| Class | PasswordController |
| In: |
app/controllers/password_controller.rb
|
| Parent: | ApplicationController |
# File app/controllers/password_controller.rb, line 59
59: def change
60:
61: # This is for changing the password of the *logged in* user,
62: # not any alias they may have assumed. So, this is a very rare
63: # case in which we want to check whether the user *of record*
64: # has permission to perform some operation, never mind who
65: # they're acting as. (And they're changing their own password,
66: # not the password of whoever they are aliased to).
67:
68: User.acting_as_user_of_record do
69: @user = User.current
70: if request.post?
71:
72: # Don't let the user omit checks by failing to submit
73: # the check inputs
74:
75: params[:user][:password_confirmation] ||= ''
76: params[:user][:current_password_check] ||= ''
77:
78: @user.attributes = params[:user]
79:
80: if @user.save
81: flash[:notice] = "Password changed"
82: if have_diverted_request?
83: redirect_to_diverted_request
84: else
85: redirect_to :action => 'change'
86: end
87: end
88: end
89: end
90: end
Divert immediately to change-password page if password is nearly up?
# File app/controllers/password_controller.rb, line 30
30: def login
31: @errors = []
32: if request.post?
33: firm = Firm.find_by_search_name( params[:firm_name].downcase )
34: if firm.nil?
35: @errors << "No such firm"
36: else
37: user_name = params[:user_name].downcase
38: user = User.find_by_search_name_and_owner_firm_id( user_name, firm )
39: if user.nil?
40: @errors << User::BAD_USER_PW_MSG
41: elsif !user.authenticate_by_password( params[:password] )
42: @errors = user.authentication_status
43: else
44: if !user.authentication_status.nil?
45: flash[:notice] = user.authentication_status.first
46: end
47: login_as( user )
48: pw_days_left = user.current_password_remaining_days
49: if !pw_days_left.nil? && pw_days_left < 3
50: redirect_to :action => 'change'
51: else
52: redirect_to_diverted_request
53: end
54: end
55: end
56: end
57: end