From 4107c822ba6eb31dd8c1382a6af466116a48fce8 Mon Sep 17 00:00:00 2001
From: rt00492 <rt00492@surrey.ac.uk>
Date: Sat, 30 Apr 2022 20:59:02 +0100
Subject: [PATCH] Adding password reset functionality, adding http status 
 codes, removing puts

---
 app/controllers/application_controller.rb   |  2 --
 app/controllers/auth_controller.rb          | 22 ++++++++++++++++-----
 app/controllers/passwords_controller.rb     | 18 +++++++++++++++++
 app/controllers/registrations_controller.rb |  1 -
 app/models/user.rb                          |  2 +-
 config/routes.rb                            |  5 ++++-
 6 files changed, 40 insertions(+), 10 deletions(-)
 create mode 100644 app/controllers/passwords_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index a240f97..73a2860 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,8 +4,6 @@ class ApplicationController < ActionController::API
 
   def render_jsonapi_response(resource)
     if resource.errors.empty?
-      puts "lol"
-      puts resource.email
       render jsonapi: resource
     else
       render jsonapi_errors: resource.errors, status: 400
diff --git a/app/controllers/auth_controller.rb b/app/controllers/auth_controller.rb
index a7ab6c6..9e49d9b 100644
--- a/app/controllers/auth_controller.rb
+++ b/app/controllers/auth_controller.rb
@@ -6,25 +6,37 @@ class AuthController < ApplicationController
     end
 
     def auth_success
-        render json: { message: 'User Authenticated.'}
+        render json: { message: 'User Authenticated.'}, status: 200
     end
 
     def auth_fail
-        render json: { message: 'Failed to Authenticate User.'}
+        render json: { message: 'Failed to Authenticate User.'}, status: 401
     end
 
     def get_email
-        puts params
         ids = params["auth"]["ids"]
-        puts ids
         if authenticate_user!
             emails = []
             ids.each do |i|
                 emails.push(User.find_by(id: i).email)
             end 
-            render json: { emails: emails }
+            render json: { emails: emails }, status: 200
         else
             auth_fail
         end
     end
+
+    def password_reset_token
+        token, hashed_token = Devise.token_generator.generate(User, :reset_password_token)
+        user = User.find_by(email: params["email"])
+        if user == nil
+            render json: { error: "user not found" }, status: 404
+        else
+            user.reset_password_token = hashed_token
+            user.reset_password_sent_at = Time.now
+            user.save
+            render json: {token: token}, status: 200
+        end
+    end
+
 end
\ No newline at end of file
diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
new file mode 100644
index 0000000..8964544
--- /dev/null
+++ b/app/controllers/passwords_controller.rb
@@ -0,0 +1,18 @@
+class PasswordsController < Devise::PasswordsController
+    def update
+        user = User.with_reset_password_token(params["reset_password_token"])
+        if user == nil
+            render json: {"message": "user not found"}, status: 404
+        else
+            if user.reset_password_sent_at + 2.hours > Time.now
+                user.reset_password(params["password"], params["password_confirmation"])
+                render json: {"message": "password changed"}, status: 200
+            else
+                render json: {"message": "password reset expired"}, status: 401
+
+            end
+
+        end
+
+    end
+end
\ No newline at end of file
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index 05ad147..c885a2c 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -6,5 +6,4 @@ class RegistrationsController < Devise::RegistrationsController
       sign_up(resource_name, resource) if resource.persisted?
       render_jsonapi_response(resource)
     end
-  
   end
\ No newline at end of file
diff --git a/app/models/user.rb b/app/models/user.rb
index 5f6a800..a00a7b4 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,7 +1,7 @@
 class User < ApplicationRecord
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
-  devise :database_authenticatable, :registerable,
+  devise :database_authenticatable, :registerable, :recoverable,
         :jwt_authenticatable, jwt_revocation_strategy: JwtDenylist
          
 end
diff --git a/config/routes.rb b/config/routes.rb
index 1ec2497..6e9a3e8 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -6,6 +6,7 @@ Rails.application.routes.draw do
 
   post 'auth', to: 'auth#access_check'
   post 'auth/email', to: 'auth#get_email'
+  post 'reset_password_token', to: 'auth#password_reset_token'
 
   devise_for :users,
     defaults: { format: :json },
@@ -20,5 +21,7 @@ Rails.application.routes.draw do
       registrations: 'registrations',
     }
 
-
+  devise_scope :user do
+    put 'reset_password', to: 'passwords#update'
+  end
 end
-- 
GitLab