Class: DeviseJwtAuth::PasswordsController

Inherits:
ApplicationController show all
Defined in:
app/controllers/devise_jwt_auth/passwords_controller.rb

Instance Method Summary collapse

Methods inherited from ApplicationController

#resource_data, #resource_errors

Instance Method Details

#createObject

This action is responsible for generating password reset tokens and sending emails



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'app/controllers/devise_jwt_auth/passwords_controller.rb', line 8

def create
  return render_create_error_missing_email unless resource_params[:email]

  @email = get_case_insensitive_field_from_resource_params(:email)
  @resource = find_resource(:uid, @email)

  if @resource
    yield @resource if block_given?
    @resource.send_reset_password_instructions(
      email: @email,
      provider: 'email',
      redirect_url: @redirect_url
    )

    if @resource.errors.empty?
      render_create_success
    else
      render_create_error @resource.errors
    end
  else
    render_not_found_error
  end
end

#editObject

This is where users arrive after visiting the password reset confirmation link.



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'app/controllers/devise_jwt_auth/passwords_controller.rb', line 33

def edit
  @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])

  if @resource&.reset_password_period_valid?
    # ensure that user is confirmed
    @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at

    # allow user to change password once without current_password
    @resource.allow_password_change = true if recoverable_enabled?
    @resource.save!

    yield @resource if block_given?

    if require_client_password_reset_token?
      clear_refresh_token_cookie

      redirect_to DeviseJwtAuth::Url.generate(
        @redirect_url,
        reset_password_token: resource_params[:reset_password_token]
      )
    else
      # TODO: do we put the refresh token here?
      update_refresh_token_cookie
      redirect_to @redirect_url
    end
  else
    render_edit_error
  end
end

#updateObject 



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'app/controllers/devise_jwt_auth/passwords_controller.rb', line 63

def update
  # Make sure user is authorized. Either by a reset_password_token or a valid access token.
  if require_client_password_reset_token? && resource_params[:reset_password_token]
    @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])

    return render_update_error_unauthorized unless @resource
  else
    @resource = set_user_by_token
  end

  return render_update_error_unauthorized unless @resource

  # make sure account doesn't use oauth2 provider
  return render_update_error_password_not_required unless @resource.provider == 'email'

  # ensure that password params were sent
  unless password_resource_params[:password] && password_resource_params[:password_confirmation]
    return render_update_error_missing_password
  end

  if @resource.send(resource_update_method, password_resource_params)
    @resource.allow_password_change = false if recoverable_enabled?
    @resource.save!

    yield @resource if block_given?
    # invalidate old tokens
    # send refresh cookie
    # send access token
    update_refresh_token_cookie
    render_update_success
  else
    render_update_error
  end
end