2019-08-14 09:48:44 +00:00
|
|
|
class PasswordsController < Devise::PasswordsController
|
2019-08-19 08:19:57 +00:00
|
|
|
skip_before_action :require_no_authentication, raise: false
|
|
|
|
skip_before_action :authenticate_user!, raise: false
|
2019-08-14 09:48:44 +00:00
|
|
|
|
|
|
|
def update
|
2019-10-20 08:47:26 +00:00
|
|
|
# params: reset_password_token, password, password_confirmation
|
2019-08-14 09:48:44 +00:00
|
|
|
original_token = params[:reset_password_token]
|
|
|
|
reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token)
|
|
|
|
@recoverable = User.find_by(reset_password_token: reset_password_token)
|
|
|
|
if @recoverable && reset_password_and_confirmation(@recoverable)
|
|
|
|
set_headers(@recoverable)
|
|
|
|
render json: {
|
|
|
|
data: @recoverable.token_validation_response
|
|
|
|
}
|
|
|
|
else
|
2019-10-20 08:47:26 +00:00
|
|
|
render json: { "message": 'Invalid token', "redirect_url": '/' }, status: 422
|
2019-08-14 09:48:44 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def create
|
|
|
|
@user = User.find_by(email: params[:email])
|
|
|
|
if @user
|
|
|
|
@user.send_reset_password_instructions
|
2019-10-20 08:47:26 +00:00
|
|
|
build_response(I18n.t('messages.reset_password_success'), 200)
|
2019-08-14 09:48:44 +00:00
|
|
|
else
|
2019-10-20 08:47:26 +00:00
|
|
|
build_response(I18n.t('messages.reset_password_failure'), 404)
|
2019-08-14 09:48:44 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
protected
|
|
|
|
|
|
|
|
def set_headers(user)
|
|
|
|
data = user.create_new_auth_token
|
2019-10-22 07:58:45 +00:00
|
|
|
response.headers[DeviseTokenAuth.headers_names[:"access-token"]] = data['access-token']
|
|
|
|
response.headers[DeviseTokenAuth.headers_names[:"token-type"]] = 'Bearer'
|
|
|
|
response.headers[DeviseTokenAuth.headers_names[:client]] = data['client']
|
|
|
|
response.headers[DeviseTokenAuth.headers_names[:expiry]] = data['expiry']
|
|
|
|
response.headers[DeviseTokenAuth.headers_names[:uid]] = data['uid']
|
2019-08-14 09:48:44 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def reset_password_and_confirmation(recoverable)
|
2019-10-20 08:47:26 +00:00
|
|
|
recoverable.confirm unless recoverable.confirmed? # confirm if user resets password without confirming anytime before
|
2019-08-14 09:48:44 +00:00
|
|
|
recoverable.reset_password(params[:password], params[:password_confirmation])
|
|
|
|
recoverable.reset_password_token = nil
|
|
|
|
recoverable.confirmation_token = nil
|
|
|
|
recoverable.reset_password_sent_at = nil
|
|
|
|
recoverable.save!
|
|
|
|
end
|
|
|
|
|
|
|
|
def build_response(message, status)
|
|
|
|
render json: {
|
2019-10-20 08:47:26 +00:00
|
|
|
"message": message
|
|
|
|
}, status: status
|
2019-08-14 09:48:44 +00:00
|
|
|
end
|
|
|
|
end
|