rails_jwt_auth 1.7.1 → 2.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +188 -89
- data/app/controllers/concerns/rails_jwt_auth/authenticable_helper.rb +15 -7
- data/app/controllers/concerns/rails_jwt_auth/params_helper.rb +18 -4
- data/app/controllers/concerns/rails_jwt_auth/render_helper.rb +10 -2
- data/app/controllers/rails_jwt_auth/confirmations_controller.rb +48 -10
- data/app/controllers/rails_jwt_auth/invitations_controller.rb +26 -9
- data/app/controllers/rails_jwt_auth/profiles_controller.rb +50 -0
- data/app/controllers/rails_jwt_auth/reset_passwords_controller.rb +65 -0
- data/app/controllers/rails_jwt_auth/sessions_controller.rb +5 -21
- data/app/controllers/rails_jwt_auth/{unlocks_controller.rb → unlock_accounts_controller.rb} +2 -2
- data/app/mailers/rails_jwt_auth/mailer.rb +23 -28
- data/app/models/concerns/rails_jwt_auth/authenticatable.rb +60 -19
- data/app/models/concerns/rails_jwt_auth/confirmable.rb +41 -30
- data/app/models/concerns/rails_jwt_auth/invitable.rb +42 -77
- data/app/models/concerns/rails_jwt_auth/lockable.rb +28 -45
- data/app/models/concerns/rails_jwt_auth/recoverable.rb +20 -28
- data/app/models/concerns/rails_jwt_auth/trackable.rb +13 -2
- data/app/views/rails_jwt_auth/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/rails_jwt_auth/mailer/{email_changed.html.erb → email_change_requested_notification.html.erb} +0 -0
- data/app/views/rails_jwt_auth/mailer/{send_invitation.html.erb → invitation_instructions.html.erb} +1 -1
- data/app/views/rails_jwt_auth/mailer/password_changed_notification.html.erb +3 -0
- data/app/views/rails_jwt_auth/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/rails_jwt_auth/mailer/{send_unlock_instructions.html.erb → unlock_instructions.html.erb} +1 -1
- data/config/locales/en.yml +6 -6
- data/lib/generators/rails_jwt_auth/install_generator.rb +11 -3
- data/lib/generators/templates/initializer.rb +43 -29
- data/lib/generators/templates/migration.rb +2 -1
- data/lib/rails_jwt_auth.rb +45 -47
- data/lib/rails_jwt_auth/jwt_manager.rb +2 -4
- data/lib/rails_jwt_auth/session.rb +132 -0
- data/lib/rails_jwt_auth/version.rb +1 -1
- metadata +11 -15
- data/app/controllers/rails_jwt_auth/passwords_controller.rb +0 -32
- data/app/views/rails_jwt_auth/mailer/set_password_instructions.html.erb +0 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7c6772ee2532e40320c9a3e280cba9859723e84ab19fe6d3748df8daa50d92bf
|
4
|
+
data.tar.gz: 9d83ec3a94635c68b4b950531065f8cb2224f76d083084ee9c89781c2b1b5fbc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4d5b91931b1ab430156a08d7121c894488441db7ac861dc6897fb35aaaf83232f98e1432fdcf1068e5d53f7759cf60a7981c2389acde84e832eecc6901b838c1
|
7
|
+
data.tar.gz: ac901ae661940323e02901ed7719cf248d2e120c10ccb873dc85973ea4c34c3817949a6971a9c7bee8d6d530f0670983846c0eb2e8f11839808feeb319f0e408
|
data/README.md
CHANGED
@@ -5,8 +5,10 @@
|
|
5
5
|
|
6
6
|
Rails-API authentication solution based on JWT and inspired by Devise.
|
7
7
|
|
8
|
-
> This is documentation for version `
|
9
|
-
[link](https://github.com/rjurado01/rails_jwt_auth/tree/
|
8
|
+
> This is documentation for version `2.x`. If you are using `1.x` version use this
|
9
|
+
[link](https://github.com/rjurado01/rails_jwt_auth/tree/1.x)
|
10
|
+
|
11
|
+
> Version 2.x introduces incompatible API changes.
|
10
12
|
|
11
13
|
## Table of Contents
|
12
14
|
|
@@ -61,30 +63,34 @@ rails g rails_jwt_auth:migrate
|
|
61
63
|
|
62
64
|
You can edit configuration options into `config/initializers/rails_jwt_auth.rb` file created by generator.
|
63
65
|
|
64
|
-
| Option
|
65
|
-
|
|
66
|
-
| model_name
|
67
|
-
| auth_field_name
|
68
|
-
| email_auth_field
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
66
|
+
| Option | Default value | Description |
|
67
|
+
| ---------------------------------- | ---------------- | ---------------------------------------------------------------------- |
|
68
|
+
| model_name | `'User'` | Authentication model name |
|
69
|
+
| auth_field_name | `'email'` | Field used to authenticate user with password |
|
70
|
+
| email_auth_field | `'email'` | Field used to send emails |
|
71
|
+
| email_regex | `URI::MailTo::EMAIL_REGEXP`| Regex used to validate email input on requests like reset password |
|
72
|
+
| downcase_auth_field | `false` | Apply downcase to auth field when save user and when init session |
|
73
|
+
| jwt_expiration_time | `7.days` | Tokens expiration time |
|
74
|
+
| jwt_issuer | `'RailsJwtAuth'` | The "iss" (issuer) claim identifies the principal that issued the JWT |
|
75
|
+
| simultaneous_sessions | `2` | Number of simultaneous sessions for an user. Set 0 to disable sessions |
|
76
|
+
| mailer_name | `'RailsJwtAuth::Mailer'` | Authentication model name |
|
77
|
+
| mailer_sender | `...@example.com` | E-mail address which will be shown in RailsJwtAuth::Mailer |
|
78
|
+
| send_email_change_requested_notification | `true` | Notify original email when change is requested (unconfirmed) |
|
79
|
+
| send_password_changed_notification | `true` | Notify email when password changes |
|
80
|
+
| confirmation_expiration_time | `1.day` | Confirmation token expiration time |
|
81
|
+
| reset_password_expiration_time | `1.day` | Confirmation token expiration time |
|
82
|
+
| deliver_later | `false` | Uses `deliver_later` method to send emails |
|
83
|
+
| invitation_expiration_time | `2.days` | Time an invitation is valid and can be accepted |
|
84
|
+
| lock_strategy | `:none` | Strategy to be used to lock an account: `:none` or `:failed_attempts` |
|
85
|
+
| unlock_strategy | `:time` | Strategy to use when unlocking accounts: `:time`, `:email` or `:both` |
|
86
|
+
| unlock_in | `60.minutes` | Interval to unlock an account if `unlock_strategy` is `:time` |
|
87
|
+
| reset_attempts_in | `60.minutes` | Interval after which to reset failed attempts counter of an account |
|
88
|
+
| maximum_attempts | `3` | Number of failed login attempts before locking an account |
|
89
|
+
| confirm_email_url | `nil` | Your web url where emai link redirects with confirmation token |
|
90
|
+
| reset_password_url | `nil` | Your web url where emai link redirects with reset password token |
|
91
|
+
| accept_invitation_url | `nil` | Your web url where emai link redirects with invitation token |
|
92
|
+
| unlock_account_url | `nil` | Your web url where emai link redirects with unlock token |
|
93
|
+
| avoid_email_errors | `true` | Avoid returns email errors to avoid giving clue to an attacker |
|
88
94
|
|
89
95
|
## Modules
|
90
96
|
|
@@ -95,7 +101,7 @@ It's composed of 6 modules:
|
|
95
101
|
| Authenticable | Hashes and stores a password in the database to validate the authenticity of a user while signing in |
|
96
102
|
| Confirmable | Sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in |
|
97
103
|
| Recoverable | Resets the user password and sends reset instructions |
|
98
|
-
| Trackable | Tracks sign in timestamps and IP address
|
104
|
+
| Trackable | Tracks sign in and request timestamps and IP address |
|
99
105
|
| Invitable | Allows you to invite an user to your application sending an invitation mail |
|
100
106
|
| Lockable | Locks the user after a specified number of failed sign in attempts |
|
101
107
|
|
@@ -197,20 +203,24 @@ end
|
|
197
203
|
|
198
204
|
## Default Controllers API
|
199
205
|
|
200
|
-
| Prefix
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
206
|
+
| Prefix | Verb | URI Pattern | Controller#Action |
|
207
|
+
| ---------------- | ------ | ------------------------------ | ----------------------------------- |
|
208
|
+
| session | DELETE | /session(.:format) | rails_jwt_auth/sessions#destroy |
|
209
|
+
| | POST | /session(.:format) | rails_jwt_auth/sessions#create |
|
210
|
+
| registration | POST | /registration(.:format) | rails_jwt_auth/registrations#create |
|
211
|
+
| profile | GET | /profile(.:format) | rails_jwt_auth/profiles#show |
|
212
|
+
| mail_profile | PUT | /profile/email(.:format) | rails_jwt_auth/profiles#email |
|
213
|
+
| password_profile | PUT | /profile/password(.:format) | rails_jwt_auth/profiles#password |
|
214
|
+
| | PUT | /profile(.:format) | rails_jwt_auth/profiles#update |
|
215
|
+
| confirmations | POST | /confirmations(.:format) | rails_jwt_auth/confirmations#create |
|
216
|
+
| confirmation | PUT | /confirmations/:id(.:format) | rails_jwt_auth/confirmations#update |
|
217
|
+
| reset_passwords | POST | /reset_passwords(.:format) | rails_jwt_auth/reset_passwords#create |
|
218
|
+
| reset_password | GET | /reset_passwords/:id(.:format) | rails_jwt_auth/reset_passwords#show |
|
219
|
+
| | PUT | /reset_passwords/:id(.:format) | rails_jwt_auth/reset_passwords#update |
|
220
|
+
| invitations | POST | /invitations(.:format) | rails_jwt_auth/invitations#create |
|
221
|
+
| invitation | GET | /invitations/:id(.:format) | rails_jwt_auth/invitations#show |
|
222
|
+
| | PUT | /invitations/:id(.:format) | rails_jwt_auth/invitations#update |
|
223
|
+
| unlock_account | PUT | /unlock_accounts/:id(.:format) | rails_jwt_auth/unlock_accounts#update |
|
214
224
|
|
215
225
|
### Session
|
216
226
|
|
@@ -254,12 +264,73 @@ Registration api is defined by `RailsJwtAuth::RegistrationsController`.
|
|
254
264
|
data: {
|
255
265
|
user: {
|
256
266
|
email: 'user@email.com',
|
257
|
-
password: '
|
267
|
+
password: 'xxxx'
|
258
268
|
}
|
259
269
|
}
|
260
270
|
}
|
261
271
|
```
|
262
272
|
|
273
|
+
### Profile
|
274
|
+
|
275
|
+
Profile api let you get/update your user info and is defined by `RailsJwtAuth::ProfilesController`.
|
276
|
+
|
277
|
+
1. Get user info:
|
278
|
+
|
279
|
+
```js
|
280
|
+
{
|
281
|
+
url: host/profile,
|
282
|
+
method: GET,
|
283
|
+
headers: { 'Authorization': 'Bearer auth_token'}
|
284
|
+
}
|
285
|
+
```
|
286
|
+
|
287
|
+
2. Update user info:
|
288
|
+
|
289
|
+
```js
|
290
|
+
{
|
291
|
+
url: host/profile,
|
292
|
+
method: PUT,
|
293
|
+
data: {
|
294
|
+
profile: {
|
295
|
+
name: 'new_name',
|
296
|
+
}
|
297
|
+
},
|
298
|
+
headers: { 'Authorization': 'Bearer auth_token'}
|
299
|
+
}
|
300
|
+
```
|
301
|
+
|
302
|
+
3. Update user password:
|
303
|
+
|
304
|
+
```js
|
305
|
+
{
|
306
|
+
url: host/profile/password,
|
307
|
+
method: PUT,
|
308
|
+
data: {
|
309
|
+
profile: {
|
310
|
+
current_password: 'xxxx',
|
311
|
+
password: 'yyyy',
|
312
|
+
}
|
313
|
+
},
|
314
|
+
headers: { 'Authorization': 'Bearer auth_token'}
|
315
|
+
}
|
316
|
+
```
|
317
|
+
|
318
|
+
4. Update user email (needs confirmation module):
|
319
|
+
|
320
|
+
```js
|
321
|
+
{
|
322
|
+
url: host/profile/email,
|
323
|
+
method: PUT,
|
324
|
+
data: {
|
325
|
+
profile: {
|
326
|
+
email: 'new@email.com',
|
327
|
+
password: 'xxxx', # email change is protected by password
|
328
|
+
}
|
329
|
+
},
|
330
|
+
headers: { 'Authorization': 'Bearer auth_token'}
|
331
|
+
}
|
332
|
+
```
|
333
|
+
|
263
334
|
### Confirmation
|
264
335
|
|
265
336
|
Confirmation api is defined by `RailsJwtAuth::ConfirmationsController`.
|
@@ -292,30 +363,41 @@ It is necessary to set a value for `confirmations_url` option into `config/initi
|
|
292
363
|
|
293
364
|
### Password
|
294
365
|
|
295
|
-
|
366
|
+
Reset password api is defined by `RailsJwtAuth::ResetPasswordsController`.
|
296
367
|
|
297
|
-
1. Send reset password email:
|
368
|
+
1. Send reset password email (init reset password process):
|
298
369
|
|
299
370
|
```js
|
300
371
|
{
|
301
|
-
url: host/
|
372
|
+
url: host/reset_passwords,
|
302
373
|
method: POST,
|
303
374
|
data: {
|
304
|
-
|
375
|
+
reset_password: {
|
305
376
|
email: 'user@example.com'
|
306
377
|
}
|
307
378
|
}
|
308
379
|
}
|
309
380
|
```
|
310
381
|
|
311
|
-
2.
|
382
|
+
2. Check token validation:
|
383
|
+
|
384
|
+
Used to verify token and show an alert in your web before new password is setted.
|
385
|
+
|
386
|
+
```js
|
387
|
+
{
|
388
|
+
url: host/reset_passwords/:token,
|
389
|
+
method: GET
|
390
|
+
}
|
391
|
+
```
|
392
|
+
|
393
|
+
3. Update password:
|
312
394
|
|
313
395
|
```js
|
314
396
|
{
|
315
|
-
url: host/
|
397
|
+
url: host/reset_passwords/:token,
|
316
398
|
method: PUT,
|
317
399
|
data: {
|
318
|
-
|
400
|
+
reset_password: {
|
319
401
|
password: '1234',
|
320
402
|
password_confirmation: '1234'
|
321
403
|
}
|
@@ -342,7 +424,18 @@ Invitations api is provided by `RailsJwtAuth::InvitationsController`.
|
|
342
424
|
}
|
343
425
|
```
|
344
426
|
|
345
|
-
2.
|
427
|
+
2. Check token validation:
|
428
|
+
|
429
|
+
Used to verify token and show an alert in your web before invitation data is completed.
|
430
|
+
|
431
|
+
```js
|
432
|
+
{
|
433
|
+
url: host/invitations/:token,
|
434
|
+
method: GET
|
435
|
+
}
|
436
|
+
```
|
437
|
+
|
438
|
+
3. Accept an invitation:
|
346
439
|
|
347
440
|
```js
|
348
441
|
{
|
@@ -367,7 +460,7 @@ Unlock api is provided by `RailsJwtAuth::UnlocksController`.
|
|
367
460
|
|
368
461
|
```js
|
369
462
|
{
|
370
|
-
url: host/
|
463
|
+
url: host/unlock_accounts/:unlock_token,
|
371
464
|
method: PUT,
|
372
465
|
data: {}
|
373
466
|
}
|
@@ -418,7 +511,7 @@ class User < ApplicationRecord
|
|
418
511
|
|
419
512
|
def to_token_payload(request)
|
420
513
|
{
|
421
|
-
auth_token:
|
514
|
+
auth_token: auth_tokens.last,
|
422
515
|
# add here your custom info
|
423
516
|
}
|
424
517
|
end
|
@@ -427,63 +520,69 @@ end
|
|
427
520
|
|
428
521
|
### Custom responses
|
429
522
|
|
430
|
-
You can overwrite `RailsJwtAuth::RenderHelper` to customize controllers responses
|
523
|
+
You can overwrite `RailsJwtAuth::RenderHelper` to customize controllers responses
|
524
|
+
without need to overwrite each controller.
|
431
525
|
|
432
|
-
|
526
|
+
Example:
|
433
527
|
|
434
|
-
|
528
|
+
```ruby
|
529
|
+
# app/controllers/concerns/rails_jwt_auth/render_helper.rb
|
435
530
|
|
436
|
-
|
531
|
+
module RailsJwtAuth
|
532
|
+
module RenderHelper
|
533
|
+
private
|
437
534
|
|
438
|
-
|
535
|
+
def render_session(jwt, user)
|
536
|
+
# add custom field to session response
|
537
|
+
render json: {session: {jwt: jwt, my_custom_field: user.custom_field}}, status: 201
|
538
|
+
end
|
439
539
|
|
440
|
-
|
540
|
+
...
|
541
|
+
end
|
542
|
+
```
|
543
|
+
|
544
|
+
### Custom strong parameters
|
545
|
+
|
546
|
+
You can overwrite `RailsJwtAuth::ParamsHelper` to customize controllers strong parameters
|
547
|
+
without need to overwrite each controller.
|
548
|
+
|
549
|
+
Example:
|
441
550
|
|
442
551
|
```ruby
|
443
|
-
|
444
|
-
before_action 'authenticate!'
|
445
|
-
|
446
|
-
def update
|
447
|
-
if update_params[:password]
|
448
|
-
# update password and remove other sessions tokens
|
449
|
-
current_user.update_with_password(
|
450
|
-
update_params.merge(auth_tokens: [jwt_payload['auth_token']])
|
451
|
-
)
|
452
|
-
else
|
453
|
-
current_user.update_attributes(update_params)
|
454
|
-
end
|
455
|
-
end
|
552
|
+
# app/controllers/concerns/rails_jwt_auth/params_helper.rb
|
456
553
|
|
457
|
-
|
554
|
+
module RailsJwtAuth
|
555
|
+
module ParamsHelper
|
556
|
+
private
|
458
557
|
|
459
|
-
|
460
|
-
|
461
|
-
|
558
|
+
def registration_create_params
|
559
|
+
# change root to :data
|
560
|
+
params.require(:data).permit(:email, :password, :password_confirmation)
|
561
|
+
end
|
562
|
+
|
563
|
+
...
|
462
564
|
end
|
463
565
|
```
|
464
566
|
|
465
|
-
|
567
|
+
#### Custom mailer
|
466
568
|
|
467
|
-
|
468
|
-
If registration is sucess it will send email to `set_password_url` with reset password token.
|
569
|
+
To use a custom mailer, create a class that extends RailsJwtAuth::Mailer, like this:
|
469
570
|
|
470
571
|
```ruby
|
471
|
-
class
|
472
|
-
|
572
|
+
class CustomMailer < RailsJwtAuth::Mailer
|
573
|
+
def confirmation_instructions(user)
|
574
|
+
# set your custom code here
|
473
575
|
|
474
|
-
|
475
|
-
user = User.new(create_params)
|
476
|
-
user.set_and_send_password_instructions ? render_204 : render_422(user.errors.details)
|
477
|
-
end
|
478
|
-
|
479
|
-
private
|
480
|
-
|
481
|
-
def create_params
|
482
|
-
params.require(:user).permit(:email)
|
576
|
+
super
|
483
577
|
end
|
484
578
|
end
|
485
579
|
```
|
486
580
|
|
581
|
+
Then, in your `config/initializers/rails_jwt_auth.rb`, set `config.mailer` to `"CustomMailer"`.
|
582
|
+
|
583
|
+
> If you only need to customize templates, overwrite files in 'app/views/rails_jwt_auth/mailer'
|
584
|
+
|
585
|
+
|
487
586
|
## Testing (rspec)
|
488
587
|
|
489
588
|
Require the RailsJwtAuth::Spec::Helpers helper module in `rails_helper.rb`.
|
@@ -14,35 +14,43 @@ module RailsJwtAuth
|
|
14
14
|
!current_user.nil?
|
15
15
|
end
|
16
16
|
|
17
|
+
def get_jwt_from_request
|
18
|
+
request.env['HTTP_AUTHORIZATION']&.split&.last
|
19
|
+
end
|
20
|
+
|
17
21
|
def authenticate!
|
18
22
|
begin
|
19
|
-
@jwt_payload = RailsJwtAuth::JwtManager.
|
23
|
+
@jwt_payload = RailsJwtAuth::JwtManager.decode(get_jwt_from_request).first
|
20
24
|
rescue JWT::ExpiredSignature, JWT::VerificationError, JWT::DecodeError
|
21
25
|
unauthorize!
|
22
26
|
end
|
23
27
|
|
24
28
|
if !@current_user = RailsJwtAuth.model.from_token_payload(@jwt_payload)
|
25
29
|
unauthorize!
|
26
|
-
|
27
|
-
|
30
|
+
else
|
31
|
+
track_request
|
28
32
|
end
|
29
33
|
end
|
30
34
|
|
31
35
|
def authenticate
|
32
36
|
begin
|
33
|
-
@jwt_payload = RailsJwtAuth::JwtManager.
|
37
|
+
@jwt_payload = RailsJwtAuth::JwtManager.decode(get_jwt_from_request).first
|
34
38
|
@current_user = RailsJwtAuth.model.from_token_payload(@jwt_payload)
|
35
39
|
rescue JWT::ExpiredSignature, JWT::VerificationError, JWT::DecodeError
|
36
40
|
@current_user = nil
|
37
41
|
end
|
38
42
|
|
39
|
-
|
40
|
-
@current_user.update_tracked_fields!(request)
|
41
|
-
end
|
43
|
+
track_request
|
42
44
|
end
|
43
45
|
|
44
46
|
def unauthorize!
|
45
47
|
raise NotAuthorized
|
46
48
|
end
|
49
|
+
|
50
|
+
def track_request
|
51
|
+
if @current_user&.respond_to? :update_tracked_request_info
|
52
|
+
@current_user.update_tracked_request_info(request)
|
53
|
+
end
|
54
|
+
end
|
47
55
|
end
|
48
56
|
end
|
@@ -16,12 +16,12 @@ module RailsJwtAuth
|
|
16
16
|
params.require(:session).permit(RailsJwtAuth.auth_field_name, :password)
|
17
17
|
end
|
18
18
|
|
19
|
-
def
|
20
|
-
params.require(:
|
19
|
+
def reset_password_create_params
|
20
|
+
params.require(:reset_password).permit(RailsJwtAuth.email_field_name)
|
21
21
|
end
|
22
22
|
|
23
|
-
def
|
24
|
-
params.require(:
|
23
|
+
def reset_password_update_params
|
24
|
+
params.require(:reset_password).permit(:password, :password_confirmation)
|
25
25
|
end
|
26
26
|
|
27
27
|
def invitation_create_params
|
@@ -31,5 +31,19 @@ module RailsJwtAuth
|
|
31
31
|
def invitation_update_params
|
32
32
|
params.require(:invitation).permit(:password, :password_confirmation)
|
33
33
|
end
|
34
|
+
|
35
|
+
def profile_update_params
|
36
|
+
params.require(:profile).except(
|
37
|
+
RailsJwtAuth.auth_field_name, :current_password, :password, :password_confirmation
|
38
|
+
)
|
39
|
+
end
|
40
|
+
|
41
|
+
def profile_update_password_params
|
42
|
+
params.require(:profile).permit(:current_password, :password, :password_confirmation)
|
43
|
+
end
|
44
|
+
|
45
|
+
def profile_update_email_params
|
46
|
+
params.require(:profile).permit(RailsJwtAuth.auth_field_name, :password)
|
47
|
+
end
|
34
48
|
end
|
35
49
|
end
|