Adding password reset functionality, adding http status codes, removing puts

4107c822 · Treadway, Ross T (UG - Computer Science) · 2fa916e2 · 4107c822 · 4107c822 · 4107c822
Commit 4107c822 authored 3 years ago by Treadway, Ross T (UG - Computer Science)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,8 +4,6 @@ class ApplicationController < ActionController::API

  def render_jsonapi_response(resource)
    if resource.errors.empty?
-      puts "lol"
-      puts resource.email
      render jsonapi: resource
    else
      render jsonapi_errors: resource.errors, status: 400

--- a/app/controllers/auth_controller.rb
+++ b/app/controllers/auth_controller.rb
@@ -6,25 +6,37 @@ class AuthController < ApplicationController
    end

    def auth_success
-        render json: { message: 'User Authenticated.'}
+        render json: { message: 'User Authenticated.'}, status: 200
    end

    def auth_fail
-        render json: { message: 'Failed to Authenticate User.'}
+        render json: { message: 'Failed to Authenticate User.'}, status: 401
    end

    def get_email
-        puts params
        ids = params["auth"]["ids"]
-        puts ids
        if authenticate_user!
            emails = []
            ids.each do |i|
                emails.push(User.find_by(id: i).email)
            end 
-            render json: { emails: emails }
+            render json: { emails: emails }, status: 200
        else
            auth_fail
        end
    end
+
+    def password_reset_token
+        token, hashed_token = Devise.token_generator.generate(User, :reset_password_token)
+        user = User.find_by(email: params["email"])
+        if user == nil
+            render json: { error: "user not found" }, status: 404
+        else
+            user.reset_password_token = hashed_token
+            user.reset_password_sent_at = Time.now
+            user.save
+            render json: {token: token}, status: 200
+        end
+    end
+
 end
\ No newline at end of file
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
+class PasswordsController < Devise::PasswordsController
+    def update
+        user = User.with_reset_password_token(params["reset_password_token"])
+        if user == nil
+            render json: {"message": "user not found"}, status: 404
+        else
+            if user.reset_password_sent_at + 2.hours > Time.now
+                user.reset_password(params["password"], params["password_confirmation"])
+                render json: {"message": "password changed"}, status: 200
+            else
+                render json: {"message": "password reset expired"}, status: 401
+
+            end
+
+        end
+
+    end
+end
\ No newline at end of file
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -6,5 +6,4 @@ class RegistrationsController < Devise::RegistrationsController
      sign_up(resource_name, resource) if resource.persisted?
      render_jsonapi_response(resource)
    end
-  
  end
\ No newline at end of file
--- a/app/models/user.rb
+++ b/app/models/user.rb
 class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
-  devise :database_authenticatable, :registerable,
+  devise :database_authenticatable, :registerable, :recoverable,
        :jwt_authenticatable, jwt_revocation_strategy: JwtDenylist
         
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -6,6 +6,7 @@ Rails.application.routes.draw do

  post 'auth', to: 'auth#access_check'
  post 'auth/email', to: 'auth#get_email'
+  post 'reset_password_token', to: 'auth#password_reset_token'

  devise_for :users,
    defaults: { format: :json },
@@ -20,5 +21,7 @@ Rails.application.routes.draw do
      registrations: 'registrations',
    }

-
+  devise_scope :user do
+    put 'reset_password', to: 'passwords#update'
+  end
 end