Class: DeviseTokenAuth::PasswordsController

Inherits:
ApplicationController show all
Defined in:
app/controllers/devise_token_auth/passwords_controller.rb

Instance Method Summary collapse

Methods inherited from ApplicationController

#resource_data, #resource_errors

Instance Method Details

#createObject

this action is responsible for generating password reset tokens and sending emails



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 9

def create
  return render_create_error_missing_email unless resource_params[:email]

  @email = get_case_insensitive_field_from_resource_params(:email)
  @resource = find_resource(:uid, @email)

  if @resource
    yield @resource if block_given?
    @resource.send_reset_password_instructions(
      email: @email,
      provider: 'email',
      redirect_url: @redirect_url,
      client_config: params[:config_name]
    )

    if @resource.errors.empty?
      return render_create_success
    else
      render_create_error @resource.errors
    end
  else
    render_not_found_error
  end
end

#editObject

this is where users arrive after visiting the password reset confirmation link



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 35

def edit
  # if a user is not found, return nil
  @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])

  if @resource && @resource.reset_password_period_valid?
    token = @resource.create_token unless require_client_password_reset_token?

    # ensure that user is confirmed
    @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at
    # allow user to change password once without current_password
    @resource.allow_password_change = true if recoverable_enabled?

    @resource.save!

    yield @resource if block_given?

    if require_client_password_reset_token?
      redirect_to DeviseTokenAuth::Url.generate(@redirect_url, reset_password_token: resource_params[:reset_password_token]),
      redirect_options
    else
      if DeviseTokenAuth.cookie_enabled
        set_token_in_cookie(@resource, token)
      end

      redirect_header_options = { reset_password: true }
      redirect_headers = build_redirect_headers(token.token,
                                                token.client,
                                                redirect_header_options)
      redirect_to(@resource.build_auth_url(@redirect_url,
                                           redirect_headers),
                                           redirect_options)
    end
  else
    render_edit_error
  end
end

#updateObject



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 72

def update
  # make sure user is authorized
  if require_client_password_reset_token? && resource_params[:reset_password_token]
    @resource = resource_class.with_reset_password_token(resource_params[:reset_password_token])
    return render_update_error_unauthorized unless @resource

    @token = @resource.create_token
  else
    @resource = set_user_by_token
  end

  return render_update_error_unauthorized unless @resource

  # make sure account doesn't use oauth2 provider
  unless @resource.provider == 'email'
    return render_update_error_password_not_required
  end

  # ensure that password params were sent
  unless password_resource_params[:password] && password_resource_params[:password_confirmation]
    return render_update_error_missing_password
  end

  if @resource.send(resource_update_method, password_resource_params)
    @resource.allow_password_change = false if recoverable_enabled?
    @resource.save!

    yield @resource if block_given?
    return render_update_success
  else
    return render_update_error
  end
end