bustikiller/wedding-planner
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity

Install Rails' authentication generator #142

Merged
bustikiller merged 6 commits from authentication into main 2024-11-29 19:44:50 +00:00
Conversation 0 Commits 6 Files Changed 20 +18 -25
3 changed files with 18 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 3e38630eb4 - Show all commits

25
app/controllers/passwords_controller.rb
View File

@ -2,34 +2,29 @@
class PasswordsController < ApplicationController class PasswordsController < ApplicationController
allow_unauthenticated_access allow_unauthenticated_access
before_action :set_user_by_token, only: %i[ edit update ] before_action :set_user_by_token, only: :update
def new
end
def create def create
if user = User.find_by(email_address: params[:email_address]) if user = User.find_by(email_address: params[:email_address])
PasswordsMailer.reset(user).deliver_later PasswordsMailer.reset(user).deliver_later
end end
redirect_to new_session_path, notice: "Password reset instructions sent (if user with that email address exists)." render json: {}, status: :ok
end
def edit
end end
def update def update
if @user.update(params.permit(:password, :password_confirmation)) if @user.update(params.permit(:password, :password_confirmation))
redirect_to new_session_path, notice: "Password has been reset." render json: {}, status: :ok
else else
redirect_to edit_password_path(params[:token]), alert: "Passwords did not match." render json: { errors: @user.errors.full_messages }, status: :unprocessable_entity
end end
end end
private private
def set_user_by_token
@user = User.find_by_password_reset_token!(params[:token]) def set_user_by_token
rescue ActiveSupport::MessageVerifier::InvalidSignature @user = User.find_by_password_reset_token!(params[:token])
redirect_to new_password_path, alert: "Password reset link is invalid or has expired." rescue ActiveSupport::MessageVerifier::InvalidSignature
end redirect_to new_password_path, alert: 'Password reset link is invalid or has expired.'
end
end end

14
app/controllers/sessions_controller.rb
View File

@ -1,23 +1,21 @@
# Copyright (C) 2024 Manuel Bustillo # Copyright (C) 2024 Manuel Bustillo
class SessionsController < ApplicationController class SessionsController < ApplicationController
allow_unauthenticated_access only: %i[ new create ] allow_unauthenticated_access only: :create
rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_url, alert: "Try again later." } rate_limit to: 10, within: 3.minutes, only: :create,
with: -> { render json: { errors: ['Rate limit exceeded'] }, status: :too_many_requests }
def new
end
def create def create
if user = User.authenticate_by(params.permit(:email_address, :password)) if user = User.authenticate_by(params.permit(:email_address, :password))
start_new_session_for user start_new_session_for user
redirect_to after_authentication_url render json: {}, status: :created
else else
redirect_to new_session_path, alert: "Try another email address or password." render json: { errors: ['Invalid email address or password'] }, status: :unauthorized
end end
end end
def destroy def destroy
terminate_session terminate_session
redirect_to new_session_path render json: {}, status: :ok
end end
end end

4
config/routes.rb
View File

@ -1,8 +1,8 @@
# Copyright (C) 2024 Manuel Bustillo # Copyright (C) 2024 Manuel Bustillo
Rails.application.routes.draw do Rails.application.routes.draw do
resource :session resource :session, only: %i[create destroy]
resources :passwords, param: :token resources :passwords, param: :token, only: %w[create update]
mount Rswag::Ui::Engine => '/api-docs' mount Rswag::Ui::Engine => '/api-docs'
mount Rswag::Api::Engine => '/api-docs' mount Rswag::Api::Engine => '/api-docs'
resources :groups, only: :index resources :groups, only: :index