Separate page for password change

1 files changed, 40 insertions, 1 deletions

diff --git a/app/controllers/profiles/passwords_controller.rb b/app/controllers/profiles/passwords_controller.rb
index 432899f857d..b8d8395a7c4 100644
--- a/app/controllers/profiles/passwords_controller.rb
+++ b/app/controllers/profiles/passwords_controller.rb
@@ -1,10 +1,11 @@
 class Profiles::PasswordsController < ApplicationController
-  layout 'navless'
+  layout :determine_layout
 
   skip_before_filter :check_password_expiration
 
   before_filter :set_user
   before_filter :set_title
+  before_filter :authorize_change_password!
 
   def new
   end
@@ -26,6 +27,32 @@ class Profiles::PasswordsController < ApplicationController
     end
   end
 
+  def edit
+  end
+
+  def update
+    password_attributes = params[:user].select do |key, value|
+      %w(password password_confirmation).include?(key.to_s)
+    end
+
+    unless @user.valid_password?(params[:user][:current_password])
+      redirect_to edit_profile_password_path, alert: 'You must provide a valid current password'
+      return
+    end
+
+    if @user.update_attributes(password_attributes)
+      flash[:notice] = "Password was successfully updated. Please login with it"
+      redirect_to new_user_session_path
+    else
+      render 'account'
+    end
+  end
+
+  def reset
+    current_user.send_reset_password_instructions
+    redirect_to edit_profile_password_path, notice: 'We sent you an email with reset password instructions'
+  end
+
   private
 
   def set_user
@@ -35,4 +62,16 @@ class Profiles::PasswordsController < ApplicationController
   def set_title
     @title = "New password"
   end
+
+  def determine_layout
+    if [:new, :create].include?(action_name.to_sym)
+      'navless'
+    else
+      'profile'
+    end
+  end
+
+  def authorize_change_password!
+    return render_404 if @user.ldap_user?
+  end
 end