Class: DeviseTokenAuth::PasswordsController

Inherits:

ApplicationController

• Object
• DeviseController
• ApplicationController
• DeviseTokenAuth::PasswordsController

Defined in:

app/controllers/devise_token_auth/passwords_controller.rb

Instance Method Summary

• #create ⇒ Object

  this action is responsible for generating password reset tokens and sending emails.

• #edit ⇒ Object

  this is where users arrive after visiting the password reset confirmation link.

• #update ⇒ Object

Methods inherited from ApplicationController

#resource_data, #resource_errors

Instance Method Details

#create ⇒ Object

this action is responsible for generating password reset tokens and sending emails

# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 10

def create
  return render_create_error_missing_email unless resource_params[:email]

  # give redirect value from params priority
  @redirect_url = params.fetch(
    :redirect_url,
    DeviseTokenAuth.default_password_reset_url
  )

  return render_create_error_missing_redirect_url unless @redirect_url
  return render_create_error_not_allowed_redirect_url if blacklisted_redirect_url?

  @email = get_case_insensitive_field_from_resource_params(:email)
  @resource = find_resource(:uid, @email)

  if @resource
    yield @resource if block_given?
    @resource.send_reset_password_instructions(
      email: @email,
      provider: 'email',
      redirect_url: @redirect_url,
      client_config: params[:config_name]
    )

    if @resource.errors.empty?
      return render_create_success
    else
      render_create_error @resource.errors
    end
  else
    render_not_found_error
  end
end

#edit ⇒ Object

this is where users arrive after visiting the password reset confirmation link

# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 45

def edit
  # if a user is not found, return nil
  @resource = with_reset_password_token(resource_params[:reset_password_token])

  if @resource && @resource.reset_password_period_valid?
    client_id, token = @resource.create_token

    # ensure that user is confirmed
    @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at

    # allow user to change password once without current_password
    @resource.allow_password_change = true if recoverable_enabled?

    @resource.save!

    yield @resource if block_given?

    redirect_header_options = { reset_password: true }
    redirect_headers = build_redirect_headers(token,
                                              client_id,
                                              redirect_header_options)
    redirect_to(@resource.build_auth_url(params[:redirect_url],
                                         redirect_headers))
  else
    render_edit_error
  end
end

#update ⇒ Object

# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 73

def update
  # make sure user is authorized
  return render_update_error_unauthorized unless @resource

  # make sure account doesn't use oauth2 provider
  unless @resource.provider == 'email'
    return render_update_error_password_not_required
  end

  # ensure that password params were sent
  unless password_resource_params[:password] && password_resource_params[:password_confirmation]
    return render_update_error_missing_password
  end

  if @resource.send(resource_update_method, password_resource_params)
    @resource.allow_password_change = false if recoverable_enabled?
    @resource.save!

    yield @resource if block_given?
    return render_update_success
  else
    return render_update_error
  end
end