Class: DeviseTokenAuth::PasswordsController

Inherits:
ApplicationController show all
Defined in:
app/controllers/devise_token_auth/passwords_controller.rb

Instance Method Summary collapse

Methods inherited from ApplicationController

#resource_data, #resource_errors

Instance Method Details

#createObject

this action is responsible for generating password reset tokens and sending emails



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 8

def create
  unless resource_params[:email]
    return render_create_error_missing_email
  end

  # give redirect value from params priority
  @redirect_url = params[:redirect_url]

  # fall back to default value if provided
  @redirect_url ||= DeviseTokenAuth.default_password_reset_url

  unless @redirect_url
    return render_create_error_missing_redirect_url
  end

  # if whitelist is set, validate redirect_url against whitelist
  if DeviseTokenAuth.redirect_whitelist
    unless DeviseTokenAuth::Url.whitelisted?(@redirect_url)
      return render_create_error_not_allowed_redirect_url
    end
  end

  @email = get_case_insensitive_field_from_resource_params(:email)
  @resource = find_resource(:uid, @email)

  if @resource
    yield @resource if block_given?
    @resource.send_reset_password_instructions({
      email: @email,
      provider: 'email',
      redirect_url: @redirect_url,
      client_config: params[:config_name]
    })

    if @resource.errors.empty?
      return render_create_success
    else
      render_create_error @resource.errors
    end
  else
    render_not_found_error
  end
end

#editObject

this is where users arrive after visiting the password reset confirmation link



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 53

def edit
  # if a user is not found, return nil
  @resource = with_reset_password_token(resource_params[:reset_password_token])

  if @resource && @resource.reset_password_period_valid?
    client_id, token = @resource.create_token

    # ensure that user is confirmed
    @resource.skip_confirmation! if confirmable_enabled? && !@resource.confirmed_at

    # allow user to change password once without current_password
    @resource.allow_password_change = true if recoverable_enabled?

    @resource.save!

    yield @resource if block_given?

    redirect_header_options = {reset_password: true}
    redirect_headers = build_redirect_headers(token,
                                              client_id,
                                              redirect_header_options)
    redirect_to(@resource.build_auth_url(params[:redirect_url],
                                         redirect_headers))
  else
    render_edit_error
  end
end

#updateObject



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# File 'app/controllers/devise_token_auth/passwords_controller.rb', line 81

def update
  # make sure user is authorized
  unless @resource
    return render_update_error_unauthorized
  end

  # make sure account doesn't use oauth2 provider
  unless @resource.provider == 'email'
    return render_update_error_password_not_required
  end

  # ensure that password params were sent
  unless password_resource_params[:password] && password_resource_params[:password_confirmation]
    return render_update_error_missing_password
  end

  if @resource.send(resource_update_method, password_resource_params)
    @resource.allow_password_change = false if recoverable_enabled?
    @resource.save!

    yield @resource if block_given?
    return render_update_success
  else
    return render_update_error
  end
end