Sha256: 808fb3289c230ddf6800eb091b69f5b505a81a1a4fc05ca8d1f1d028f09e0728

Contents?: true

Size: 992 Bytes

Versions: 2

Compression:

Stored size: 992 Bytes

Contents

class Identity::PasswordResetsController < ApplicationController
  skip_before_action :authenticate

  before_action :set_user, only: :update
  <%- if options.lockable? %>
  before_action :require_lock, only: :create
  <%- end -%>

  def create
    if @user = User.find_by(email: params[:email], verified: true)
      UserMailer.with(user: @user).password_reset.deliver_later
    else
      render json: { error: "You can't reset your password until you verify your email" }, status: :bad_request
    end
  end

  def update
    if @user.update(user_params)
      @token.destroy; render json: @user
    else
      render json: @user.errors, status: :unprocessable_entity
    end
  end

  private
    def set_user
      @token = PasswordResetToken.find_signed!(params[:sid]); @user = @token.user
    rescue
      render json: { error: "That password reset link is invalid" }, status: :bad_request
    end

    def user_params
      params.permit(:password, :password_confirmation)
    end
end

Version data entries

2 entries across 2 versions & 1 rubygems

Version Path
authentication-zero-2.15.0 lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt
authentication-zero-2.14.0 lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt