31 lines
859 B
Ruby
31 lines
859 B
Ruby
# Copyright (C) 2024 Manuel Bustillo
|
|
|
|
class PasswordsController < ApplicationController
|
|
allow_unauthenticated_access
|
|
before_action :set_user_by_token, only: :update
|
|
|
|
def create
|
|
if user = User.find_by(email_address: params[:email_address])
|
|
PasswordsMailer.reset(user).deliver_later
|
|
end
|
|
|
|
render json: {}, status: :created
|
|
end
|
|
|
|
def update
|
|
if @user.update(params.permit(:password, :password_confirmation))
|
|
render json: {}, status: :ok
|
|
else
|
|
render json: { errors: @user.errors.full_messages }, status: :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def set_user_by_token
|
|
@user = User.find_by_password_reset_token!(params[:token])
|
|
rescue ActiveSupport::MessageVerifier::InvalidSignature
|
|
render json: { errors: ['Password reset link is invalid or has expired.'] }, status: :unprocessable_entity
|
|
end
|
|
end
|