Added reset password api method

2025-02-28 08:43:23 -05:00 · 2013-05-28 00:25:23 -04:00 · 2013-05-28 00:25:23 -04:00 · 761ab81b56
commit 761ab81b56
parent 8c864e2006
2 changed files with 29 additions and 0 deletions
--- a/app/controllers/api/v1/users_controller.rb
+++ b/app/controllers/api/v1/users_controller.rb
@ -0,0 +1,28 @@
+require 'securerandom'
+class Api::V1::UsersController < Api::V1::BaseController
+
+  def password_reset
+    if can? :manage, User
+      user = User.find_by_id(params[:user_id])
+      render :json => { "error" => "User not found"}, :status => 404 and return if user.nil?
+      render :json => { "error" => "Not allowed to reset your own password in this fashion."}, :status => 403 and return if user.id == current_user.id
+
+      new_pass = SecureRandom.hex[0,8]
+      user.password = new_pass
+      user.save
+      render :json => { "password" => new_pass}, :status => 200 and return
+    else
+      render :json => { "error" => "You do not have the permission"}, :status => 403 and return
+    end
+  end
+
+  def checkout
+    #must use @current_user since user may not have signed in
+    if !@current_user.checked_in?
+      render :json => { "error" => "You were not even checked in."}, :status => 404 and return
+    else
+      @current_user.checkout
+      render :nothing => true, :status => 204 and return
+    end
+  end
+end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -10,6 +10,7 @@ Velocipede::Application.routes.draw do
    scope 'v1', :module => :v1 do
      post 'checkin' => "logs#checkin", :as => "api_checkin"
      post 'checkout' => "logs#checkout", :as => "api_checkout"
+      post 'reset' => "users#password_reset", :as => "api_password_reset"
    end
  end