Class: DeviseJwtAuth::PasswordsController
- Inherits:
-
ApplicationController
- Object
- DeviseController
- ApplicationController
- DeviseJwtAuth::PasswordsController
- Defined in:
- app/controllers/devise_jwt_auth/passwords_controller.rb
Instance Method Summary collapse
-
#create ⇒ Object
This action is responsible for generating password reset tokens and sending emails.
-
#edit ⇒ Object
This is where users arrive after visiting the password reset confirmation link.
- #update ⇒ Object
Methods inherited from ApplicationController
#resource_data, #resource_errors
Instance Method Details
#create ⇒ Object
This action is responsible for generating password reset tokens and sending emails
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# File 'app/controllers/devise_jwt_auth/passwords_controller.rb', line 8 def create return render_create_error_missing_email unless resource_params[:email] @email = get_case_insensitive_field_from_resource_params(:email) @resource = find_resource(:uid, @email) if @resource yield @resource if block_given? @resource.send_reset_password_instructions( email: @email, provider: 'email', redirect_url: @redirect_url ) if @resource.errors.empty? render_create_success else render_create_error @resource.errors end else render_not_found_error end end |
#edit ⇒ Object
This is where users arrive after visiting the password reset confirmation link.
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'app/controllers/devise_jwt_auth/passwords_controller.rb', line 33 def edit @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token]) if @resource&.reset_password_period_valid? # ensure that user is confirmed @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at # allow user to change password once without current_password @resource.allow_password_change = true if recoverable_enabled? @resource.save! yield @resource if block_given? if require_client_password_reset_token? redirect_to DeviseJwtAuth::Url.generate( @redirect_url, reset_password_token: resource_params[:reset_password_token] ) else # TODO: do we put the refresh token here? redirect_to @redirect_url end else render_edit_error end end |
#update ⇒ Object
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
# File 'app/controllers/devise_jwt_auth/passwords_controller.rb', line 63 def update # Make sure user is authorized. Either by a reset_password_token or a valid access token. if require_client_password_reset_token? && resource_params[:reset_password_token] @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token]) return unless @resource else @resource = set_user_by_token end return unless @resource # make sure account doesn't use oauth2 provider return render_update_error_password_not_required unless @resource.provider == 'email' # ensure that password params were sent unless password_resource_params[:password] && password_resource_params[:password_confirmation] return render_update_error_missing_password end if @resource.send(resource_update_method, password_resource_params) @resource.allow_password_change = false if recoverable_enabled? @resource.save! yield @resource if block_given? # invalidate old tokens # send refresh cookie # send access token render_update_success else render_update_error end end |