Class: DeviseTokenAuth::PasswordsController

Inherits:
ApplicationController show all
Defined in:
app/controllers/devise_token_auth/passwords_controller.rb

Instance Method Summary collapse

Methods inherited from ApplicationController

#error_messages, #error_serializer, #success_message

Instance Method Details

#createObject

this action is responsible for generating password reset tokens and sending emails



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 8

def create
  unless resource_params[:email].present?
    return render json: error_messages('You must provide an email address.'), status: 401
  end

  unless params[:redirect_url]
    return render json: error_messages('Missing redirect url.'), status: 401
  end

  @user = resource_class.where({
    email: resource_params[:email]
  }).first

  errors = nil

  if @user
    @user.send_reset_password_instructions({
      email: resource_params[:email],
      redirect_url: params[:redirect_url],
      client_config: params[:config_name]
    })

    if @user.errors.empty?
      render json: success_message(
        "An email has been sent to #{@user.email} containing instructions for resetting your password."
      )
    else
      errors = @user.errors
    end
  else
    errors = ["Unable to find user with email '#{resource_params[:email]}'."]
  end

  if errors
    render json: error_messages(*errors), status: 400
  end
end

#editObject

this is where users arrive after visiting the email confirmation link



48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 48

def edit
  @user = resource_class.reset_password_by_token({
    reset_password_token: params[:reset_password_token]
  })

  if @user and @user.id
    client_id  = SecureRandom.urlsafe_base64(nil, false)
    token      = SecureRandom.urlsafe_base64(nil, false)
    token_hash = BCrypt::Password.create(token)
    expiry     = (Time.now + DeviseTokenAuth.token_lifespan).to_i

    @user.tokens[client_id] = {
      token:  token_hash,
      expiry: expiry
    }

    # ensure that user is confirmed
    @user.skip_confirmation! unless @user.confirmed_at

    @user.save!

    redirect_to(@user.build_auth_url(params[:redirect_url], {
      token:          token,
      client_id:      client_id,
      reset_password: true,
      config:         params[:config]
    }))
  else
    password_reset_rejection
  end
end

#password_reset_rejectionObject

Raises:

  • (ActionController::RoutingError) 


80
81
82
 
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 80

def password_reset_rejection
  raise ActionController::RoutingError.new('Not Found')
end

#password_resource_paramsObject 



102
103
104
 
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 102

def password_resource_params
  devise_parameter_sanitizer.sanitize(:account_update)
end

#resource_serializer(user) ⇒ Object 



106
107
108
109
 
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 106

def resource_serializer(user)
  serializer = DeviseTokenAuth.password_serializer || ResourceSerializer
  serializer.new(user)
end

#updateObject 



84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 84

def update
  # make sure user is authorized
  unless @user
    return render json: error_messages('Unauthorized'), status: 401
  end

  # ensure that password params were sent
  unless password_resource_params[:password] and password_resource_params[:password_confirmation]
    return render json: error_messages('You must fill out the fields labeled "password" and "password confirmation".'), status: 422
  end

  if @user.update_attributes(password_resource_params)
    return render json: resource_serializer(@user)
  else
    return render json: error_serializer(@user), status: 422
  end
end