# my model##################################class User < ActiveRecord::Base

1. # my model
2. ##################################
3. class User < ActiveRecord::Base
4. acts_as_authentic
5. attr_accessor :old_password
6. validate :old_password_is_correct,
7. :on => :update,
8. :if => :old_password_required?
9.  
10. def deliver_password_reset_instructions!
11. reset_perishable_token!
12. UserNotifier.deliver_password_reset_instructions(self)
13. end
14.  
15. def old_password_required?
16. ret = true if password_changed? and !perishable_token_submitted?
17. ret ||= true if email_changed?
18. ret ||= false
19. end
20.  
21. def perishable_token_submitted?
22. # ?????
23. end
24.  
25. def old_password_is_correct
26. if old_user = User.find_by_id(id)
27. unless old_user.valid_password?(old_password)
28. errors.add("old_password", "is not correct")
29. end
30. else
31. errors.add_to_base("User could not be found by id")
32. end
33. end
34.  
35. def password_changed?
36. self.changes["crypted_password"] ? true : false
37. end
38.  
39. def email_changed?
40. self.changes["email"] ? true : false
41. end
42.  
43. end
44.  
45. # my controller
46. ##################################
47. class User::PasswordController < ApplicationController
48. before_filter :require_no_user, :only => [:new, :create]
49.  
50. # form to have new password link emailed
51. def new
52. @user = User.new
53. end
54.  
55. # form to change password, includes old email field or hidden token field
56. def edit
57. load_user_by_perishable_token_or_current
58. end
59.  
60. # email out password reset link
61. def create
62. @user = User.find_by_email(params[:user][:email])
63. if @user
64. @user.deliver_password_reset_instructions!
65. flash[:notice] = "Instructions to reset your password have been emailed to you. Please check your email."
66. redirect_to root_path
67. else
68. @user = User.new
69. flash[:notice] = "No user was found with that email address"
70. render :action => :new
71. end
72. end
73.  
74. # update password, requires old password or token in validations
75. def update
76. load_user_by_perishable_token_or_current
77. @user.old_password = params[:user][:old_password]
78. @user.password = params[:user][:password]
79. @user.password_confirmation = params[:user][:password_confirmation]
80. if @user.save
81. flash[:notice] = "Password successfully updated"
82. redirect_to user_account_path
83. else
84. render :action => :edit
85. end
86. end
87.  
88. private
89. def load_user_by_perishable_token_or_current
90. if @user = current_user
91. elsif @user = User.find_using_perishable_token(params[:token])
92. elsif @user = User.find_using_perishable_token(params[:user][:perishable_token])
93. else
94. flash[:notice] = "Could not find user, please check your token or create a new one"
95. redirect_to root_path
96. end
97. end
98.  
99. end
100.  
101. # my edit view
102. ##################################
103. %h1 Change your password
104.  
105. -form_for @user, :url => user_password_path do |f|
106. %p
107. = f.error_messages
108.  
109. - if current_user # logged in, changing password with old password
110. %p
111. = f.label :old_password, "Old Password"
112. = f.password_field :old_password
113. - else # not logged in, changing password with perishable token
114. = f.hidden_field :perishable_token
115.  
116. %p
117. = f.label :password, "New Password"
118. = f.password_field :password
119. %p
120. = f.label :password_confirmation
121. = f.password_field :password_confirmation
122. %p
123. = f.submit "Update"