Class: RailsIdentity::UsersController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• RailsIdentity::UsersController

Defined in:

app/controllers/rails_identity/users_controller.rb

Overview

Users controller that performs CRUD on users.

Instance Method Summary

• #create ⇒ Object

  Creates a new user.

• #destroy ⇒ Object

  Deletes a user.

• #index ⇒ Object

  List all users (but only works for admin user).

• #show ⇒ Object

  Renders a user data.

• #update ⇒ Object

  Patches the user.

Methods inherited from ApplicationController

#options

Methods included from ApplicationHelper

#render_error, #render_errors

Instance Method Details

#create ⇒ Object

Creates a new user. This action does not require any auth although it is optional.

# File 'app/controllers/rails_identity/users_controller.rb', line 31

def create
  @user = User.new(user_params)
  if @user.save
    render json: @user, except: [:verification_token, :reset_token, :password_digest], status: 201
    UserMailer.email_verification(@user).deliver_later
  else
    render_errors 400, @user.errors.full_messages
  end
end

#destroy ⇒ Object

Deletes a user.

# File 'app/controllers/rails_identity/users_controller.rb', line 92

def destroy
  if @user.destroy
    render body: '', status: 204
  else
    # :nocov:
    render_error 500, "Something went wrong!"
    # :nocov:
  end
end

#index ⇒ Object

List all users (but only works for admin user).

# File 'app/controllers/rails_identity/users_controller.rb', line 22

def index
  @users = User.all
  render json: @users, except: [:password_digest]
end

#show ⇒ Object

Renders a user data.

# File 'app/controllers/rails_identity/users_controller.rb', line 44

def show
  render json: @user, except: [:password_digest], methods: [:role]
end

#update ⇒ Object

Patches the user. Some overloading operations here. There are five notable ways to update a user.

- Issue a reset token
  If params has :issue_reset_token set to true, the action will
  issue a reset token for the user and returns 204. Yes, 204 No
  Content. TODO: in the future, the action will trigger an email.
- Reset the password
  Two ways to reset password:
    - Provide the old password along with the new password and
      confirmation.
    - Provide the reset token as the auth token.
- Issue a verification token
- Change other data

# File 'app/controllers/rails_identity/users_controller.rb', line 64

def update
  if params[:issue_reset_token] || params[:issue_verification_token]
    # For issuing a reset token, one does not need an auth token. so do
    # not authorize the request.
    raise Errors::UnauthorizedError unless params[:id] == "current"
    get_user_for_token()
    raise Errors::UnauthorizedError unless params[:username] == @user.username
    if params[:issue_reset_token]
      update_token(:reset_token)
    else
      update_token(:verification_token)
    end
  else
    get_user()
    if params[:password]
      if params[:old_password]
        raise Errors::UnauthorizedError unless @user.authenticate(params[:old_password])
      else
        raise Errors::UnauthorizedError unless @token == @user.reset_token
      end
    end
    update_user(user_params)
  end
end