rails_jwt_auth 1.7.2 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +186 -87
  3. data/app/controllers/concerns/rails_jwt_auth/authenticable_helper.rb +15 -7
  4. data/app/controllers/concerns/rails_jwt_auth/params_helper.rb +18 -4
  5. data/app/controllers/concerns/rails_jwt_auth/render_helper.rb +10 -2
  6. data/app/controllers/rails_jwt_auth/confirmations_controller.rb +48 -10
  7. data/app/controllers/rails_jwt_auth/invitations_controller.rb +26 -9
  8. data/app/controllers/rails_jwt_auth/profiles_controller.rb +50 -0
  9. data/app/controllers/rails_jwt_auth/reset_passwords_controller.rb +65 -0
  10. data/app/controllers/rails_jwt_auth/sessions_controller.rb +5 -21
  11. data/app/controllers/rails_jwt_auth/{unlocks_controller.rb → unlock_accounts_controller.rb} +2 -2
  12. data/app/mailers/rails_jwt_auth/mailer.rb +23 -28
  13. data/app/models/concerns/rails_jwt_auth/authenticatable.rb +59 -18
  14. data/app/models/concerns/rails_jwt_auth/confirmable.rb +41 -38
  15. data/app/models/concerns/rails_jwt_auth/invitable.rb +42 -77
  16. data/app/models/concerns/rails_jwt_auth/lockable.rb +28 -45
  17. data/app/models/concerns/rails_jwt_auth/recoverable.rb +20 -28
  18. data/app/models/concerns/rails_jwt_auth/trackable.rb +13 -2
  19. data/app/views/rails_jwt_auth/mailer/confirmation_instructions.html.erb +1 -1
  20. data/app/views/rails_jwt_auth/mailer/{email_changed.html.erb → email_change_requested_notification.html.erb} +0 -0
  21. data/app/views/rails_jwt_auth/mailer/{send_invitation.html.erb → invitation_instructions.html.erb} +1 -1
  22. data/app/views/rails_jwt_auth/mailer/password_changed_notification.html.erb +3 -0
  23. data/app/views/rails_jwt_auth/mailer/reset_password_instructions.html.erb +1 -1
  24. data/app/views/rails_jwt_auth/mailer/{send_unlock_instructions.html.erb → unlock_instructions.html.erb} +1 -1
  25. data/config/locales/en.yml +6 -6
  26. data/lib/generators/rails_jwt_auth/install_generator.rb +11 -3
  27. data/lib/generators/templates/initializer.rb +43 -29
  28. data/lib/generators/templates/migration.rb +2 -1
  29. data/lib/rails_jwt_auth.rb +44 -47
  30. data/lib/rails_jwt_auth/jwt_manager.rb +0 -4
  31. data/lib/rails_jwt_auth/session.rb +132 -0
  32. data/lib/rails_jwt_auth/version.rb +1 -1
  33. metadata +10 -8
  34. data/app/controllers/rails_jwt_auth/passwords_controller.rb +0 -32
  35. data/app/views/rails_jwt_auth/mailer/set_password_instructions.html.erb +0 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6c5dc21f39ff43ad410a4bc4060a5a027ec011f0a632f4b03244ce99852a88ee
4
- data.tar.gz: abd710caa09455b2471b7138b59b33c92707c1d396bd78ca8fd8713def4ad5dc
3
+ metadata.gz: d100761bfcdc7e5e07fff45041fba26137719a91ed545eb86048122554c2cf75
4
+ data.tar.gz: 82af1efb56e73cf418fd8cf7d6ce78d959675da65e9fc441f256bac99002e833
5
5
  SHA512:
6
- metadata.gz: 9b3165148a4d567a440e1f7d157e4a24d2d4ea027e6629a6c3ab4c1b02a8dfdbf1a3434e3fcfa31eaf27f2a0a97c3cf5c430c323a48f9ad48787491f4b195bbb
7
- data.tar.gz: 5fbf634a2de1544f1b63871f36b86e3413b6a3d1382c89f415a0a3af7ef2c51dfa0370892ab3f76f57dc646250a7c5b840fdf1137cfcdd6e2973eaa006344d26
6
+ metadata.gz: c20b1bda10504982186a9346ea1e8195ad55750f246da677b6b33be8fce50a6e63b0b21dfac4445c4517c553ed56415bbe17e6da02752dd345f060c152d88e66
7
+ data.tar.gz: 6d7e93f646af890cfe65865c24e9fe38e76ff10ba4e8637fa813200b9e743921a77e4805d074ff5801e8548914062aa86c25a49ecdfe1d84c48f4aaff9b78de9
data/README.md CHANGED
@@ -5,8 +5,10 @@
5
5
 
6
6
  Rails-API authentication solution based on JWT and inspired by Devise.
7
7
 
8
- > This is documentation for version `1.x`. If you are using `0.x` version use this
9
- [link](https://github.com/rjurado01/rails_jwt_auth/tree/0.x)
8
+ > This is documentation for version `2.x`. If you are using `1.x` version use this
9
+ [link](https://github.com/rjurado01/rails_jwt_auth/tree/1.x)
10
+
11
+ > Version 2.x introduces incompatible API changes.
10
12
 
11
13
  ## Table of Contents
12
14
 
@@ -61,30 +63,34 @@ rails g rails_jwt_auth:migrate
61
63
 
62
64
  You can edit configuration options into `config/initializers/rails_jwt_auth.rb` file created by generator.
63
65
 
64
- | Option | Default value | Description |
65
- | ------------------------------- | ----------------- | ---------------------------------------------------------------------- |
66
- | model_name | 'User' | Authentication model name |
67
- | auth_field_name | 'email' | Field used to authenticate user with password |
68
- | email_auth_field | 'email' | Field used to send emails |
69
- | jwt_expiration_time | 7.days | Tokens expiration time |
70
- | jwt_issuer | 'RailsJwtAuth' | The "iss" (issuer) claim identifies the principal that issued the JWT |
71
- | simultaneous_sessions | 2 | Number of simultaneous sessions for an user. Set 0 to disable sessions |
72
- | mailer_sender | | E-mail address which will be shown in RailsJwtAuth::Mailer |
73
- | send_email_changed_notification | true | Notify original email when it changes |
74
- | confirmation_expiration_time | 1.day | Confirmation token expiration time |
75
- | reset_password_expiration_time | 1.day | Confirmation token expiration time |
76
- | deliver_later | false | Uses `deliver_later` method to send emails |
77
- | invitation_expiration_time | 2.days | Time an invitation is valid and can be accepted |
78
- | confirmations_url | nil | Url used to create email link with confirmation token |
79
- | reset_passwords_url | nil | Url used to create email link with reset password token |
80
- | set_passwords_url | nil | Url used to create email link with set password token |
81
- | invitations_url | nil | Url used to create email link with invitation token |
82
- | maximum_attempts | 3 | Number of failed login attempts before locking an account |
83
- | lock_strategy | :none | Strategy to be used to lock an account: `:none` or `:failed_attempts` |
84
- | unlock_strategy | :time | Strategy to use when unlocking accounts: `:time`, `:email` or `:both` |
85
- | unlock_in | 60.minutes | Interval to unlock an account if `unlock_strategy` is `:time` |
86
- | reset_attempts_in | 60.minutes | Interval after which to reset failed attempts counter of an account |
87
- | unlock_url | nil | Url used to create email link with unlock token |
66
+ | Option | Default value | Description |
67
+ | ---------------------------------- | ---------------- | ---------------------------------------------------------------------- |
68
+ | model_name | `'User'` | Authentication model name |
69
+ | auth_field_name | `'email'` | Field used to authenticate user with password |
70
+ | email_auth_field | `'email'` | Field used to send emails |
71
+ | email_regex | `URI::MailTo::EMAIL_REGEXP`| Regex used to validate email input on requests like reset password |
72
+ | downcase_auth_field | `false` | Apply downcase to auth field when save user and when init session |
73
+ | jwt_expiration_time | `7.days` | Tokens expiration time |
74
+ | jwt_issuer | `'RailsJwtAuth'` | The "iss" (issuer) claim identifies the principal that issued the JWT |
75
+ | simultaneous_sessions | `2` | Number of simultaneous sessions for an user. Set 0 to disable sessions |
76
+ | mailer_name | `'RailsJwtAuth::Mailer'` | Authentication model name |
77
+ | mailer_sender | `...@example.com` | E-mail address which will be shown in RailsJwtAuth::Mailer |
78
+ | send_email_change_requested_notification | `true` | Notify original email when change is requested (unconfirmed) |
79
+ | send_password_changed_notification | `true` | Notify email when password changes |
80
+ | confirmation_expiration_time | `1.day` | Confirmation token expiration time |
81
+ | reset_password_expiration_time | `1.day` | Confirmation token expiration time |
82
+ | deliver_later | `false` | Uses `deliver_later` method to send emails |
83
+ | invitation_expiration_time | `2.days` | Time an invitation is valid and can be accepted |
84
+ | lock_strategy | `:none` | Strategy to be used to lock an account: `:none` or `:failed_attempts` |
85
+ | unlock_strategy | `:time` | Strategy to use when unlocking accounts: `:time`, `:email` or `:both` |
86
+ | unlock_in | `60.minutes` | Interval to unlock an account if `unlock_strategy` is `:time` |
87
+ | reset_attempts_in | `60.minutes` | Interval after which to reset failed attempts counter of an account |
88
+ | maximum_attempts | `3` | Number of failed login attempts before locking an account |
89
+ | confirm_email_url | `nil` | Your web url where emai link redirects with confirmation token |
90
+ | reset_password_url | `nil` | Your web url where emai link redirects with reset password token |
91
+ | accept_invitation_url | `nil` | Your web url where emai link redirects with invitation token |
92
+ | unlock_account_url | `nil` | Your web url where emai link redirects with unlock token |
93
+ | avoid_email_errors | `true` | Avoid returns email errors to avoid giving clue to an attacker |
88
94
 
89
95
  ## Modules
90
96
 
@@ -95,7 +101,7 @@ It's composed of 6 modules:
95
101
  | Authenticable | Hashes and stores a password in the database to validate the authenticity of a user while signing in |
96
102
  | Confirmable | Sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in |
97
103
  | Recoverable | Resets the user password and sends reset instructions |
98
- | Trackable | Tracks sign in timestamps and IP address |
104
+ | Trackable | Tracks sign in and request timestamps and IP address |
99
105
  | Invitable | Allows you to invite an user to your application sending an invitation mail |
100
106
  | Lockable | Locks the user after a specified number of failed sign in attempts |
101
107
 
@@ -197,20 +203,24 @@ end
197
203
 
198
204
  ## Default Controllers API
199
205
 
200
- | Prefix | Verb | URI Pattern | Controller#Action |
201
- | ------------ | ------ | ---------------------------- | ----------------------------------- |
202
- | session | DELETE | /session(.:format) | rails_jwt_auth/sessions#destroy |
203
- | | POST | /session(.:format) | rails_jwt_auth/sessions#create |
204
- | registration | POST | /registration(.:format) | rails_jwt_auth/registrations#create |
205
- |confirmations | POST | /confirmations(.:format) | rails_jwt_auth/confirmations#create |
206
- | confirmation | PATCH | /confirmations/:id(.:format) | rails_jwt_auth/confirmations#update |
207
- | | PUT | /confirmations/:id(.:format) | rails_jwt_auth/confirmations#update |
208
- | passwords | POST | /passwords(.:format) | rails_jwt_auth/passwords#create |
209
- | password | PATCH | /passwords/:id(.:format) | rails_jwt_auth/passwords#update |
210
- | | PUT | /passwords/:id(.:format) | rails_jwt_auth/passwords#update |
211
- | invitations | POST | /invitations(.:format) | rails_jwt_auth/invitations#create |
212
- | invitation | PATCH | /invitations/:id(.:format) | rails_jwt_auth/invitations#update |
213
- | | PUT | /invitations/:id(.:format) | rails_jwt_auth/invitations#update |
206
+ | Prefix | Verb | URI Pattern | Controller#Action |
207
+ | ---------------- | ------ | ------------------------------ | ----------------------------------- |
208
+ | session | DELETE | /session(.:format) | rails_jwt_auth/sessions#destroy |
209
+ | | POST | /session(.:format) | rails_jwt_auth/sessions#create |
210
+ | registration | POST | /registration(.:format) | rails_jwt_auth/registrations#create |
211
+ | profile | GET | /profile(.:format) | rails_jwt_auth/profiles#show |
212
+ | mail_profile | PUT | /profile/email(.:format) | rails_jwt_auth/profiles#email |
213
+ | password_profile | PUT | /profile/password(.:format) | rails_jwt_auth/profiles#password |
214
+ | | PUT | /profile(.:format) | rails_jwt_auth/profiles#update |
215
+ | confirmations | POST | /confirmations(.:format) | rails_jwt_auth/confirmations#create |
216
+ | confirmation | PUT | /confirmations/:id(.:format) | rails_jwt_auth/confirmations#update |
217
+ | reset_passwords | POST | /reset_passwords(.:format) | rails_jwt_auth/reset_passwords#create |
218
+ | reset_password | GET | /reset_passwords/:id(.:format) | rails_jwt_auth/reset_passwords#show |
219
+ | | PUT | /reset_passwords/:id(.:format) | rails_jwt_auth/reset_passwords#update |
220
+ | invitations | POST | /invitations(.:format) | rails_jwt_auth/invitations#create |
221
+ | invitation | GET | /invitations/:id(.:format) | rails_jwt_auth/invitations#show |
222
+ | | PUT | /invitations/:id(.:format) | rails_jwt_auth/invitations#update |
223
+ | unlock_account | PUT | /unlock_accounts/:id(.:format) | rails_jwt_auth/unlock_accounts#update |
214
224
 
215
225
  ### Session
216
226
 
@@ -254,12 +264,73 @@ Registration api is defined by `RailsJwtAuth::RegistrationsController`.
254
264
  data: {
255
265
  user: {
256
266
  email: 'user@email.com',
257
- password: '12345678'
267
+ password: 'xxxx'
258
268
  }
259
269
  }
260
270
  }
261
271
  ```
262
272
 
273
+ ### Profile
274
+
275
+ Profile api let you get/update your user info and is defined by `RailsJwtAuth::ProfilesController`.
276
+
277
+ 1. Get user info:
278
+
279
+ ```js
280
+ {
281
+ url: host/profile,
282
+ method: GET,
283
+ headers: { 'Authorization': 'Bearer auth_token'}
284
+ }
285
+ ```
286
+
287
+ 2. Update user info:
288
+
289
+ ```js
290
+ {
291
+ url: host/profile,
292
+ method: PUT,
293
+ data: {
294
+ profile: {
295
+ name: 'new_name',
296
+ }
297
+ },
298
+ headers: { 'Authorization': 'Bearer auth_token'}
299
+ }
300
+ ```
301
+
302
+ 3. Update user password:
303
+
304
+ ```js
305
+ {
306
+ url: host/profile/password,
307
+ method: PUT,
308
+ data: {
309
+ profile: {
310
+ current_password: 'xxxx',
311
+ password: 'yyyy',
312
+ }
313
+ },
314
+ headers: { 'Authorization': 'Bearer auth_token'}
315
+ }
316
+ ```
317
+
318
+ 4. Update user email (needs confirmation module):
319
+
320
+ ```js
321
+ {
322
+ url: host/profile/email,
323
+ method: PUT,
324
+ data: {
325
+ profile: {
326
+ email: 'new@email.com',
327
+ password: 'xxxx', # email change is protected by password
328
+ }
329
+ },
330
+ headers: { 'Authorization': 'Bearer auth_token'}
331
+ }
332
+ ```
333
+
263
334
  ### Confirmation
264
335
 
265
336
  Confirmation api is defined by `RailsJwtAuth::ConfirmationsController`.
@@ -294,28 +365,39 @@ It is necessary to set a value for `confirmations_url` option into `config/initi
294
365
 
295
366
  Password api is defined by `RailsJwtAuth::PasswordsController`.
296
367
 
297
- 1. Send reset password email:
368
+ 1. Send reset password email (init reset password process):
298
369
 
299
370
  ```js
300
371
  {
301
- url: host/passwords,
372
+ url: host/reset_passwords,
302
373
  method: POST,
303
374
  data: {
304
- password: {
375
+ reset_password: {
305
376
  email: 'user@example.com'
306
377
  }
307
378
  }
308
379
  }
309
380
  ```
310
381
 
311
- 2. Update password:
382
+ 2. Check token validation:
383
+
384
+ Used to verify token and show an alert in your web before new password is setted.
385
+
386
+ ```js
387
+ {
388
+ url: host/reset_passwords/:token,
389
+ method: GET
390
+ }
391
+ ```
392
+
393
+ 3. Update password:
312
394
 
313
395
  ```js
314
396
  {
315
397
  url: host/passwords/:token,
316
398
  method: PUT,
317
399
  data: {
318
- password: {
400
+ reset_password: {
319
401
  password: '1234',
320
402
  password_confirmation: '1234'
321
403
  }
@@ -342,7 +424,18 @@ Invitations api is provided by `RailsJwtAuth::InvitationsController`.
342
424
  }
343
425
  ```
344
426
 
345
- 2. Accept an invitation:
427
+ 2. Check token validation:
428
+
429
+ Used to verify token and show an alert in your web before invitation data is completed.
430
+
431
+ ```js
432
+ {
433
+ url: host/invitations/:token,
434
+ method: GET
435
+ }
436
+ ```
437
+
438
+ 3. Accept an invitation:
346
439
 
347
440
  ```js
348
441
  {
@@ -367,7 +460,7 @@ Unlock api is provided by `RailsJwtAuth::UnlocksController`.
367
460
 
368
461
  ```js
369
462
  {
370
- url: host/unlocks/:unlock_token,
463
+ url: host/unlock_accounts/:unlock_token,
371
464
  method: PUT,
372
465
  data: {}
373
466
  }
@@ -418,7 +511,7 @@ class User < ApplicationRecord
418
511
 
419
512
  def to_token_payload(request)
420
513
  {
421
- auth_token: regenerate_auth_token,
514
+ auth_token: auth_tokens.last,
422
515
  # add here your custom info
423
516
  }
424
517
  end
@@ -427,63 +520,69 @@ end
427
520
 
428
521
  ### Custom responses
429
522
 
430
- You can overwrite `RailsJwtAuth::RenderHelper` to customize controllers responses.
523
+ You can overwrite `RailsJwtAuth::RenderHelper` to customize controllers responses
524
+ without need to overwrite each controller.
431
525
 
432
- ### Custom strong parameters
526
+ Example:
433
527
 
434
- You can overwrite `RailsJwtAuth::ParamsHelper` to customize controllers strong parameters.
528
+ ```ruby
529
+ # app/controllers/concerns/rails_jwt_auth/render_helper.rb
435
530
 
436
- ## Examples
531
+ module RailsJwtAuth
532
+ module RenderHelper
533
+ private
437
534
 
438
- ### Edit user information
535
+ def render_session(jwt, user)
536
+ # add custom field to session response
537
+ render json: {session: {jwt: jwt, my_custom_field: user.custom_field}}, status: 201
538
+ end
439
539
 
440
- This is a controller example that allows users to edit their `email` and `password`.
540
+ ...
541
+ end
542
+ ```
543
+
544
+ ### Custom strong parameters
545
+
546
+ You can overwrite `RailsJwtAuth::ParamsHelper` to customize controllers strong parameters
547
+ without need to overwrite each controller.
548
+
549
+ Example:
441
550
 
442
551
  ```ruby
443
- class CurrentUserController < ApplicationController
444
- before_action 'authenticate!'
445
-
446
- def update
447
- if update_params[:password]
448
- # update password and remove other sessions tokens
449
- current_user.update_with_password(
450
- update_params.merge(auth_tokens: [jwt_payload['auth_token']])
451
- )
452
- else
453
- current_user.update_attributes(update_params)
454
- end
455
- end
552
+ # app/controllers/concerns/rails_jwt_auth/params_helper.rb
456
553
 
457
- private
554
+ module RailsJwtAuth
555
+ module ParamsHelper
556
+ private
458
557
 
459
- def update_params
460
- params.require(:user).permit(:email, :current_password, :password)
461
- end
558
+ def registration_create_params
559
+ # change root to :data
560
+ params.require(:data).permit(:email, :password, :password_confirmation)
561
+ end
562
+
563
+ ...
462
564
  end
463
565
  ```
464
566
 
465
- ### Register users with random password
567
+ #### Custom mailer
466
568
 
467
- This is a controller example that allows admins to register users with random password and send email to reset it.
468
- If registration is sucess it will send email to `set_password_url` with reset password token.
569
+ To use a custom mailer, create a class that extends RailsJwtAuth::Mailer, like this:
469
570
 
470
571
  ```ruby
471
- class UsersController < ApplicationController
472
- before_action 'authenticate!'
572
+ class CustomMailer < RailsJwtAuth::Mailer
573
+ def confirmation_instructions(user)
574
+ # set your custom code here
473
575
 
474
- def create
475
- user = User.new(create_params)
476
- user.set_and_send_password_instructions ? render_204 : render_422(user.errors.details)
477
- end
478
-
479
- private
480
-
481
- def create_params
482
- params.require(:user).permit(:email)
576
+ super
483
577
  end
484
578
  end
485
579
  ```
486
580
 
581
+ Then, in your `config/initializers/rails_jwt_auth.rb`, set `config.mailer` to `"CustomMailer"`.
582
+
583
+ > If you only need to customize templates, overwrite files in 'app/views/rails_jwt_auth/mailer'
584
+
585
+
487
586
  ## Testing (rspec)
488
587
 
489
588
  Require the RailsJwtAuth::Spec::Helpers helper module in `rails_helper.rb`.
@@ -14,35 +14,43 @@ module RailsJwtAuth
14
14
  !current_user.nil?
15
15
  end
16
16
 
17
+ def get_jwt_from_request
18
+ request.env['HTTP_AUTHORIZATION']&.split&.last
19
+ end
20
+
17
21
  def authenticate!
18
22
  begin
19
- @jwt_payload = RailsJwtAuth::JwtManager.decode_from_request(request).first
23
+ @jwt_payload = RailsJwtAuth::JwtManager.decode(get_jwt_from_request).first
20
24
  rescue JWT::ExpiredSignature, JWT::VerificationError, JWT::DecodeError
21
25
  unauthorize!
22
26
  end
23
27
 
24
28
  if !@current_user = RailsJwtAuth.model.from_token_payload(@jwt_payload)
25
29
  unauthorize!
26
- elsif @current_user.respond_to? :update_tracked_fields!
27
- @current_user.update_tracked_fields!(request)
30
+ else
31
+ track_request
28
32
  end
29
33
  end
30
34
 
31
35
  def authenticate
32
36
  begin
33
- @jwt_payload = RailsJwtAuth::JwtManager.decode_from_request(request).first
37
+ @jwt_payload = RailsJwtAuth::JwtManager.decode(get_jwt_from_request).first
34
38
  @current_user = RailsJwtAuth.model.from_token_payload(@jwt_payload)
35
39
  rescue JWT::ExpiredSignature, JWT::VerificationError, JWT::DecodeError
36
40
  @current_user = nil
37
41
  end
38
42
 
39
- if @current_user&.respond_to? :update_tracked_fields!
40
- @current_user.update_tracked_fields!(request)
41
- end
43
+ track_request
42
44
  end
43
45
 
44
46
  def unauthorize!
45
47
  raise NotAuthorized
46
48
  end
49
+
50
+ def track_request
51
+ if @current_user&.respond_to? :update_tracked_request_info
52
+ @current_user.update_tracked_request_info(request)
53
+ end
54
+ end
47
55
  end
48
56
  end
@@ -16,12 +16,12 @@ module RailsJwtAuth
16
16
  params.require(:session).permit(RailsJwtAuth.auth_field_name, :password)
17
17
  end
18
18
 
19
- def password_create_params
20
- params.require(:password).permit(RailsJwtAuth.email_field_name)
19
+ def reset_password_create_params
20
+ params.require(:reset_password).permit(RailsJwtAuth.email_field_name)
21
21
  end
22
22
 
23
- def password_update_params
24
- params.require(:password).permit(:password, :password_confirmation)
23
+ def reset_password_update_params
24
+ params.require(:reset_password).permit(:password, :password_confirmation)
25
25
  end
26
26
 
27
27
  def invitation_create_params
@@ -31,5 +31,19 @@ module RailsJwtAuth
31
31
  def invitation_update_params
32
32
  params.require(:invitation).permit(:password, :password_confirmation)
33
33
  end
34
+
35
+ def profile_update_params
36
+ params.require(:profile).except(
37
+ RailsJwtAuth.auth_field_name, :current_password, :password, :password_confirmation
38
+ )
39
+ end
40
+
41
+ def profile_update_password_params
42
+ params.require(:profile).permit(:current_password, :password, :password_confirmation)
43
+ end
44
+
45
+ def profile_update_email_params
46
+ params.require(:profile).permit(RailsJwtAuth.auth_field_name, :password)
47
+ end
34
48
  end
35
49
  end