Class: DeviseTokenAuth::PasswordsController
- Inherits:
-
ApplicationController
- Object
- DeviseController
- ApplicationController
- DeviseTokenAuth::PasswordsController
- Defined in:
- app/controllers/devise_token_auth/passwords_controller.rb
Instance Method Summary collapse
-
#create ⇒ Object
this action is responsible for generating password reset tokens and sending emails.
-
#edit ⇒ Object
this is where users arrive after visiting the password reset confirmation link.
- #update ⇒ Object
Methods inherited from ApplicationController
#resource_data, #resource_errors
Instance Method Details
#create ⇒ Object
this action is responsible for generating password reset tokens and sending emails
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 8 def create unless resource_params[:email] return render_create_error_missing_email end # give redirect value from params priority @redirect_url = params[:redirect_url] # fall back to default value if provided @redirect_url ||= DeviseTokenAuth.default_password_reset_url unless @redirect_url return render_create_error_missing_redirect_url end # if whitelist is set, validate redirect_url against whitelist if DeviseTokenAuth.redirect_whitelist unless DeviseTokenAuth::Url.whitelisted?(@redirect_url) return render_create_error_not_allowed_redirect_url end end @email = get_case_insensitive_field_from_resource_params(:email) @resource = find_resource(:uid, @email) if @resource yield @resource if block_given? @resource.send_reset_password_instructions({ email: @email, provider: 'email', redirect_url: @redirect_url, client_config: params[:config_name] }) if @resource.errors.empty? return render_create_success else render_create_error @resource.errors end else render_not_found_error end end |
#edit ⇒ Object
this is where users arrive after visiting the password reset confirmation link
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 53 def edit # if a user is not found, return nil @resource = with_reset_password_token(resource_params[:reset_password_token]) if @resource && @resource.reset_password_period_valid? client_id, token = @resource.create_token # ensure that user is confirmed @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at # allow user to change password once without current_password @resource.allow_password_change = true if recoverable_enabled? @resource.save! yield @resource if block_given? = {reset_password: true} redirect_headers = build_redirect_headers(token, client_id, ) redirect_to(@resource.build_auth_url(params[:redirect_url], redirect_headers)) else render_edit_error end end |
#update ⇒ Object
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 81 def update # make sure user is authorized unless @resource return end # make sure account doesn't use oauth2 provider unless @resource.provider == 'email' return render_update_error_password_not_required end # ensure that password params were sent unless password_resource_params[:password] && password_resource_params[:password_confirmation] return render_update_error_missing_password end if @resource.send(resource_update_method, password_resource_params) @resource.allow_password_change = false if recoverable_enabled? @resource.save! yield @resource if block_given? return render_update_success else return render_update_error end end |