module TokenAuthenticateMe::Concerns::Controllers::PasswordResetable
Public Instance Methods
create()
click to toggle source
Send reset token to user with e-mail address
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 18 def create @user = User.find_by(find_by_hash) if (/@/ =~ params[:email]) == nil render status: 422, json: { errors: { email: ['The email address is invalid'] } } else if @user send_valid_reset_email(@user) else send_invalid_reset_email(params[:email]) end head 204 # rails 5.2 styntax that renders a 204 status and no body end end
email()
click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 55 def email params[:email].blank? ? '' : params[:email].downcase end
find_by_hash()
click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 51 def find_by_hash { email: email } end
handle_errors(e)
click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 83 def handle_errors(e) render_errors(e.record.errors.messages) end
render_errors(errors, status = 422)
click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 79 def render_errors(errors, status = 422) render(json: { errors: errors }, status: status) end
render_not_found()
click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 91 def render_not_found head 404 # rails 5.2 styntax that renders a 404 status and no body end
send_invalid_reset_email(email)
click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 68 def send_invalid_reset_email(email) TokenAuthenticateMeMailer.invalid_user_reset_password_email( request.base_url, email ).deliver_later end
send_valid_reset_email(user)
click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 59 def send_valid_reset_email(user) user.create_reset_token! TokenAuthenticateMeMailer.valid_user_reset_password_email( request.base_url, user ).deliver_later end
session_params()
click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 75 def session_params params.permit(:password, :password_confirmation) end
update()
click to toggle source
Allow user to reset password when the token is valid and not expired
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 36 def update @user.update!( password: params[:password], password_confirmation: params[:password_confirmation], reset_password_token: nil, reset_password_token_exp: nil ) head 204 # rails 5.2 styntax that renders a 204 status and no body rescue ActiveRecord::RecordInvalid => e handle_errors(e) end
valid_reset_token?()
click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 95 def valid_reset_token? # Check for # https://github.com/rails/rails/commit/e8572cf2f94872d81e7145da31d55c6e1b074247 # security issue when config.action_dispatch.perform_deep_munge = false is set # which is common for JSON APIs return false if params[:id].class == Array || params[:id].nil? @user = User.find_by_reset_password_token(params[:id]) @user && @user.reset_password_token_exp > DateTime.now end
validate_reset_token()
click to toggle source
# File lib/token_authenticate_me/concerns/controllers/password_resetable.rb, line 87 def validate_reset_token valid_reset_token? || render_not_found end