Class: Spree::Api::V3::Admin::InvitationAcceptancesController

Inherits:

BaseController

• Object
• ActionController::API
• BaseController
• BaseController
• Spree::Api::V3::Admin::InvitationAcceptancesController

Includes:

AuthCookies

Defined in:

app/controllers/spree/api/v3/admin/invitation_acceptances_controller.rb

Overview

Public invitation acceptance — mounted under ‘/api/v3/admin/auth/…` so the issued refresh-token cookie’s path matches ‘/auth/refresh`.

Constant Summary

Constants included from AuthCookies

AuthCookies::COOKIE_PATH, AuthCookies::REFRESH_COOKIE_NAME

Constants included from ScopedAuthorization

ScopedAuthorization::READ_ACTIONS

Constants inherited from BaseController

BaseController::RATE_LIMIT_RESPONSE

Constants included from Idempotent

Idempotent::IDEMPOTENCY_HEADER, Idempotent::IDEMPOTENCY_TTL, Idempotent::MAX_KEY_LENGTH, Idempotent::MUTATING_METHODS

Constants included from ErrorHandler

ErrorHandler::ERROR_CODES

Constants included from JwtAuthentication

JwtAuthentication::JWT_AUDIENCE_ADMIN, JwtAuthentication::JWT_AUDIENCE_STORE, JwtAuthentication::JWT_ISSUER, JwtAuthentication::USER_TYPE_ADMIN, JwtAuthentication::USER_TYPE_CUSTOMER

Instance Method Summary

• #accept ⇒ Object

  POST /api/v3/admin/auth/invitations/:id/accept?token=:token Body: { password?, password_confirmation?, first_name?, last_name? }.

• #lookup ⇒ Object

  GET /api/v3/admin/auth/invitations/:id/lookup?token=:token.

Methods included from Spree::Api::V3::ApiKeyAuthentication

#authenticate_api_key!, #authenticate_secret_key!

Methods included from JwtAuthentication

#authenticate_user, #require_authentication!

Instance Method Details

#accept ⇒ Object

POST /api/v3/admin/auth/invitations/:id/accept?token=:token Body: { password?, password_confirmation?, first_name?, last_name? }

# File 'app/controllers/spree/api/v3/admin/invitation_acceptances_controller.rb', line 28

def accept
  return unless load_invitation

  user = resolve_or_create_invitee(@invitation)
  return if performed?

  @invitation.invitee = user
  @invitation.accept!

  refresh_token = Spree::RefreshToken.create_for(user, request_env: request_env_for_token)
  set_refresh_cookie(refresh_token)
  render json: auth_response(user)
rescue ActiveRecord::RecordInvalid => e
  render_validation_error(e.record.errors)
end

#lookup ⇒ Object

GET /api/v3/admin/auth/invitations/:id/lookup?token=:token

# File 'app/controllers/spree/api/v3/admin/invitation_acceptances_controller.rb', line 20

def lookup
  return unless load_invitation

  render json: Spree.api.admin_invitation_serializer.new(@invitation).serializable_hash
end