defmodule FrenzyWeb.AccountController do use FrenzyWeb, :controller alias Frenzy.{Repo, User} alias FrenzyWeb.Router.Helpers, as: Routes alias FrenzyWeb.Endpoint def show(conn, _params) do user = conn.assigns[:user] render(conn, "show.html", %{ user: user }) end def change_password(conn, _params) do render(conn, "change_password.html") end def do_change_password(conn, %{ "old_password" => old, "new_password" => new, "confirm_new_password" => confirm }) do user = conn.assigns[:user] |> Repo.preload([:approved_clients, :groups]) case Bcrypt.check_pass(user, old) do {:ok, user} -> case new do ^old -> conn |> put_flash(:error, "New password cannot be the same as old password.") |> redirect(to: Routes.account_path(Endpoint, :change_password)) ^confirm -> changeset = User.change_password_changeset(user, %{password: new}) {:ok, user} = Repo.update(changeset) conn |> put_flash(:info, "Password changed.") |> redirect(to: Routes.account_path(Endpoint, :show)) _ -> conn |> put_flash(:error, "New password and confirmation did not match.") |> redirect(to: Routes.account_path(Endpoint, :change_password)) end {:error, _reason} -> conn |> put_flash(:error, "Invalid old password.") |> redirect(to: Routes.account_path(Endpoint, :change_password)) end end def do_change_password(conn, _params) do redirect(conn, to: Routes.account_path(Endpoint, :change_password)) end end