Password reset tokens and password updates
parent
1d91f7f3de
commit
2116295764
|
@ -3,11 +3,14 @@ module Api
|
|||
skip_before_action :authenticate_user!, only: [:create, :update]
|
||||
|
||||
def create
|
||||
mutate PasswordResets::Create.run({})
|
||||
mutate PasswordResets::Create.run(email: params[:email])
|
||||
end
|
||||
|
||||
def update
|
||||
mutate PasswordResets::Update.run({})
|
||||
mutate PasswordResets::Update.run(
|
||||
password: params[:password],
|
||||
password_confirmation: params[:password_confirmation],
|
||||
token: params[:id])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,4 +3,10 @@ class UserMailer < ApplicationMailer
|
|||
@user = user
|
||||
mail(to: @user.email, subject: 'Welcome to The FarmBot Web App!')
|
||||
end
|
||||
|
||||
def password_reset(user, raw_token)
|
||||
@user = user
|
||||
@token = raw_token
|
||||
mail(to: @user.email, subject: 'FarmBot Password Reset Instructions')
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,12 +1,35 @@
|
|||
module PasswordResets
|
||||
class Create < Mutations::Command
|
||||
required do
|
||||
string :email
|
||||
end
|
||||
|
||||
optional do
|
||||
def validate
|
||||
email_not_found! unless user
|
||||
end
|
||||
|
||||
def execute
|
||||
send_email
|
||||
# Under no circumstance should you return the token.
|
||||
return {status: "Check your email!"}
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def send_email
|
||||
UserMailer.password_reset(user, token).deliver_later
|
||||
end
|
||||
|
||||
def token
|
||||
@token ||= PasswordResetToken.issue_to(user).encoded
|
||||
end
|
||||
|
||||
def email_not_found!
|
||||
add_error :email, :not_found, "Email not found"
|
||||
end
|
||||
|
||||
def user
|
||||
@user ||= User.find_by(email: email)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,12 +1,42 @@
|
|||
module PasswordResets
|
||||
class Update < Mutations::Command
|
||||
required do
|
||||
string :password
|
||||
string :password_confirmation
|
||||
string :token
|
||||
end
|
||||
|
||||
optional do
|
||||
def validate
|
||||
valid_password?
|
||||
end
|
||||
|
||||
def execute
|
||||
user.update_attributes!(password: password,
|
||||
password_confirmation: password_confirmation)
|
||||
Auth::CreateToken.run!(email: user.email,
|
||||
password: password)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def user
|
||||
@user = User.find_by!(email: email)
|
||||
end
|
||||
|
||||
def email
|
||||
@email ||= reset_token.unencoded["sub"]
|
||||
end
|
||||
|
||||
def valid_password?
|
||||
length_ok = (password.length > 7)
|
||||
pw_match = password == password_confirmation
|
||||
add_error :password,
|
||||
:invalid,
|
||||
"too short or does not match" unless (length_ok && pw_match)
|
||||
end
|
||||
|
||||
def reset_token
|
||||
@reset_token ||= PasswordResetToken.decode!(token)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1 +1,9 @@
|
|||
<%= yield %>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
|
||||
</head>
|
||||
<body>
|
||||
<%= yield %>
|
||||
</body>
|
||||
</html>
|
|
@ -1,13 +1,5 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta content='text/html; charset=UTF-8' http-equiv='Content-Type' />
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome to FarmBot, <%= @user.name %></h1>
|
||||
<p>
|
||||
You may log in <a href="http:<%= $API_URL %>">here</a>.<br>
|
||||
</p>
|
||||
<p>Thanks for joining and have a great day!</p>
|
||||
</body>
|
||||
</html>
|
||||
<h1>Welcome to FarmBot, <%= @user.name %></h1>
|
||||
<p>
|
||||
You may log in <a href="http:<%= $API_URL %>">here</a>.<br>
|
||||
</p>
|
||||
<p>Thanks for joining and have a great day!</p>
|
||||
|
|
Loading…
Reference in New Issue