Bugfix: Fix password reset (#455)

2020-02-02 23:07:38 +05:45
parent 0b31e14132
commit a287c86bc4
5 changed files with 10 additions and 7 deletions
--- a/app/controllers/devise_overrides/passwords_controller.rb
+++ b/app/controllers/devise_overrides/passwords_controller.rb
@@ -0,0 +1,48 @@
+class DeviseOverrides::PasswordsController < Devise::PasswordsController
+  include AuthHelper
+
+  skip_before_action :require_no_authentication, raise: false
+  skip_before_action :authenticate_user!, raise: false
+
+  def update
+    # params: reset_password_token, password, password_confirmation
+    original_token = params[:reset_password_token]
+    reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token)
+    @recoverable = User.find_by(reset_password_token: reset_password_token)
+    if @recoverable && reset_password_and_confirmation(@recoverable)
+      send_auth_headers(@recoverable)
+      render json: {
+        data: @recoverable.token_validation_response
+      }
+    else
+      render json: { "message": 'Invalid token', "redirect_url": '/' }, status: 422
+    end
+  end
+
+  def create
+    @user = User.find_by(email: params[:email])
+    if @user
+      @user.send_reset_password_instructions
+      build_response(I18n.t('messages.reset_password_success'), 200)
+    else
+      build_response(I18n.t('messages.reset_password_failure'), 404)
+    end
+  end
+
+  protected
+
+  def reset_password_and_confirmation(recoverable)
+    recoverable.confirm unless recoverable.confirmed? # confirm if user resets password without confirming anytime before
+    recoverable.reset_password(params[:password], params[:password_confirmation])
+    recoverable.reset_password_token = nil
+    recoverable.confirmation_token = nil
+    recoverable.reset_password_sent_at = nil
+    recoverable.save!
+  end
+
+  def build_response(message, status)
+    render json: {
+      "message": message
+    }, status: status
+  end
+end