before_action :check_expiration, only: [:edit, :update]

  # GET /password_resets/new
  def new
  end

  # POST /password_resets
  def create
    return redirect_to new_password_reset_path, flash: { alert: I18n.t("reset_password.captcha") } unless valid_captcha

    # Check if user exists and throw an error if he doesn't
    @user = User.find_by!(email: params[:password_reset][:email].downcase, provider: @user_domain)

    send_password_reset_email(@user, @user.create_reset_digest)
    redirect_to root_path
  rescue
    # User doesn't exist
    redirect_to root_path, flash: { success: I18n.t("email_sent", email_type: t("reset_password.subtitle")) }
  end

  # GET /password_resets/:id/edit
  def edit
  end

  # PATCH /password_resets/:id
  def update
    # Check if password is valid
    if params[:user][:password].empty?
      flash.now[:alert] = I18n.t("password_empty_notice")
    elsif params[:user][:password] != params[:user][:password_confirmation]
      # Password does not match password confirmation
      flash.now[:alert] = I18n.t("password_different_notice")
    elsif @user.update_attributes(user_params)
      # Clear the user's social uid if they are switching from a social to a local account
      @user.update_attribute(:social_uid, nil) if @user.social_uid.present?
      # Successfully reset password
      return redirect_to root_path, flash: { success: I18n.t("password_reset_success") }
    end

    render 'edit'
  end

  private

  def find_user
    @user = User.find_by(reset_digest: User.hash_token(params[:id]), provider: @user_domain)

    return redirect_to new_password_reset_url, alert: I18n.t("reset_password.invalid_token") unless @user
  end

  def user_params
    params.require(:user).permit(:password, :password_confirmation)
  end

  # Checks expiration of reset token.
  def check_expiration
    redirect_to new_password_reset_url, alert: I18n.t("expired_reset_token") if @user.password_reset_expired?
  end

  # Redirects to 404 if emails are not enabled
  def disable_password_reset
    redirect_to '/404'
  end

  # Checks that the captcha passed is valid
  def valid_captcha
    return true unless Rails.configuration.recaptcha_enabled
    verify_recaptcha
  end
end


1			# frozen_string_literal: true
2
3			# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
4			#
5			# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
6			#
7			# This program is free software; you can redistribute it and/or modify it under the
8			# terms of the GNU Lesser General Public License as published by the Free Software
9			# Foundation; either version 3.0 of the License, or (at your option) any later
10			# version.
11			#
12			# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
13			# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
14			# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
15			#
16			# You should have received a copy of the GNU Lesser General Public License along
17			# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
18
19			class PasswordResetsController < ApplicationController
20			include Emailer
21
22			before_action :disable_password_reset, unless: -> { Rails.configuration.enable_email_verification }
23			before_action :find_user, only: [:edit, :update]
24			before_action :check_expiration, only: [:edit, :update]
25
26			# GET /password_resets/new
27			def new
28			end
29
30			# POST /password_resets
31			def create
32			return redirect_to new_password_reset_path, flash: { alert: I18n.t("reset_password.captcha") } unless valid_captcha
33
34			# Check if user exists and throw an error if he doesn't
35			@user = User.find_by!(email: params[:password_reset][:email].downcase, provider: @user_domain)
36
37			send_password_reset_email(@user, @user.create_reset_digest)
38			redirect_to root_path
39			rescue
40			# User doesn't exist
41			redirect_to root_path, flash: { success: I18n.t("email_sent", email_type: t("reset_password.subtitle")) }
42			end
43
44			# GET /password_resets/:id/edit
45			def edit
46			end
47
48			# PATCH /password_resets/:id
49			def update
50			# Check if password is valid
51			if params[:user][:password].empty?
52			flash.now[:alert] = I18n.t("password_empty_notice")
53			elsif params[:user][:password] != params[:user][:password_confirmation]
54			# Password does not match password confirmation
55			flash.now[:alert] = I18n.t("password_different_notice")
56			elsif @user.update_attributes(user_params)
57			# Clear the user's social uid if they are switching from a social to a local account
58			@user.update_attribute(:social_uid, nil) if @user.social_uid.present?
59			# Successfully reset password
60			return redirect_to root_path, flash: { success: I18n.t("password_reset_success") }
61			end
62
63			render 'edit'
64			end
65
66			private
67
68			def find_user
69			@user = User.find_by(reset_digest: User.hash_token(params[:id]), provider: @user_domain)
70
71			return redirect_to new_password_reset_url, alert: I18n.t("reset_password.invalid_token") unless @user
72			end
73
74			def user_params
75			params.require(:user).permit(:password, :password_confirmation)
76			end
77
78			# Checks expiration of reset token.
79			def check_expiration
80			redirect_to new_password_reset_url, alert: I18n.t("expired_reset_token") if @user.password_reset_expired?
81			end
82
83			# Redirects to 404 if emails are not enabled
84			def disable_password_reset
85			redirect_to '/404'
86			end
87
88			# Checks that the captcha passed is valid
89			def valid_captcha
90			return true unless Rails.configuration.recaptcha_enabled
91			verify_recaptcha
92			end
93			end
94

farhatahmad / greenlight

Push — master ( 23b088...27bc68 )

PasswordResetsController.create() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like