app/controllers/auth/password_resets_controller.rb
# frozen_string_literal: true
module Auth
class PasswordResetsController < Auth::ApplicationController
def mails
user = User.find_by(email: user_params[:email])
return render_api_error_of :email_not_found unless user
UserMailer.password_reset(user).deliver_later
end
def update
return render_api_error_of(:password_reset_token_invalid) unless all_params_exists?
User.find(password_reset_params[:id]).reset_password(
token: password_reset_params[:token],
password: password_reset_params[:password],
password_confirmation: password_reset_params[:password_confirmation]
) || render_api_error_of(:password_reset_token_invalid)
end
private
def all_params_exists?
password_reset_params[:token].present? &&
password_reset_params[:id].present? &&
password_reset_params[:password].present? &&
password_reset_params[:password_confirmation].present?
end
def user_params
params.require(:user).permit(:email)
end
def password_reset_params
params.require(:user).permit(
:id,
:password,
:password_confirmation,
:token
)
end
end
end