lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt in authentication-zero-2.3.6 vs lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt in authentication-zero-2.4.0
- old
+ new
@@ -1,8 +1,11 @@
class PasswordResetsController < ApplicationController
skip_before_action :authenticate
+<% if options.lockable? -%>
+ before_action :require_locking, only: :create
+<% end -%>
before_action :set_<%= singular_table_name %>, only: :update
def create
if @<%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
IdentityMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).password_reset_provision.deliver_later
@@ -27,6 +30,13 @@
end
def <%= "#{singular_table_name}_params" %>
params.permit(:password, :password_confirmation)
end
+<% if options.lockable? %>
+ def require_locking
+ Locking.lock_on("password_reset_lock_#{request.remote_ip}", wait: 1.hour, attempts: 10) do
+ render json: { error: "You've exceeded the maximum number of attempts" }, status: :too_many_requests
+ end
+ end
+<% end -%>
end