# frozen_string_literal: true

class PasswordResetsController < ApplicationController
  skip_before_action :authenticate

  def new
    reset_session
  end

  def create
    user = User.find_by(username: params[:username])
    if user
      token = user.generate_token_for(:password_reset)
      UserMailer.with(user: user, token: token).password_reset.deliver_later
      redirect_to new_session_path, notice: t(".success") and return
    end

    redirect_to :root, notice: t(".error")
  end

  def edit
    reset_session
    @user = User.find_by(username: params[:id])
    @token = params[:token]
    unless @user == User.find_by_token_for(:password_reset, params[:token])
      redirect_to :root, notice: t(".invalid_token") and return
    end
  end

  def update
    user = User.find_by(username: params[:id])
    unless user == User.find_by_token_for(:password_reset, params[:token])
      redirect_to :root, notice: t(".invalid_token") and return
    end

    if user.update(password: params[:password], password_confirmation: params[:password_confirmation])
      redirect_to new_session_path, notice: t(".success")
    else
      redirect_to :root, notice: t(".error")
    end
  end
end