Recuperacao de senha

app/controllers/users_controller.rb

@@ -137,6 +137,32 @@ class UsersController < ApplicationController
 		end
 	end
 
+	def recover_password
+		if params[:key]
+			@user = User.find_by_password_reset_key(params[:key])
+			if @user.nil?
+				redirect_to login_path
+			elsif request.post?
+				@user.password = params[:user][:password]
+				@user.password_confirmation = params[:user][:password_confirmation]
+				if @user.save
+					@user.update_attribute(:password_reset_key, nil)
+					flash[:message] = "Senha modificada"
+					redirect_to login_path
+				end
+			end
+		else
+			if request.post?
+				@user = User.find_by_email(params[:user][:email])
+				if @user.nil?
+					flash[:warning] = "Email inválido"
+				else
+					@user.generate_password_reset_key!
+				end
+			end
+		end
+	end
+
 #	def forgot_password
 #		if request.post?
 #			u = User.find_by_email(params[:user][:email])

app/models/notifications.rb

@@ -16,12 +16,11 @@
 
 class Notifications < ActionMailer::Base
 
-	def forgot_password(to, login, pass, sent_at = Time.now)
+	def forgot_password(to, key, sent_at = Time.now)
-		@subject = "Your password is ..."
+		@subject = "#{App.title} - Recuperar senha"
-		@body['login']=login
+		@body['key'] = key
-		@body['pass']=pass
 		@recipients = to
-		@from = 'support@yourdomain.com'
+		@from = "#{App.title} <#{App.webmaster_email}>"
 		@sent_on = sent_at
 		@headers = {}
 	end

app/models/user.rb

@@ -63,11 +63,10 @@ class User < ActiveRecord::Base
 	end
 
 	# Gera uma nova senha, e a envia por email.
-	def send_new_password
+	def generate_password_reset_key!
-		new_pass = User.random_string(10)
+		update_attribute(:password_reset_key, User.random_string(30))
-		@password = @password_confirmation = new_pass
+		save!
-		save
+		Notifications.deliver_forgot_password(self.email, self.password_reset_key)
-		Notifications.deliver_forgot_password(self.email, self.login, new_pass)
 	end
 
 	def reset_login_key

app/views/notifications/forgot_password.html.erb

@@ -1,9 +1,13 @@
-_____________
+Olá,
 
+  Recentemente, alguém solicitou que uma nova senha fosse gerada para
+  a conta associada a este email. Para completar o procedimento de
+  recuperação de senha, visite o endereço:
 
-Seu nome de usuário é <%= h(@login) %>. E seu novo password é <%= h(@pass) %>.
+    <%= recover_password_with_key_url(@key, :host => App.default_host) %>
-Faça o seu Login e mude para algo mais fácil de ser memorizado.
 
+  Caso esta solicitação não tenha sido feita por você, por favor,
+  desconsidere esta mensagem.
 
-Wiki Ufc
+Atenciosamente,
--------------
+Equipe do <%= App.title %>.

app/views/users/_form_settings.html.haml

@@ -21,7 +21,7 @@
     %dd= text_field('user', 'display_name')
 
     %dt
-      %laber{:for => 'user_email'} Email
+      %label{:for => 'user_email'} Email
     %dd= text_field('user', 'email')
 
     %dt

app/views/users/login.html.haml

@@ -22,4 +22,6 @@
 
   %br
   = link_to 'Criar nova conta', signup_path
-  =# link_ro 'Recuperar senha', recover_password_path
+
+  %br
+  = link_to 'Recuperar senha', recover_password_path

app/views/users/recover_password.html.haml

@@ -0,0 +1,36 @@
+%h4.title= App.title
+%h1.title Recuperar senha
+
+- if params[:key]
+  %p= error_messages_for :user
+  - form_tag recover_password_with_key_path(params[:key]) do
+    %dl
+      %dt
+        %label{:for => 'user_login'} Login
+      %dd
+        = text_field('user', 'login', {:value => @user.login, :readonly => true}) 
+
+      %dt
+        %label{:for => 'user_password'} Senha
+      %dd
+        = password_field('user', 'password', {:value => '', :id => 'password'}) 
+        %span#passmeter  
+
+      %dt
+        %label{:for => 'user_password_confirmation'} Confirmação de Senha
+      %dd
+        =password_field('user', 'password_confirmation', {:value => ''})
+    = submit_tag 'Alterar senha'
+
+- else
+  - if @user
+    %p Uma mensagem de confirmacão foi enviado para o seu email.
+
+  - else
+    - form_tag recover_password_path do
+      %dl
+        %dt
+          %label{:for => 'user_email'} Email
+        %dd
+          =text_field('user', 'email')
+      = submit_tag 'Recuperar senha'

config/application.rb

@@ -1,6 +1,9 @@
 # Geral
 App.language = "pt-br"
 App.title = "Wiki UFC"
+App.webmaster_email = "webmaster@wikiufc.gelsol.org"
+
+App.default_host = "wikiufc.gelsol.org"
 App.base_path = ""
 
 # Limites

config/routes.rb

@@ -71,6 +71,8 @@ ActionController::Routing::Routes.draw do |map|
 		user.logout   'logout',   :action => 'logout'
 		user.signup   'signup',   :action => 'signup'
 		user.settings 'settings', :action => 'settings'
+		user.recover_password 'recover_password', :action => 'recover_password'
+		user.recover_password_with_key 'recover_password/:key', :action => 'recover_password'
    end
 	
 	# Pagina pessoal

db/migrate/035_reset_password.rb

@@ -0,0 +1,9 @@
+class ResetPassword < ActiveRecord::Migration
+	def self.up
+		add_column :users, :password_reset_key, :string
+	end
+
+	def self.down
+		remove_column :users, :password_reset_key
+	end
+end

db/schema.rb

@@ -9,7 +9,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 34) do
+ActiveRecord::Schema.define(:version => 35) do
 
   create_table "attachments", :force => true do |t|
     t.string   "file_name",     :null => false
@@ -104,20 +104,21 @@ ActiveRecord::Schema.define(:version => 34) do
   add_index "sessions", ["session_id"], :name => "index_sessions_on_session_id"
 
   create_table "users", :force => true do |t|
-    t.string   "login",                              :null => false
+    t.string   "login",                                 :null => false
-    t.string   "hashed_password",                    :null => false
+    t.string   "hashed_password",                       :null => false
-    t.string   "email",                              :null => false
+    t.string   "email",                                 :null => false
-    t.string   "salt",                               :null => false
+    t.string   "salt",                                  :null => false
     t.datetime "created_at"
-    t.string   "name",            :default => "",    :null => false
+    t.string   "name",               :default => "",    :null => false
-    t.integer  "pref_color",      :default => 0,     :null => false
+    t.integer  "pref_color",         :default => 0,     :null => false
-    t.string   "display_name",                       :null => false
+    t.string   "display_name",                          :null => false
     t.text     "description"
-    t.datetime "last_seen",                          :null => false
+    t.datetime "last_seen",                             :null => false
     t.string   "login_key"
-    t.boolean  "admin",           :default => false, :null => false
+    t.boolean  "admin",              :default => false, :null => false
-    t.string   "secret",                             :null => false
+    t.string   "secret",                                :null => false
     t.datetime "deleted_at"
+    t.string   "password_reset_key"
   end
 
   create_table "wiki_page_versions", :force => true do |t|