Add password resetting

app/controllers/authentication_controller.rb

@@ -54,8 +54,53 @@ class AuthenticationController < ApplicationController
     redirect_to action: 'login'
   end
 
+  def reset_password_form
+    token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:password_reset])
+    if not password_reset_token_valid? token
+      return
+    end
+    render layout: 'void'
+  end
+
+  def reset_password
+    token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:password_reset])
+    if not password_reset_token_valid? token
+      return
+    end
+
+    if not params[:password] == params[:password_confirmation]
+      flash[:warning] = "Password confirmation does not match your password!"
+      redirect_to action: 'reset_password_form', token: params[:token]
+      return
+    end
+
+    user = token.user
+    user.password = params[:password_reset][:password]
+    user.password_confirmation = params[:password_reset][:password_confirmation]
+    user.save!
+
+    token.destroy!
+
+    flash[:success] = "Your password has been reset, you may now log in."
+    redirect_to action: 'login'
+  end
+
   private
   def session_params
     params.require(:session).permit(:email, :password, :remember_me)
   end
+
+  def password_reset_token_valid?(token)
+    if token.nil?
+      flash[:warning] = "No valid token specified!"
+      redirect_to action: 'login'
+      return false
+    end
+    if token.expires and token.expires < DateTime.now
+      flash[:warning] = "That token has expired, please request a new one."
+      redirect_to action: 'login'
+      return false
+    end
+    true
+  end
 end

app/views/authentication/reset_password_form.html.haml

@@ -0,0 +1,18 @@
+- content_for :title do
+  Reset password
+.container
+  = render 'shared/alerts'
+  = form_for :password_reset, url: {action: 'reset_password', token: params[:token]}, html: { class: 'central-form'} do |f|
+    %h2.central-form-header.text-center
+      Reset password
+
+    = f.password_field :password, placeholder: "New password", class: 'form-control input-top'
+    = f.password_field :password_confirmation, placeholder: "Confirm new password", class: 'form-control input-bottom'
+    = f.submit "Reset password", class: 'btn btn-primary btn-lg btn-block'
+
+  .central-form
+    %ul.hdis
+      %li
+        = link_to "Login",          {action: 'login',           controller: 'authentication'}, {class: 'btn btn-secondary'}
+      %li
+        = link_to "Create account", {action: 'create_password', controller: 'authentication'}, {class: 'btn btn-secondary'}

config/routes.rb

@@ -12,6 +12,9 @@ Rails.application.routes.draw do
   get  'forgot', to: 'authentication#forgotten_password_form'
   post 'forgot', to: 'authentication#forgotten_password'
 
+  get  'reset_password', to: 'authentication#reset_password_form'
+  post 'reset_password', to: 'authentication#reset_password'
+
   get 'logout', to: 'authentication#logout_confirm'
   delete 'logout', to: 'authentication#logout'