Class: DeviseTokenAuth::PasswordsController

Inherits:

ApplicationController

• Object
• DeviseController
• ApplicationController
• DeviseTokenAuth::PasswordsController

Defined in:

app/controllers/devise_token_auth/passwords_controller.rb

Instance Method Summary

• #create ⇒ Object

  this action is responsible for generating password reset tokens and sending emails.

• #edit ⇒ Object

  this is where users arrive after visiting the password reset confirmation link.

• #update ⇒ Object

Methods inherited from ApplicationController

#resource_data, #resource_errors

Instance Method Details

#create ⇒ Object

this action is responsible for generating password reset tokens and sending emails

# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 9

def create
  return render_create_error_missing_email unless resource_params[:email]

  @email = get_case_insensitive_field_from_resource_params(:email)
  @resource = find_resource(:uid, @email)

  if @resource
    yield @resource if block_given?
    @resource.send_reset_password_instructions(
      email: @email,
      provider: 'email',
      redirect_url: @redirect_url,
      client_config: params[:config_name]
    )

    if @resource.errors.empty?
      return render_create_success
    else
      render_create_error @resource.errors
    end
  else
    render_not_found_error
  end
end

#edit ⇒ Object

this is where users arrive after visiting the password reset confirmation link

# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 35

def edit
  # if a user is not found, return nil
  @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])

  if @resource && @resource.reset_password_period_valid?
    token = @resource.create_token unless require_client_password_reset_token?

    # ensure that user is confirmed
    @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at
    # allow user to change password once without current_password
    @resource.allow_password_change = true if recoverable_enabled?

    @resource.save!

    yield @resource if block_given?

    if require_client_password_reset_token?
      redirect_to DeviseTokenAuth::Url.generate(@redirect_url, reset_password_token: resource_params[:reset_password_token])
    else
      redirect_header_options = { reset_password: true }
      redirect_headers = build_redirect_headers(token.token,
                                                token.client,
                                                redirect_header_options)
      redirect_to(@resource.build_auth_url(@redirect_url,
                                           redirect_headers))
    end
  else
    render_edit_error
  end
end

#update ⇒ Object

# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 66

def update
  # make sure user is authorized
  if require_client_password_reset_token? && resource_params[:reset_password_token]
    @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])
    return render_update_error_unauthorized unless @resource

    @token = @resource.create_token
  else
    @resource = set_user_by_token
  end

  return render_update_error_unauthorized unless @resource

  # make sure account doesn't use oauth2 provider
  unless @resource.provider == 'email'
    return render_update_error_password_not_required
  end

  # ensure that password params were sent
  unless password_resource_params[:password] && password_resource_params[:password_confirmation]
    return render_update_error_missing_password
  end

  if @resource.send(resource_update_method, password_resource_params)
    @resource.allow_password_change = false if recoverable_enabled?
    @resource.save!

    yield @resource if block_given?
    return render_update_success
  else
    return render_update_error
  end
end