Class: RailsIdentity::UsersController

Inherits:
ApplicationController show all
Defined in:
app/controllers/rails_identity/users_controller.rb

Overview

Users controller that performs CRUD on users.

Instance Method Summary collapse

Methods inherited from ApplicationController

#options

Methods included from ApplicationHelper

#accept_token, #authorized?, #find_object, #render_error, #render_errors, #require_admin_token, #require_token

Instance Method Details

#createObject

Creates a new user. This action does not require any auth although it is optional.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'app/controllers/rails_identity/users_controller.rb', line 31

def create
  logger.debug("Create new user")
  @user = User.new(user_params)
  if @user.save

    # Save succeeded. Render the response based on the created user.
    render json: @user, except: [:verification_token, :reset_token, :password_digest], status: 201

    # Then, issue the verification token and send the email for
    # verification.
    @user.issue_token(:verification_token)
    @user.save
    UserMailer.email_verification(@user).deliver_later
  else
    render_errors 400, @user.errors.full_messages
  end
end

#destroyObject

Deletes a user.



100
101
102
103
104
105
106
107
108
 
# File 'app/controllers/rails_identity/users_controller.rb', line 100

def destroy
  if @user.destroy
    render body: '', status: 204
  else
    # :nocov:
    render_error 500, "Something went wrong!"
    # :nocov:
  end
end

#indexObject

List all users (but only works for admin user).



22
23
24
25
 
# File 'app/controllers/rails_identity/users_controller.rb', line 22

def index
  @users = User.all
  render json: @users, except: [:password_digest]
end

#showObject

Renders a user data.



52
53
54
 
# File 'app/controllers/rails_identity/users_controller.rb', line 52

def show
  render json: @user, except: [:password_digest]
end

#updateObject

Patches the user. Some overloading operations here. There are five notable ways to update a user.

- Issue a reset token
  If params has :issue_reset_token set to true, the action will
  issue a reset token for the user and returns 204. Yes, 204 No
  Content.
- Reset the password
  Two ways to reset password:
    - Provide the old password along with the new password and
      confirmation.
    - Provide the reset token as the auth token.
- Issue a verification token
- Change other data



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'app/controllers/rails_identity/users_controller.rb', line 72

def update
  if params[:issue_reset_token] || params[:issue_verification_token]
    # For issuing a reset token, one does not need an auth token. so do
    # not authorize the request.
    raise Errors::UnauthorizedError unless params[:id] == "current"
    get_user_for_token()
    raise Errors::UnauthorizedError unless params[:username] == @user.username
    if params[:issue_reset_token]
      update_token(:reset_token)
    else
      update_token(:verification_token)
    end
  else
    get_user()
    if params[:password]
      if params[:old_password]
        raise Errors::UnauthorizedError unless @user.authenticate(params[:old_password])
      else
        raise Errors::UnauthorizedError unless @token == @user.reset_token
      end
    end
    update_user(user_params)
  end
end