• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

mgmodell / devise_token_auth_multi_email / #663

17 Mar 2026 01:12AM UTC coverage: 12.22% (-78.4%) from 90.649%
#663

push

mgmodell
switching back to mult-email

202 of 1653 relevant lines covered (12.22%)

0.39 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0
/app/controllers/devise_token_auth/registrations_controller.rb
1
# frozen_string_literal: true
2

3
module DeviseTokenAuth
×
4
  class RegistrationsController < DeviseTokenAuth::ApplicationController
×
5
    before_action :set_user_by_token, only: [:destroy, :update]
×
6
    before_action :validate_sign_up_params, only: :create
×
7
    before_action :validate_account_update_params, only: :update
×
8
    skip_after_action :update_auth_header, only: [:create, :destroy]
×
9

10
    def create
×
11
      build_resource
×
12

13
      unless @resource.present?
×
14
        raise DeviseTokenAuth::Errors::NoResourceDefinedError,
×
15
              "#{self.class.name} #build_resource does not define @resource,"\
×
16
              ' execution stopped.'
×
17
      end
×
18

19
      # give redirect value from params priority
20
      @redirect_url = params.fetch(
×
21
        :confirm_success_url,
×
22
        DeviseTokenAuth.default_confirm_success_url
×
23
      )
×
24

25
      # success redirect url is required
26
      if confirmable_enabled? && !@redirect_url
×
27
        return render_create_error_missing_confirm_success_url
×
28
      end
×
29

30
      # if whitelist is set, validate redirect_url against whitelist
31
      return render_create_error_redirect_url_not_allowed if blacklisted_redirect_url?(@redirect_url)
×
32

33
      # override email confirmation, must be sent manually from ctrl
34
      callback_name = defined?(ActiveRecord) && resource_class < ActiveRecord::Base ? :commit : :create
×
35
      resource_class.set_callback(callback_name, :after, :send_on_create_confirmation_instructions)
×
36
      resource_class.skip_callback(callback_name, :after, :send_on_create_confirmation_instructions)
×
37

38
      if @resource.respond_to? :skip_confirmation_notification!
×
39
        # Fix duplicate e-mails by disabling Devise confirmation e-mail
40
        @resource.skip_confirmation_notification!
×
41
      end
×
42

43
      if @resource.save
×
44
        yield @resource if block_given?
×
45

46
        unless @resource.confirmed?
×
47
          # user will require email authentication
48
          @resource.send_confirmation_instructions({
×
49
            client_config: params[:config_name],
×
50
            redirect_url: @redirect_url
×
51
          })
×
52
        end
×
53

54
        if active_for_authentication?
×
55
          # email auth has been bypassed, authenticate user
56
          @token = @resource.create_token
×
57
          @resource.save!
×
58
          update_auth_header
×
59
        end
×
60

61
        render_create_success
×
62
      else
×
63
        clean_up_passwords @resource
×
64
        render_create_error
×
65
      end
×
66
    end
×
67

68
    def update
×
69
      if @resource
×
70
        if @resource.send(resource_update_method, account_update_params)
×
71
          yield @resource if block_given?
×
72
          render_update_success
×
73
        else
×
74
          render_update_error
×
75
        end
×
76
      else
×
77
        render_update_error_user_not_found
×
78
      end
×
79
    end
×
80

81
    def destroy
×
82
      if @resource
×
83
        @resource.destroy
×
84
        yield @resource if block_given?
×
85
        render_destroy_success
×
86
      else
×
87
        render_destroy_error
×
88
      end
×
89
    end
×
90

91
    def sign_up_params
×
92
      params.permit(*params_for_resource(:sign_up))
×
93
    end
×
94

95
    def account_update_params
×
96
      params.permit(*params_for_resource(:account_update))
×
97
    end
×
98

99
    protected
×
100

101
    def build_resource
×
102
      @resource            = resource_class.new(sign_up_params)
×
103
      @resource.provider   = provider
×
104

105
      # honor devise configuration for case_insensitive_keys
106
      if resource_class.case_insensitive_keys.include?(:email)
×
107
        @resource.email = sign_up_params[:email].try(:downcase)
×
108
      else
×
109
        @resource.email = sign_up_params[:email]
×
110
      end
×
111
    end
×
112

113
    def render_create_error_missing_confirm_success_url
×
114
      response = {
×
115
        status: 'error',
×
116
        data:   resource_data
×
117
      }
×
118
      message = I18n.t('devise_token_auth.registrations.missing_confirm_success_url')
×
119
      render_error(422, message, response)
×
120
    end
×
121

122
    def render_create_error_redirect_url_not_allowed
×
123
      response = {
×
124
        status: 'error',
×
125
        data:   resource_data
×
126
      }
×
127
      message = I18n.t('devise_token_auth.registrations.redirect_url_not_allowed', redirect_url: @redirect_url)
×
128
      render_error(422, message, response)
×
129
    end
×
130

131
    def render_create_success
×
132
      render json: {
×
133
        status: 'success',
×
134
        data:   resource_data
×
135
      }
×
136
    end
×
137

138
    def render_create_error
×
139
      render json: {
×
140
        status: 'error',
×
141
        data:   resource_data,
×
142
        errors: resource_errors
×
143
      }, status: 422
×
144
    end
×
145

146
    def render_update_success
×
147
      render json: {
×
148
        status: 'success',
×
149
        data:   resource_data
×
150
      }
×
151
    end
×
152

153
    def render_update_error
×
154
      render json: {
×
155
        status: 'error',
×
156
        errors: resource_errors
×
157
      }, status: 422
×
158
    end
×
159

160
    def render_update_error_user_not_found
×
161
      render_error(404, I18n.t('devise_token_auth.registrations.user_not_found'), status: 'error')
×
162
    end
×
163

164
    def render_destroy_success
×
165
      render json: {
×
166
        status: 'success',
×
167
        message: I18n.t('devise_token_auth.registrations.account_with_uid_destroyed', uid: @resource.uid)
×
168
      }
×
169
    end
×
170

171
    def render_destroy_error
×
172
      render_error(404, I18n.t('devise_token_auth.registrations.account_to_destroy_not_found'), status: 'error')
×
173
    end
×
174

175
    private
×
176

177
    def resource_update_method
×
178
      if DeviseTokenAuth.check_current_password_before_update == :attributes
×
179
        'update_with_password'
×
180
      elsif DeviseTokenAuth.check_current_password_before_update == :password && account_update_params.key?(:password)
×
181
        'update_with_password'
×
182
      elsif account_update_params.key?(:current_password)
×
183
        'update_with_password'
×
184
      else
×
185
        'update'
×
186
      end
×
187
    end
×
188

189
    def validate_sign_up_params
×
190
      validate_post_data sign_up_params, I18n.t('errors.messages.validate_sign_up_params')
×
191
    end
×
192

193
    def validate_account_update_params
×
194
      validate_post_data account_update_params, I18n.t('errors.messages.validate_account_update_params')
×
195
    end
×
196

197
    def validate_post_data which, message
×
198
      render_error(:unprocessable_entity, message, status: 'error') if which.empty?
×
199
    end
×
200

201
    def active_for_authentication?
×
202
      !@resource.respond_to?(:active_for_authentication?) || @resource.active_for_authentication?
×
203
    end
×
204
  end
×
205
end
×
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc