Class: Devise::PasswordExpiredController

Inherits:

DeviseController

• Object
• DeviseController
• Devise::PasswordExpiredController

Defined in:

app/controllers/devise/password_expired_controller.rb

Instance Method Summary

• #show ⇒ Object
• #update ⇒ Object

  Update the password stored on the ‘resource`.

Instance Method Details

#show ⇒ Object

# File 'app/controllers/devise/password_expired_controller.rb', line 9

def show
  respond_with(resource)
end

#update ⇒ Object

Note:

if a common data format like :json or :xml are requested this will respond with a 204 No Content and set the Location header. Useful for dealing with APIs when JS clients would otherwise automatically follow the redirect, which can be problematic.

Update the password stored on the ‘resource`.

See Also:

• https://stackoverflow.com/questions/228225/prevent-redirection-of-xmlhttprequest
• https://github.com/axios/axios/issues/932#issuecomment-307390761
• https://github.com/devise-security/devise-security/pull/111

# File 'app/controllers/devise/password_expired_controller.rb', line 21

def update
  resource.extend(Devise::Models::DatabaseAuthenticatablePatch)
  if resource.update_with_password(resource_params)
    warden.session(scope)['password_expired'] = false
    set_flash_message :notice, :updated
    bypass_sign_in resource, scope: scope
    respond_with({}, location: stored_location_for(scope) || :root)
  else
    clean_up_passwords(resource)
    respond_with(resource, action: :show)
  end
end