submit-social-housing-letti.../app/controllers/auth/passwords_controller.rb

class Auth::PasswordsController < Devise::PasswordsController
  include Helpers::Email

  def reset_confirmation
    self.resource = resource_class.new
    @email = params["email"]
    if @email.empty?
      resource.errors.add :email, "Enter an email address"
      render "devise/passwords/new", status: :unprocessable_entity
    elsif !email_valid?(@email)
      resource.errors.add :email, "Enter an email address in the correct format, like name@example.com"
      render "devise/passwords/new", status: :unprocessable_entity
    else
      render "devise/confirmations/reset"
    end
  end

  def create
    self.resource = resource_class.send_reset_password_instructions(resource_params)
    yield resource if block_given?

    respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name))
  end

  def edit
    super
    render "devise/passwords/reset_password"
  end

  def update
    self.resource = resource_class.reset_password_by_token(resource_params)
    yield resource if block_given?

    if resource.errors.empty?
      resource.unlock_access! if unlockable?(resource)
      if Devise.sign_in_after_reset_password
        set_flash_message!(:notice, password_update_flash_message)
        resource.after_database_authentication
        sign_in(resource_name, resource)
      else
        set_flash_message!(:notice, :updated_not_active)
      end
      respond_with resource, location: after_resetting_password_path_for(resource)
    else
      set_minimum_password_length
      respond_with resource, status: :unprocessable_entity
    end
  end

protected

  def password_update_flash_message
    resource_class == AdminUser ? :updated_2FA : :updated
  end

  def resource_class_name
    resource_class.name.underscore
  end

  def after_sending_reset_password_instructions_path_for(_resource)
    confirmations_reset_path(email: params.dig(resource_class_name, "email"))
  end

  def after_resetting_password_path_for(resource)
    if Devise.sign_in_after_reset_password
      if resource_class == AdminUser
        resource.send_new_otp
        admin_user_two_factor_authentication_path
      else
        after_sign_in_path_for(resource)
      end
    else
      new_session_path(resource_name)
    end
  end
end
Invite new user (#134) * Clean up user routes * Make user registerable * Merge * Turbo devise strikes again * URL naming * Dashes not underscores * Consistent syntax * Turning off turbo changes our html * Update password link not working yet * New user path * Password edit path * Updating password keeps you signed in and redirects to show * Set new user org * Write a failing spec for user creation * Reset user password and redirect back to org users page * Test redirect * Use invite template * Request specs over feature specs * Add email validation 3 years ago			`class Auth::PasswordsController < Devise::PasswordsController`
Reset password validation (#125) * Add email validation to reset password form * Revert extracting CSS file by default since it messes with tests * Add label to change password * Error summary should be above title 3 years ago			`include Helpers::Email`

pass first reset confirmation test 3 years ago			`def reset_confirmation`
Reset password validation (#125) * Add email validation to reset password form * Revert extracting CSS file by default since it messes with tests * Add label to change password * Error summary should be above title 3 years ago			`self.resource = resource_class.new`
make a step to protect emails 3 years ago			`@email = params["email"]`
Reset password validation (#125) * Add email validation to reset password form * Revert extracting CSS file by default since it messes with tests * Add label to change password * Error summary should be above title 3 years ago			`if @email.empty?`
			`resource.errors.add :email, "Enter an email address"`
			`render "devise/passwords/new", status: :unprocessable_entity`
			`elsif !email_valid?(@email)`
			`resource.errors.add :email, "Enter an email address in the correct format, like name@example.com"`
			`render "devise/passwords/new", status: :unprocessable_entity`
			`else`
			`render "devise/confirmations/reset"`
			`end`
lint fixes 3 years ago			`end`
pass first reset confirmation test 3 years ago
add test around protecting emails 3 years ago			`def create`
			`self.resource = resource_class.send_reset_password_instructions(resource_params)`
			`yield resource if block_given?`

			`respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name))`
			`end`

Fix password reset flow (#157) * Render gov uk reset view * Pass password reset token * Test password update and sign in * The cop is working 3 years ago			`def edit`
			`super`
Fix sending reset email for admins (#313) * Fix sending reset email for admins * Reset does not let you bypass 2FA * Trigger SMS on admin password reset * Update flash message for 2FA * Update Admin Login header * Rubocop * 422 * Revert unused view 3 years ago			`render "devise/passwords/reset_password"`
			`end`

			`def update`
			`self.resource = resource_class.reset_password_by_token(resource_params)`
			`yield resource if block_given?`

			`if resource.errors.empty?`
			`resource.unlock_access! if unlockable?(resource)`
			`if Devise.sign_in_after_reset_password`
			`set_flash_message!(:notice, password_update_flash_message)`
			`resource.after_database_authentication`
			`sign_in(resource_name, resource)`
			`else`
			`set_flash_message!(:notice, :updated_not_active)`
			`end`
			`respond_with resource, location: after_resetting_password_path_for(resource)`
			`else`
			`set_minimum_password_length`
			`respond_with resource, status: :unprocessable_entity`
			`end`
Fix password reset flow (#157) * Render gov uk reset view * Pass password reset token * Test password update and sign in * The cop is working 3 years ago			`end`

lint fixes 3 years ago			`protected`
pass first reset confirmation test 3 years ago
Fix sending reset email for admins (#313) * Fix sending reset email for admins * Reset does not let you bypass 2FA * Trigger SMS on admin password reset * Update flash message for 2FA * Update Admin Login header * Rubocop * 422 * Revert unused view 3 years ago			`def password_update_flash_message`
			`resource_class == AdminUser ? :updated_2FA : :updated`
			`end`

			`def resource_class_name`
			`resource_class.name.underscore`
			`end`

lint fixes 3 years ago			`def after_sending_reset_password_instructions_path_for(_resource)`
Fix sending reset email for admins (#313) * Fix sending reset email for admins * Reset does not let you bypass 2FA * Trigger SMS on admin password reset * Update flash message for 2FA * Update Admin Login header * Rubocop * 422 * Revert unused view 3 years ago			`confirmations_reset_path(email: params.dig(resource_class_name, "email"))`
			`end`

			`def after_resetting_password_path_for(resource)`
			`if Devise.sign_in_after_reset_password`
			`if resource_class == AdminUser`
			`resource.send_new_otp`
			`admin_user_two_factor_authentication_path`
			`else`
			`after_sign_in_path_for(resource)`
			`end`
			`else`
			`new_session_path(resource_name)`
			`end`
lint fixes 3 years ago			`end`
			`end`