From a30328305fb47c01048b34623e2d2087a79aaf24 Mon Sep 17 00:00:00 2001 From: Manuel Bustillo Date: Sat, 30 Nov 2024 10:44:21 +0100 Subject: [PATCH] Revert "Refine controllers" This reverts commit 3e38630eb45ec494e25aa9fb3435e8b7655a60a6. --- app/controllers/passwords_controller.rb | 25 +++++++++++++++---------- app/controllers/sessions_controller.rb | 14 ++++++++------ config/routes.rb | 4 ++-- 3 files changed, 25 insertions(+), 18 deletions(-) diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 9877034..49e8595 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -2,29 +2,34 @@ class PasswordsController < ApplicationController allow_unauthenticated_access - before_action :set_user_by_token, only: :update + before_action :set_user_by_token, only: %i[ edit update ] + + def new + end def create if user = User.find_by(email_address: params[:email_address]) PasswordsMailer.reset(user).deliver_later end - render json: {}, status: :ok + redirect_to new_session_path, notice: "Password reset instructions sent (if user with that email address exists)." + end + + def edit end def update if @user.update(params.permit(:password, :password_confirmation)) - render json: {}, status: :ok + redirect_to new_session_path, notice: "Password has been reset." else - render json: { errors: @user.errors.full_messages }, status: :unprocessable_entity + redirect_to edit_password_path(params[:token]), alert: "Passwords did not match." end end private - - def set_user_by_token - @user = User.find_by_password_reset_token!(params[:token]) - rescue ActiveSupport::MessageVerifier::InvalidSignature - redirect_to new_password_path, alert: 'Password reset link is invalid or has expired.' - end + def set_user_by_token + @user = User.find_by_password_reset_token!(params[:token]) + rescue ActiveSupport::MessageVerifier::InvalidSignature + redirect_to new_password_path, alert: "Password reset link is invalid or has expired." + end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index aa74562..6a46998 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,21 +1,23 @@ # Copyright (C) 2024 Manuel Bustillo class SessionsController < ApplicationController - allow_unauthenticated_access only: :create - rate_limit to: 10, within: 3.minutes, only: :create, - with: -> { render json: { errors: ['Rate limit exceeded'] }, status: :too_many_requests } + allow_unauthenticated_access only: %i[ new create ] + rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_url, alert: "Try again later." } + + def new + end def create if user = User.authenticate_by(params.permit(:email_address, :password)) start_new_session_for user - render json: {}, status: :created + redirect_to after_authentication_url else - render json: { errors: ['Invalid email address or password'] }, status: :unauthorized + redirect_to new_session_path, alert: "Try another email address or password." end end def destroy terminate_session - render json: {}, status: :ok + redirect_to new_session_path end end diff --git a/config/routes.rb b/config/routes.rb index ed59be2..537876a 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,8 +1,8 @@ # Copyright (C) 2024 Manuel Bustillo Rails.application.routes.draw do - resource :session, only: %i[create destroy] - resources :passwords, param: :token, only: %w[create update] + resource :session + resources :passwords, param: :token mount Rswag::Ui::Engine => '/api-docs' mount Rswag::Api::Engine => '/api-docs' resources :groups, only: :index