diff options
Diffstat (limited to 'app/controllers/passwords_controller.rb')
-rw-r--r-- | app/controllers/passwords_controller.rb | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index edf43935f3c..a2d152addc9 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -2,18 +2,19 @@ class PasswordsController < Devise::PasswordsController def create email = resource_params[:email] - resource_found = resource_class.find_by_email(email) - if resource_found && resource_found.ldap_user? + self.resource = resource_class.find_by_email(email) + + if resource && resource.ldap_user? flash[:alert] = "Cannot reset password for LDAP user." respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name)) and return end - self.resource = resource_class.send_reset_password_instructions(resource_params) - if successfully_sent?(resource) - respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name)) - else - respond_with(resource) + unless can_send_reset_email? + flash[:alert] = "Instructions about how to reset your password have already been sent recently. Please wait a few minutes to try again." + respond_with({}, location: new_password_path(resource_name)) and return end + + super end def edit @@ -35,4 +36,11 @@ class PasswordsController < Devise::PasswordsController end end end + + private + + def can_send_reset_email? + resource && (resource.reset_password_sent_at.blank? || + resource.reset_password_sent_at < 1.minute.ago) + end end |