From 4107c822ba6eb31dd8c1382a6af466116a48fce8 Mon Sep 17 00:00:00 2001 From: rt00492 <rt00492@surrey.ac.uk> Date: Sat, 30 Apr 2022 20:59:02 +0100 Subject: [PATCH] Adding password reset functionality, adding http status codes, removing puts --- app/controllers/application_controller.rb | 2 -- app/controllers/auth_controller.rb | 22 ++++++++++++++++----- app/controllers/passwords_controller.rb | 18 +++++++++++++++++ app/controllers/registrations_controller.rb | 1 - app/models/user.rb | 2 +- config/routes.rb | 5 ++++- 6 files changed, 40 insertions(+), 10 deletions(-) create mode 100644 app/controllers/passwords_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index a240f97..73a2860 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -4,8 +4,6 @@ class ApplicationController < ActionController::API def render_jsonapi_response(resource) if resource.errors.empty? - puts "lol" - puts resource.email render jsonapi: resource else render jsonapi_errors: resource.errors, status: 400 diff --git a/app/controllers/auth_controller.rb b/app/controllers/auth_controller.rb index a7ab6c6..9e49d9b 100644 --- a/app/controllers/auth_controller.rb +++ b/app/controllers/auth_controller.rb @@ -6,25 +6,37 @@ class AuthController < ApplicationController end def auth_success - render json: { message: 'User Authenticated.'} + render json: { message: 'User Authenticated.'}, status: 200 end def auth_fail - render json: { message: 'Failed to Authenticate User.'} + render json: { message: 'Failed to Authenticate User.'}, status: 401 end def get_email - puts params ids = params["auth"]["ids"] - puts ids if authenticate_user! emails = [] ids.each do |i| emails.push(User.find_by(id: i).email) end - render json: { emails: emails } + render json: { emails: emails }, status: 200 else auth_fail end end + + def password_reset_token + token, hashed_token = Devise.token_generator.generate(User, :reset_password_token) + user = User.find_by(email: params["email"]) + if user == nil + render json: { error: "user not found" }, status: 404 + else + user.reset_password_token = hashed_token + user.reset_password_sent_at = Time.now + user.save + render json: {token: token}, status: 200 + end + end + end \ No newline at end of file diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb new file mode 100644 index 0000000..8964544 --- /dev/null +++ b/app/controllers/passwords_controller.rb @@ -0,0 +1,18 @@ +class PasswordsController < Devise::PasswordsController + def update + user = User.with_reset_password_token(params["reset_password_token"]) + if user == nil + render json: {"message": "user not found"}, status: 404 + else + if user.reset_password_sent_at + 2.hours > Time.now + user.reset_password(params["password"], params["password_confirmation"]) + render json: {"message": "password changed"}, status: 200 + else + render json: {"message": "password reset expired"}, status: 401 + + end + + end + + end +end \ No newline at end of file diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index 05ad147..c885a2c 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -6,5 +6,4 @@ class RegistrationsController < Devise::RegistrationsController sign_up(resource_name, resource) if resource.persisted? render_jsonapi_response(resource) end - end \ No newline at end of file diff --git a/app/models/user.rb b/app/models/user.rb index 5f6a800..a00a7b4 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,7 +1,7 @@ class User < ApplicationRecord # Include default devise modules. Others available are: # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable - devise :database_authenticatable, :registerable, + devise :database_authenticatable, :registerable, :recoverable, :jwt_authenticatable, jwt_revocation_strategy: JwtDenylist end diff --git a/config/routes.rb b/config/routes.rb index 1ec2497..6e9a3e8 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -6,6 +6,7 @@ Rails.application.routes.draw do post 'auth', to: 'auth#access_check' post 'auth/email', to: 'auth#get_email' + post 'reset_password_token', to: 'auth#password_reset_token' devise_for :users, defaults: { format: :json }, @@ -20,5 +21,7 @@ Rails.application.routes.draw do registrations: 'registrations', } - + devise_scope :user do + put 'reset_password', to: 'passwords#update' + end end -- GitLab