Re: Implement "forgot password" in restful authentication plugin

Thanks for the post.

So reset_notification.rhtml and stuff belongs in restful authentication plugin folder?

Re: Implement "forgot password" in restful authentication plugin

can anyone see anything super obvious here that is causing my reset passwords to not commit?

it has just started to fail..

account controller

   #reset password
  def reset_password
        @title = "Reset Password"
        @user = User.find_by_password_reset_code(params[:password_reset_code]) unless params[:password_reset_code].nil?
        #raise if @user.nil?

        return if @user unless params[:user]

        #if ((params[:user][:password] == params[:user][:password_confirmation]) && !params[:user][:password_confirmation].blank?)
        if (params[:user][:password] ==  params[:user][:password_confirmation])
            self.current_user = @user #for the next two lines to work
            current_user.password_confirmation = params[:user][:password_confirmation]
            current_user.password = params[:user][:password]
            @user.reset_password
            reset_session # this forces the user to login
            flash[:notice] = current_user.save ? "Done, Your is Password reset - Login Now to try your new Password" : "Password not reset. Hint, make your Password atleast 8 characters long."
            redirect_back_or_default('/')
        else
            flash[:notice] = "Password mismatch.. please try again"
        end
        rescue
    logger.error "Invalid Reset Code entered"
    flash[:notice] = "That is an invalid password reset action. Please check your email and try again."
    redirect_back_or_default('/')
end


# user model

  # Clear the password (typically to suppress its display in a view).
  def clear_password!
    self.password = nil
    self.password_confirmation = nil
    self.current_password = nil
  end
 
  #forgot password params
  def forgot_password
      @forgotten_password = true
      self.make_password_reset_code
      save(false)
  end

    #used in user_observer
  def recently_forgot_password?
      @forgotten_password
  end

  def reset_password
      # First update the password_reset_code before setting the
      # reset_password flag to avoid duplicate email notifications.
      update_attributes(:password_reset_code => nil)
      @reset_password = true
  end

    #used in user_observer
  def recently_reset_password?
      @reset_password
  end

Re: Implement "forgot password" in restful authentication plugin

I noticed that the assigment through self.attributes is not working in Rails 2.0.2.

I had to change 2 lines in the User model (user.rb)

  def create_reset_code
    @reset = true
    # self.attributes = {:reset_code => Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )}
    self.reset_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
    save(false)
  end
 
  def recently_reset?
    @reset
  end

  def delete_reset_code
    #self.attributes = {:reset_code => nil}
    self.reset_code = nil
    save(false)
  end


Another thing I noticed is that the code in user_observer.rb calls UserNotifier instead of UserMailer which is used by restful_authentication.

  def after_save(user)  
    UserMailer.deliver_activation(user) if user.pending?
    UserMailer.deliver_reset_notification(user) if user.recently_reset?
  end

Re: Implement "forgot password" in restful authentication plugin

Thanks for posting all of this. I was able to identify the problem where it was calling UserNotifier instead of UserMailer but the self.attributes issue really had me stumped for a while.. thanks!

25

Re: Implement "forgot password" in restful authentication plugin

I believe the self.attributes problem is related to the
attr_accessible settings in the model.
Add :reset_code to it and things should work I belive

Re: Implement "forgot password" in restful authentication plugin

I have updated these instructions for additional robustness and fixes for the latest version of restful_authentication:  http://validatesconfirmationof.blogspot … re-to.html