Sha256: 78d471467e111d3170e0abdc2b25e1dc709f719c16a761b9762ef7fbe8f97781
Contents?: true
Size: 1.5 KB
Versions: 4
Compression:
Stored size: 1.5 KB
Contents
class PasswordResetsController < ApplicationController
skip_before_action :authenticate
<% if options.lockable? -%>
before_action :require_locking, only: :create
<% end -%>
before_action :set_<%= singular_table_name %>, only: :update
def create
if @<%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
IdentityMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).password_reset_provision.deliver_later
else
render json: { error: "You can't reset your password until you verify your email" }, status: :not_found
end
end
def update
if @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
render json: @<%= singular_table_name %>
else
render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
end
end
private
def set_<%= singular_table_name %>
@<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
rescue
render json: { error: "That password reset link is invalid" }, status: :bad_request
end
def <%= "#{singular_table_name}_params" %>
params.permit(:password, :password_confirmation)
end
<% if options.lockable? %>
def require_locking
Locking.lock_on("password_reset_lock:#{request.remote_ip}", wait: 1.hour, attempts: 10) do
render json: { error: "You've exceeded the maximum number of attempts" }, status: :too_many_requests
end
end
<% end -%>
end
Version data entries
4 entries across 4 versions & 1 rubygems