RubyGems - stormpath-rails - Versions diffs - 1.1.2.beta → 2.0.0 - Mend

stormpath-rails 1.1.2.beta → 2.0.0

Files changed (130) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 85d9877e6a52b149d258babb477ae11df469a485
-  data.tar.gz: 7a4fa9ff40e5b1e5ed0f4ebc3d01e9759326c650
+  metadata.gz: b35ab183b8e11a56b6da21a4f95b952b920b3c6c
+  data.tar.gz: e3cc0dab2d8e11e3af290f50f6d4e744aa1545c1
 SHA512:
-  metadata.gz: 622fea20e75a13f18b6b99fba6dbfdc751ac687d10462b8d5f55493b653fe19284c7c0ef50aef35b2b1362b3656f2a94ae5ae13a6dc2b4e9a503241e5a22301c
-  data.tar.gz: 0a8431995cdb3e7ad18d3fbbbab06aa35aab2ccc1f4a1eb2b211a61ddb5fa780dd67b88fabab78fbf8b808ad38756a1a1497a99dc9b78457d7d09c1be7b2e57a
+  metadata.gz: 81e2a501c5951115e2849a7da8b8c01d9b6a12a67ce9f13acd43c0b902c719bf76a6e3ba8000a1536bed07115a651e8ffd18aaf232b6a3043af9f8a4f7b88d38
+  data.tar.gz: 980da0ea891b40c8f47b778e29a74ad48b425708381783ed6ccf7b2a935a637bdfde32095a60ba915cb4487d6da245bb17585c133c236422f882078ffd3545d6

data/.gitignore CHANGED Viewed

@@ -11,3 +11,4 @@ spec/fixtures/vcr_cassettes
 spec/dummy/db/development.sqlite3
 spec/dummy/log/development.log
 spec/dummy/log/test.log
+spec/dummy/tmp

data/.rspec CHANGED Viewed

	@@ -1 +1 @@
1	- --color
1	+ --color --format Fivemat

data/.rubocop.yml ADDED Viewed

@@ -0,0 +1,22 @@
+LineLength:
+  Max: 100
+Documentation:
+  Enabled: False
+WordArray:
+  Enabled: False
+Style/RedundantBegin:
+  Enabled: False
+AllCops:
+  Exclude:
+    - 'spec/dummy/db/schema.rb'
+    - 'spec/dummy/db/migrate/*'
+Rails:
+  Enabled: true
+Metrics/AbcSize:
+  Max: 20

data/.travis.yml CHANGED Viewed

@@ -1,8 +1,11 @@
 language: ruby
 rvm:
   - 2.1.5
+before_install:
+  - gem install bundler
 env:
   global:
-  - STORMPATH_APPLICATION_URL=https://api.stormpath.com/v1/applications/2RbTfV9wx59glWwChd9NQC
-  - secure: fYub1ieRk8lDfSmoZPP3yRdUSUAjYxt/gtyoMPm8iJUYCohzdD0nnVT308ycp0XPIRc87aGTOoH5B8SPnrXKG4RxxsZ6Wn8gW6PtHFoSnflEF7WqrkDkwIFk+RyQT4HVt0nDv5N/sSK10O5F3K5PzZog3GMDiCygzZ80uGhFNhU=
-  - secure: bMlph5RFUaH5A4Y9kuZOJE16GRRHBMY07VEHSEBCBSbdG0I2cNoOqMpe7DRLrZaVTPDZjF6FJiVt9vtBK7UEz9AQg5Ydqhp9GS+IwwZOnpvDPYRSsDWtrrTvZSgQjDciVrl0juShBuqb2gLEgdcYUivX4f2G4VsSMCbO3rQRwZw=
+  - STORMPATH_APPLICATION_URL=https://api.stormpath.com/v1/applications/3nZlLKVMIOPu71YC7TFR0o
+  - secure: WJgw02cTjVKwGJMq+n3L8e7uVTK3mnEqxArw2w/X1h4s09XIQM0B2b8PuM/2o01rkQWUfhd6lTLDEsQE916lSS8REJbnbsZ1VyH83yeHL4VgJNaJDHvEAq+iFzHnvtLwWkyWm8fEb7DCnEXXA7M3sGt1girhfs0xfITpXputCHE=
+  - secure: JpErPQAz1b/l3rpwt/N9J7SZiy4/UB1DOI+9Kq4OrC9kuq2vUw3VIAKIojqvwy+7OaKAxyWcsx1kQ3BCLOPV/OkORq1/bMpP4SL0/0KYX+WjBWZ+En+gx3aCY3kOLkkVpDS6gD2pulOeHubGNwhDrFLjKFtbuUBfZuEuAGVNnP8=
+  - secure: hgaOzbsR8H6i5gYXLpqUTsPsio39aCjaPbMwk5ylbI7HRD91qfQbJwuzsAa7+ocLi6NQ7LBL1xa317mLBO2uqWIhN85sTRIut2bO6S+8cgS7GWikMKnwkgU8gpUdNjGYh0Y8nrgwPDo5PZTv0jyUZNCeEqoa1HhDF3DjTMFrXHA=

data/Gemfile CHANGED Viewed

@@ -4,6 +4,7 @@ source 'https://rubygems.org'
 gemspec
 gem 'sqlite3', '~> 1.3'
+gem 'sass-rails'
 group :development do
   gem 'pry'
@@ -15,7 +16,13 @@ group :test do
   gem 'factory_girl_rails', '~> 4.5.0'
   gem 'shoulda'
   gem 'webmock'
-  gem 'vcr'
-  gem 'ammeter', git: "https://github.com/alexrothenberg/ammeter"
-  gem 'simplecov', :require => false
+  gem 'vcr', '3.0.1'
+  gem 'ammeter', git: 'https://github.com/alexrothenberg/ammeter'
+  gem 'simplecov', require: false
+  gem 'coveralls', require: false
+  gem 'json_matchers'
+  gem 'match_json', '0.0.5'
+  gem 'capybara'
+  gem 'fivemat'
+  gem 'timecop'
 end

data/README.md CHANGED Viewed

@@ -1,6 +1,8 @@
 [![Build Status](https://travis-ci.org/stormpath/stormpath-rails.svg?branch=master)](https://travis-ci.org/stormpath/stormpath-rails)
+[![Coverage Status](https://coveralls.io/repos/stormpath/stormpath-rails/badge.svg?branch=master&service=github)](https://coveralls.io/github/stormpath/stormpath-rails?branch=master)
+[![Code Climate](https://codeclimate.com/github/stormpath/stormpath-rails/badges/gpa.svg)](https://codeclimate.com/github/stormpath/stormpath-rails)
-# Stormpath-Rails-Gem
+# Stormpath Rails
 Stormpath is the first easy, secure user management and authentication service for developers. This is the Rails gem to ease integration of its features with any Rails-based application.
@@ -8,10 +10,14 @@ Stormpath makes it incredibly simple to add users and user data to your applicat
 ## Installation
-Add the following line to your Gemfile. Stormpath is currently in beta so it is necessary to include the gem version
+Stormpath Rails officially supports Ruby versions over 2.1.0 and Rails over 4.0.
+Add the stormpath-rails integration gem to your Gemfile.
+Stormpath is currently in beta so it is necessary to include the gem version:
 ```ruby
-gem 'stormpath-rails', '~> 1.1.2.beta'
+gem 'stormpath-rails', '~> 2.0.0.beta1'
 ```
 Bundle the Gemfile
@@ -20,212 +26,203 @@ Bundle the Gemfile
 bundle install
 ```
-Run the install script which will create a migration file and a config file.
+Run the generator to insert the config yaml file and the neccessary controller module.
 ```sh
 rails generate stormpath:install
 ```
-Migrate your database
-```ruby
-rake db:migrate
-```
+## Setup
-Create a stormpath account if you havent already, and be sure to set up environment variables
+### Api Key Setup
-'STORMPATH_API_KEY_FILE_LOCATION' should be the location of your apiKey.properties file which you downloaded form stormpaths site
-'STORMPATH_APPLICATION_HREF' should contain the href to your application, can also be found on stormpahs site
+Create a Stormpath account if you haven't already, and be sure to set up the following environment variables:
-environment variables are set up in you .bashrc file or .zshrc if you use myzsh. So for example this should look something like this
+ - STORMPATH_API_KEY_ID
+ - STORMPATH_API_KEY_SECRET
-```sh
-export STORMPATH_API_KEY_FILE_LOCATION=~/.stormpathKey
-export STORMPATH_APPLICATION_URL=https://api.stormpath.com/v1/applications/12345abc
-```
+Environment variables should be set up in you .bashrc file (or .zshrc if you use myzsh).
-environment variables can be named differently but the stormpath config file should be edited accordingly
+Example setup:
-also make sure that you have a root_path defined in your rails router.rb
+```sh
+export STORMPATH_API_KEY_ID=6U4HZMHGVHN0U765BGW
+export STORMPATH_API_KEY_SECRET=0e0TuVZKYiPiLTDLNnswEwpPpa5nPv
+```
-## Configuration
-Override any of these defaults in config/initializers/stormpath.rb
+Alternatively you can use gems such as [Dotenv](https://github.com/bkeepers/dotenv) or [Figaro](https://github.com/laserlemon/figaro) to preload environment variables.
-```ruby
-Stormpath::Rails.configure do |config|
-  config.api_key.file = ENV['STORMPATH_API_KEY_FILE_LOCATION']
-  config.application.href = ENV['STORMPATH_APPLICATION_HREF']
-end
-```
-The `STORMPATH_API_KEY_FILE_LOCATION` is the location of your Stormpath API Key file.  Information about getting this file is found in the [Ruby Quickstart](http://docs.stormpath.com/ruby/quickstart/).  The `STORMPATH_APPLICATION_HREF` represents the Application in Stormpath that is your Rails application.  You can get the href from the Stormpath Admin Console or the API.
+### Application Setup
-## Useage
+Create a Stormpath Application throught the Stormpath Admin Console.
-### Helper Methods
+Add the app href **OR** name to your configuration file in config/stormpath.yml:
-Use `current_user`, `signed_in?`, `signed_out?` in controllers, views, and helpers. For example:
-```erb
-<% if signed_in? %>
-  <%= current_user.email %>
-  <%= button_to "Sign out", sign_out_path, method: :delete %>
-<% else %>
-  <%= link_to "Sign in", sign_in_path %>
-<% end %>
+```yaml
+stormpath:
+  application:
+    href: https://api.stormpath.com/v1/applications/12345abc
+    name: null
 ```
-### Login
+- Make sure your application has a default account directory.
+- Make sure that you have the `root_path` defined in your rails `routes.rb`
-Stormpath Rails automaticly provides route to `/login`. If the attempt is successsfull, the user will be send to the next_uri whcih is by default `/` and create the propper session cookies.
+### Add Routes
-If you wish to change this you can modify login options in configuration file:
+Add `stormpath_rails_routes` to your routes.rb file.
 ```ruby
-Stormpath::Rails.configure do |config|
-  config.login do |c|
-    c.login = true
-    c.uri = '/login'
-    c.next_uri = '/'
-  end
+Rails.application.routes.draw do
+  stormpath_rails_routes
+  ...
 end
 ```
-### Logout
-Stormpath Rails automaticly provides route to `/logout`.
+Check below on how to override default routes.
-If you wish to change the logout URI or the next_uri, you can provide the following configuration
+## Configuration
-```ruby
-Stormpath::Rails.configure do |config|
-  config.logout do |c|
-    c.logout = true
-    c.uri = '/logout'
-    c.next_uri = '/'
-  end
-end
+The gem is highly configurable through it's configuration file (config/stormpath.yml).
+Currently the only configurations not working are for social logins and ID Site (because they are still not implemented in the gem).
+You can use embedded ruby (ERB) in the configuration file:
+```yaml
+stormpath:
+  application:
+    href: <%= ENV['STORMPATH_APPLICATION_URL'] %>
 ```
-### Verify Email
+## Usage
-By default verify email is disabled. Which means after user fills in the registration form and submits, if his credentials are valid, he will be automaticly logged in without email verification.
+### HTML & JSON
-If you want to enable email verification you can add the following code to the configuration file.
+Stormpath Rails responds to two formats: HTML & JSON. You can use it both as an API for building SPA's, mobile applications and as a standalone Rails application that renders HTML.
-```ruby
-Stormpath::Rails.configure do |config|
-  config.verify_email do |c|
-    c.enabled = true
-    c.uri = '/verify'
-    c.next_uri = '/'
-  end
-end
+By default the Stormpath integration will respond to JSON and HTML requests.
+If a requested type isn't any of the two, the Stormpath integration will pass on the request, and allow the developer or Rails defaults to handle the response.
+However if you want use only one of those, modify the configuration file:
+```yaml
+stormpath:
+  web:
+    produces:
+      - application/json
+      - text/html
 ```
+If the request does not specify an Accept header, or the preferred content type is `*/*` the Stormpath integration will respond with the first type in the list.
-If verify email set to enable after user registers he will first receive an email with the link and token with which he can verify his account. uri is the link which is used to verify the account and next_uri is location where user will be redirected after his account has been verified.
+### Controller private & helper methods.
-The email that is sent to the account is configurable through the Stormpath Admin Console.
+The Application Controller gets the `Stormpath::Rails::Controller` module included by default.
+The module provides 4 private controller methods:
-### Forgot Password
+- `current_account` - get the current account
+- `signed_in?` - check if the user is signed in.
+- `require_authentication!` - a before filter to stop unauthenticated access.
+- `require_no_authentication!` - a before filter to stop authenticated access (a logged in user shouldn't be able to see the login form).
-By default forgot password is disabled. To enable it add the following code to the configuration file
+By default, the `current_account` and `signed_in?` are marked as helper_methods and you can use them in your views.
-```ruby
-Stormpath::Rails.configure do |config|
-  config.verify_email do |c|
-    c.enabled = true
-    c.uri = '/forgot'
-  end
-end
-```
+If you wish to add these methods to a controller that doesn't inherit from the ApplicationController, just include the `Stormpath::Rails::Controller` module in that controller as well.
-After the forgot password option has been enabled on the login form there will appear a link for user to reset his password. User first needs to enter an email to which a link will be send. When user clicks on a link he will be redirected to the final form where he can reset his password.
+## Overriding Stormpath
-The email that is sent to the account is configurable through the Stormpath Admin Console.
+### Controllers
-### ID Site
+Since Stormpath controllers are highly configurable, they have lots of configuration code and are not written in a traditional way. A LoginController would usually have two actions - new & create, however in StormpathRails they are separated into two single action controllers - `Stormpath::Rails::Login::NewController` and `Stormpath::Rails::Login::CreateController`. They both respond to a `call` method (action).
-If you'd like to not worry about building your own registration and login screens at all, you can use Stormpath's new [ID site](https://docs.stormpath.com/guides/using-id-site/) feature. This is a hosted login subdomain which handles authentication for you automatically.
+To override a Stormpath controller, first you need to subclass it:
-To make ID Site work in Rails, you need to change stormpath configuration file:
+```ruby
+class CreateAccountController < Stormpath::Rails::Register::CreateController
+end
+```
+and update the routes to point to your new controller:
 ```ruby
-Stormpath::Rails.configure do |config|
-  config.id_site do |c|
-    c.enabled = true
-    c.uri = "/redirect"
-    c.next_uri = '/'
-  end
+Rails.application.routes.draw do
+  stormpath_rails_routes(actions: {
+    'register#create' => 'create_account#call'
+  })
 end
 ```
-When ID Site is enabled any request for `/login` or `/register` will cause a redirect to ID Site. When the user is finished at ID Site they will be redirected to uri which is defined in configuration, by default `/redirect`. Stormpath Rails will handle this request, and then redirect the user to `next_uri`
+List of available controllers:
-### Social Login
+```ruby
+Stormpath::Rails::Login::NewController
+Stormpath::Rails::Login::CreateController
-Stormpath Rails supports social login as well. Currently only Facebook is supported,  Providers for: Google, Github and Linkedin are currently in development.
+Stormpath::Rails::Logout::CreateController
-In order to enable Facebook login you first you need to create a Facebook application and create a Facebook directory in your stormpath account. More info can be found [here](https://docs.stormpath.com/rest/product-guide/#integrating-with-facebook). After that you need to enable id from storm paths configuration file and provide facebook app_id and app_secret which is provided to you after Facebook app creation.
+Stormpath::Rails::Register::NewController
+Stormpath::Rails::Register::CreateController
-```ruby
-Stormpath::Rails.configure do |config|
-  config.facebook do |c|
-    c.app_id = 'app_id'
-    c.app_secret = 'app_secret'
-  end
-end
-```
+Stormpath::Rails::ChangePassword::NewController
+Stormpath::Rails::ChangePassword::CreateController
-When user navigates to `/login` he will see a facebook login button. If he is authenticated succesfully he will be redirected back to rails root_path.
+Stormpath::Rails::ForgotPassword::NewController
+Stormpath::Rails::ForgotPassword::CreateController
-## Overriding Stormpath
+Stormpath::Rails::VerifyEmail::ShowController
+Stormpath::Rails::VerifyEmail::CreateController
-### Routes
-You can optionally run `rails generate stormpath:routes` to dump a copy of the default routes into your application for modification
+Stormpath::Rails::Profile::ShowController
-```sh
-rails generate stormpath:routes
+Stormpath::Rails::Oauth2::NewController
+Stormpath::Rails::Oauth2::CreateController
 ```
-### Controllers
-To override a Stormpath controller, subclass it and update the routes to point to your new controller (see the "Routes" section).
-```ruby
-class PasswordsController < Stormpath::PasswordsController
-class SessionsController < Stormpath::SessionsController
-class UsersController < Stormpath::UsersController
-```
+### Routes
+To override routes (while using Stormpath default controllers), please use the configuration file (config/stormpath.yml) and override them there. As usual, to see what the routes are, run `rake routes`.
 ### Views
-You can use the stormpath views generator to copy the default views to your application for modification.
+You can use the Stormpath views generator to copy the default views to your application for modification:
 ```sh
 rails generate stormpath:views
 ```
 ```
-app/views/layouts/stormpath.html.erb
-app/views/passwords/edit.html.erb
-app/views/passwords/email_sent.html.erb
-app/views/passwords/forgot.html.erb
-app/views/passwords/forgot_change.html.erb
-app/views/passwords/forgot_change_failed.html.erb
-app/views/passwords/forgot_complete.html.erb
-app/views/sessions/_facebook_login_form.erb
-app/views/sessions/_form.html.erb
-app/views/sessions/new.html.erb
-app/views/users/_form.html.erb
-app/views/users/new.html.erb
-app/views/users/verification_complete.html.erb
-app/views/users/verification_email_sent.html.erb
-app/views/users/verification_failed.html.erb
-app/views/users/verification_resend.html.erb
+stormpath/rails/layouts/stormpath.html.erb
+stormpath/rails/login/new.html.erb
+stormpath/rails/login/_form.html.erb
+stormpath/rails/register/new.html.erb
+stormpath/rails/register/_form.html.erb
+stormpath/rails/change_password/new.html.erb
+stormpath/rails/forgot_password/new.html.erb
+stormpath/rails/shared/_input.html.erb
+stormpath/rails/verify_email/new.html.erb
 ```
-### Supported Ruby Versions
+## Development
+### Prerequisites
+If you wish to contribute to the gem, please follow these steps:
-* Ruby 2.0.0
-* Ruby 2.1
-* Ruby 2.2
+1. Create a Stormpath Application.
+2. Export the following env variables:
+  - STORMPATH_API_KEY_ID
+  - STORMPATH_API_KEY_SECRET
+3. Create a Directory and associate it to the app. Make it the default account and group store for the app.
+4. Create a Directory With a Verification Workflow and associate it to the app.
+5. Export the following env variable:
+  - STORMPATH_SDK_TEST_DIRECTORY_WITH_VERIFICATION_URL
-### Suported Rails Versions
+### Specs
-above Rails 3.2
+Clone the repo & install the dependencies with `bundle install`.
+The suite is written with RSpec, so to run the specs you'll need to execute `rspec`
+The suite uses the [VCR gem](https://github.com/vcr/vcr) to record all the HTTP requests. On first roll it records them and after that all of the tests use the recorded HTTP requests and run under 10 seconds.

data/Rakefile CHANGED Viewed

@@ -1,22 +1,22 @@
-require "rubygems"
-require "bundler/setup"
-require "bundler/gem_tasks"
+require 'rubygems'
+require 'bundler/setup'
+require 'bundler/gem_tasks'
-require "rake"
-require "rspec/core/rake_task"
+require 'rake'
+require 'rspec/core/rake_task'
 namespace :dummy do
-  require_relative "spec/dummy/config/application"
+  require_relative 'spec/dummy/config/application'
   Dummy::Application.load_tasks
 end
-APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+APP_RAKEFILE = File.expand_path('../spec/dummy/Rakefile', __FILE__)
 load 'rails/tasks/engine.rake'
 Bundler::GemHelper.install_tasks
-task :default => :spec
+task default: :spec
 RSpec::Core::RakeTask.new(:spec) do |spec|
   spec.pattern = 'spec/**/*_spec.rb'
-end
+end

data/app/assets/stylesheets/stormpath.css.scss CHANGED Viewed

@@ -124,7 +124,8 @@ p {
   font-size: 21px;
 }
 .view input[type="text"],
-.view input[type="password"] {
+.view input[type="password"],
+.view input[type="email"] {
   background-color: #f6f6f6;
   height: 45px;
 }
@@ -280,4 +281,4 @@ p {
 }
 .login, .register { display: table; }
 .va-wrapper { display: table-cell; width: 100%; vertical-align: middle; }
-.custom-container { display: table-row; height: 100%; }
+.custom-container { display: table-row; height: 100%; }

data/app/controllers/stormpath/rails/base_controller.rb CHANGED Viewed

@@ -1,10 +1,29 @@
-class Stormpath::Rails::BaseController < ApplicationController
+module Stormpath
+  module Rails
+    class BaseController < ApplicationController
+      include Stormpath::Rails::Controller
-  layout 'stormpath'
+      before_action :setup_accept_header
+      skip_before_action :verify_authenticity_token, if: :api_request?
+      skip_before_action :verify_authenticity_token, if: :in_development?
-  private
+      layout 'stormpath/rails/layouts/stormpath'
-  def set_flash_message(key, message)
-    flash[key] = message if message.present?
+      private
+      def api_request?
+        request.format == :json
+      end
+      # Enable to test with the TCK.
+      def in_development?
+        ::Rails.env.development?
+      end
+      def setup_accept_header
+        request.format =
+          ContentTypeNegotiator.new(request.headers['HTTP_ACCEPT']).convert_to_symbol
+      end
+    end
   end
-end
+end

data/app/controllers/stormpath/rails/change_password/create_controller.rb ADDED Viewed

@@ -0,0 +1,68 @@
+module Stormpath
+  module Rails
+    module ChangePassword
+      class CreateController < Stormpath::Rails::BaseController
+        def call
+          password_change.call
+          respond_with_success
+        rescue Stormpath::Error => error
+          respond_to_stormpath_error(error)
+        rescue InvalidSptokenError => error
+          respond_with_error(error, stormpath_config.web.change_password.error_uri)
+        rescue NoSptokenError => error
+          respond_with_error(error, stormpath_config.web.forgot_password.uri)
+        end
+        private
+        def password_change
+          @password_change ||= PasswordChange.new(params[:sptoken], params[:password])
+        end
+        def respond_with_success
+          if stormpath_config.web.change_password.auto_login
+            AccountLogin.call(cookies, password_change.account.email, params[:password])
+            respond_to_autologin
+          else
+            respond_without_login
+          end
+        end
+        def respond_to_autologin
+          respond_to do |format|
+            format.html { redirect_to stormpath_config.web.login.next_uri }
+            format.json { render json: AccountSerializer.to_h(password_change.account) }
+          end
+        end
+        def respond_without_login
+          respond_to do |format|
+            format.html { redirect_to stormpath_config.web.change_password.next_uri }
+            format.json { render nothing: true, status: 200 }
+          end
+        end
+        def respond_to_stormpath_error(error)
+          respond_to do |format|
+            format.html do
+              flash.now[:error] = error.message
+              render stormpath_config.web.change_password.view
+            end
+            format.json do
+              render json: { status: error.status, message: error.message }, status: error.status
+            end
+          end
+        end
+        def respond_with_error(error, redirect_path)
+          respond_to do |format|
+            format.html { redirect_to redirect_path }
+            format.json do
+              render json: { status: error.status, message: error.message }, status: error.status
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/stormpath/rails/change_password/new_controller.rb ADDED Viewed

@@ -0,0 +1,38 @@
+module Stormpath
+  module Rails
+    module ChangePassword
+      class NewController < Stormpath::Rails::BaseController
+        def call
+          verify_sptoken
+          respond_with_success
+        rescue InvalidSptokenError => error
+          respond_with_error(error, stormpath_config.web.change_password.error_uri)
+        rescue NoSptokenError => error
+          respond_with_error(error, stormpath_config.web.forgot_password.uri)
+        end
+        private
+        def verify_sptoken
+          ForgotPasswordTokenVerification.new(params[:sptoken]).call
+        end
+        def respond_with_success
+          respond_to do |format|
+            format.html { render stormpath_config.web.change_password.view }
+            format.json { render nothing: true, status: 200 }
+          end
+        end
+        def respond_with_error(error, redirect_path)
+          respond_to do |format|
+            format.html { redirect_to redirect_path }
+            format.json do
+              render json: { status: error.status, message: error.message }, status: error.status
+            end
+          end
+        end
+      end
+    end
+  end
+end