Migrate to Postgresql for better network handling. Add more user functionality.

app/controllers/passwords_controller.rb

@@ -1,35 +1,24 @@
 class PasswordsController < ApplicationController
-  allow_unauthenticated_access
-  before_action :set_user_by_token, only: %i[ edit update ]
-  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_password_path, alert: "Try again later." }
-
-  def new
-  end
-
-  def create
-    if user = User.find_by(email_address: params[:email_address])
-      PasswordsMailer.reset(user).deliver_later
-    end
-
-    redirect_to new_session_path, notice: "Password reset instructions sent (if user with that email address exists)."
-  end
+  before_action :require_authentication
 
   def edit
+    @user = Current.user
   end
 
   def update
-    if @user.update(params.permit(:password, :password_confirmation))
-      @user.sessions.destroy_all
-      redirect_to new_session_path, notice: "Password has been reset."
+    @user = Current.user
+
+    if @user.authenticate(params[:current_password])
+      if @user.update(params.permit(:password, :password_confirmation))
+        @user.sessions.where.not(id: Current.session.id).destroy_all
+        redirect_to root_path, notice: "Password updated successfully."
+      else
+        flash.now[:alert] = "New password confirmation didn't match."
+        render :edit, status: :unprocessable_entity
+      end
     else
-      redirect_to edit_password_path(params[:token]), alert: "Passwords did not match."
+      flash.now[:alert] = "Current password is incorrect."
+      render :edit, status: :unprocessable_entity
     end
   end
-
-  private
-    def set_user_by_token
-      @user = User.find_by_password_reset_token!(params[:token])
-    rescue ActiveSupport::MessageVerifier::InvalidSignature
-      redirect_to new_password_path, alert: "Password reset link is invalid or has expired."
-    end
 end