module TokenAuthenticateMe::Concerns::Controllers::PasswordResetable

Public Instance Methods

create() click to toggle source

Send reset token to user with e-mail address

# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 18
def create
  @user = User.find_by(find_by_hash)

  if (/@/ =~ params[:email]) == nil
    render status: 422, json: { errors: { email: ['The email address is invalid'] } }
  else
    if @user
      send_valid_reset_email(@user)
    else
      send_invalid_reset_email(params[:email])
    end

    head 204 # rails 5.2 styntax that renders a 204 status and no body
  end
end
email() click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 55
def email
  params[:email].blank? ? '' : params[:email].downcase
end
find_by_hash() click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 51
def find_by_hash
  { email: email }
end
handle_errors(e) click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 83
def handle_errors(e)
  render_errors(e.record.errors.messages)
end
render_errors(errors, status = 422) click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 79
def render_errors(errors, status = 422)
  render(json: { errors: errors }, status: status)
end
render_not_found() click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 91
def render_not_found
  head 404 # rails 5.2 styntax that renders a 404 status and no body
end
send_invalid_reset_email(email) click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 68
def send_invalid_reset_email(email)
  TokenAuthenticateMeMailer.invalid_user_reset_password_email(
    request.base_url,
    email
  ).deliver_later
end
send_valid_reset_email(user) click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 59
def send_valid_reset_email(user)
  user.create_reset_token!

  TokenAuthenticateMeMailer.valid_user_reset_password_email(
    request.base_url,
    user
  ).deliver_later
end
session_params() click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 75
def session_params
  params.permit(:password, :password_confirmation)
end
update() click to toggle source

Allow user to reset password when the token is valid and not expired

# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 36
def update
  @user.update!(
    password: params[:password],
    password_confirmation: params[:password_confirmation],
    reset_password_token: nil,
    reset_password_token_exp: nil
  )

  head 204 # rails 5.2 styntax that renders a 204 status and no body
rescue ActiveRecord::RecordInvalid => e
  handle_errors(e)
end
valid_reset_token?() click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 95
def valid_reset_token?
  # Check for
  # https://github.com/rails/rails/commit/e8572cf2f94872d81e7145da31d55c6e1b074247
  # security issue when config.action_dispatch.perform_deep_munge = false is set
  # which is common for JSON APIs
  return false if params[:id].class == Array || params[:id].nil?

  @user = User.find_by_reset_password_token(params[:id])
  @user && @user.reset_password_token_exp > DateTime.now
end
validate_reset_token() click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 87
def validate_reset_token
  valid_reset_token? || render_not_found
end