46 lines
1.4 KiB
Ruby
46 lines
1.4 KiB
Ruby
module PasswordResetsLimitable
|
|
extend ActiveSupport::Concern
|
|
|
|
included do
|
|
def password_resets_remaining
|
|
return ArchiveConfig.PASSWORD_RESET_LIMIT unless self.last_reset_within_cooldown?
|
|
|
|
limit_delta = ArchiveConfig.PASSWORD_RESET_LIMIT - self.resets_requested
|
|
limit_delta.positive? ? limit_delta : 0
|
|
end
|
|
|
|
def password_resets_limit_reached?
|
|
password_resets_remaining.zero?
|
|
end
|
|
|
|
def password_resets_available_time
|
|
self.reset_password_sent_at + ArchiveConfig.PASSWORD_RESET_COOLDOWN_HOURS.hours
|
|
end
|
|
|
|
def update_password_resets_requested
|
|
if self.resets_requested.positive? && !self.last_reset_within_cooldown?
|
|
self.resets_requested = 1
|
|
else
|
|
self.resets_requested += 1
|
|
end
|
|
end
|
|
|
|
protected
|
|
|
|
# Resets the resets_requested count to the default value -- zero -- when a user successfully _completes_
|
|
# the reset process. This extends the existing Devise method, which sets `reset_password_sent_at` to `nil`.
|
|
# If we don't also reset `resets_requested`, we will not know whether the number of resets means further
|
|
# reset requests should be limited or not.
|
|
def clear_reset_password_token
|
|
super
|
|
self.resets_requested = 0
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def last_reset_within_cooldown?
|
|
self.reset_password_sent_at.present? &&
|
|
self.reset_password_sent_at > ArchiveConfig.PASSWORD_RESET_COOLDOWN_HOURS.hours.ago
|
|
end
|
|
end
|