Added the ability for admins to send a reset password email for users (#737)

2019-08-14 10:21:58 -04:00
parent 1256554ce6
commit 7e3c44575e
10 changed files with 34 additions and 18 deletions
--- a/app/controllers/admins_controller.rb
+++ b/app/controllers/admins_controller.rb
@ -22,7 +22,7 @@ class AdminsController < ApplicationController
  include Emailer
  include Recorder

-  manage_users = [:edit_user, :promote, :demote, :ban_user, :unban_user, :approve]
+  manage_users = [:edit_user, :promote, :demote, :ban_user, :unban_user, :approve, :reset]
  site_settings = [:branding, :coloring, :coloring_lighten, :coloring_darken,
                   :registration_method, :room_authentication, :room_limit, :default_recording_visibility]

@ -106,6 +106,14 @@ class AdminsController < ApplicationController
    redirect_to admins_path
  end

+  # GET /admins/reset
+  def reset
+    @user.create_reset_digest
+
+    send_password_reset_email(@user)
+
+    redirect_to admins_path, flash: { success: I18n.t("administrator.flash.reset_password") }
+  end
  # SITE SETTINGS

  # POST /admins/branding
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@ -53,7 +53,7 @@ class PasswordResetsController < ApplicationController
    elsif params[:user][:password] != params[:user][:password_confirmation]
      flash.now[:alert] = I18n.t("password_different_notice")
      render 'edit'
-    elsif current_user.update_attributes(user_params)
+    elsif @user.update_attributes(user_params)
      flash[:success] = I18n.t("password_reset_success")
      redirect_to root_path
    else
@ -67,23 +67,19 @@ class PasswordResetsController < ApplicationController
    @user = User.find_by(email: params[:email])
  end

-  def current_user
-    @user
-  end
-
  def user_params
    params.require(:user).permit(:password, :password_confirmation)
  end

  # Checks expiration of reset token.
  def check_expiration
-    redirect_to new_password_reset_url, alert: I18n.t("expired_reset_token") if current_user.password_reset_expired?
+    redirect_to new_password_reset_url, alert: I18n.t("expired_reset_token") if @user.password_reset_expired?
  end

  # Confirms a valid user.
  def valid_user
-    unless current_user.authenticated?(:reset, params[:id])
-      current_user&.activate unless current_user&.activated?
+    unless @user.authenticated?(:reset, params[:id])
+      @user&.activate unless @user&.activated?
      redirect_to root_url
    end
  end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -128,4 +128,9 @@ module ApplicationHelper
      role.name
    end
  end
+
+  def can_reset_password
+    # Check if admin is editting user
+    Rails.application.routes.recognize_path(request.env['PATH_INFO'])[:action] == "edit_user"
+  end
 end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -37,7 +37,7 @@ class Ability

      if highest_role.can_manage_users
        can [:index, :roles, :edit_user, :promote, :demote, :ban_user, :unban_user,
-             :approve, :invite], :admin
+             :approve, :invite, :reset], :admin
      end

      if !highest_role.can_edit_site_settings && !highest_role.can_edit_roles && !highest_role.can_manage_users
--- a/app/views/shared/settings/_account.html.erb
+++ b/app/views/shared/settings/_account.html.erb
@ -75,6 +75,10 @@
    </div>
  </div>
  <div class="card-footer">
-    <%= f.submit t("update"), class: "btn btn-primary float-right" %>
+    <%= f.submit t("update"), class: "btn btn-primary float-right ml-4" %>
+
+    <% if can_reset_password %>
+      <%= link_to "Reset user password", admin_reset_path(user_uid: @user.uid), class: "btn btn-primary float-right" %>
+    <% end %>
  </div>
 <% end %>
--- a/app/views/user_mailer/password_reset.html.erb
+++ b/app/views/user_mailer/password_reset.html.erb
@ -24,7 +24,7 @@
      </h1>

      <p>
-        <%= t('mailer.user.password_reset.welcome', bigbluebutton: t('bigbluebutton')) %>
+        <%= t('mailer.user.password_reset.welcome', email: @user.email).html_safe %>
      </p>

      <p style="margin-bottom:45px;">
@ -38,11 +38,11 @@
      </a>

      <p style="margin-top:45px;">
-        <%= t('mailer.user.password_reset.expire') %>
+        <%= t('mailer.user.password_reset.ignore') %>
      </p>

      <p>
-        <%= t('mailer.user.password_reset.ignore') %>
+        <%= t('mailer.user.password_reset.expire') %>
      </p>
    </div>
  </div>
--- a/app/views/user_mailer/password_reset.text.erb
+++ b/app/views/user_mailer/password_reset.text.erb
@ -18,7 +18,7 @@

 <%= t('mailer.user.password_reset.title') %>

-<%= t('mailer.user.password_reset.welcome', bigbluebutton: t('bigbluebutton')) %>
+<%= t('mailer.user.password_reset.welcome', email: @user.email) %>
 <%= t('mailer.user.password_reset.message') %>

 <%= @url %>