trabajo-afectivo/app/controllers/users_controller.rb

class UsersController < ApplicationController
  before_filter :authentication_check, :except => [:create, :password_reset_send, :password_reset_verify]

=begin
 
Format:
JSON

Example:
{
  "id":2,
  "organization_id":null,
  "login":"m@edenhofer.de",
  "firstname":"Marti",
  "lastname":"Ede",
  "email":"m@edenhofer.de",
  "image":"http://www.gravatar.com/avatar/1c38b099f2344976005de69965733465?s=48",
  "web":"http://127.0.0.1",
  "password":"123",
  "phone":"112",
  "fax":"211",
  "mobile":"",
  "street":"",
  "zip":"",
  "city":"",
  "country":null,
  "verified":false,
  "active":true,
  "note":"some note",
  "source":null,
  "role_ids":[1,2],
  "group_ids":[1,2,3,4],
}

=end

=begin

Resource: 
GET /api/users.json

Response:
[
  {
    "id": 1,
    "login": "some_login1",
    ...
  },
  {
    "id": 2,
    "login": "some_login2",
    ...
  }
]

Test:
curl http://localhost/api/users.json -v -u #{login}:#{password}
  
=end

  def index
    users = User.all
    users_all = []
    users.each {|user|
      users_all.push User.user_data_full( user.id )
    }
    render :json => users_all
  end

=begin

Resource: 
GET /api/users/1.json

Response:
{
  "id": 1,
  "login": "some_login1",
  ...
},

Test:
curl http://localhost/api/users/#{id}.json -v -u #{login}:#{password}

=end

  def show
    user = User.user_data_full( params[:id] )
    render :json => user
  end

=begin

Resource:
POST /api/users.json

Payload:
{
  "login": "some_login",
  "firstname": "some firstname",
  "lastname": "some lastname",
  "email": "some@example.com"
}

Response:
{
  "id": 1,
  "login": "some_login",
  ...
},

Test:
curl http://localhost/api/users.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"login": "some_login","firstname": "some firstname","lastname": "some lastname","email": "some@example.com"}'

=end

  def create
    user = User.new( User.param_cleanup(params) )
    user.updated_by_id = (current_user && current_user.id) || 1
    user.created_by_id = (current_user && current_user.id) || 1

    begin

      # if it's a signup, add user to customer role
      if user.created_by_id == 1

        # check if feature is enabled
        if !Setting.get('user_create_account')
          render :json => { :error => 'Feature not enabled!' }, :status => :unprocessable_entity
          return
        end

        # check if it's first user
        count     = User.all.count()
        group_ids = []
        role_ids  = []

        # add first user as admin/agent and to all groups
        if count <= 2
          Role.where( :name => [ 'Admin', 'Agent'] ).each { |role|
            role_ids.push role.id
          }
          Group.all().each { |group|
            group_ids.push group.id
          }

        # everybody else will go as customer per default
        else
          role_ids.push Role.where( :name => 'Customer' ).first.id
        end
        user.role_ids  = role_ids
        user.group_ids = group_ids

      # else do assignment as defined
      else
        if params[:role_ids]
          user.role_ids = params[:role_ids]
        end
        if params[:group_ids]
          user.group_ids = params[:group_ids]
        end
      end

      # check if user already exists
      if user.email
        exists = User.where( :email => user.email ).first
        if exists
          render :json => { :error => 'User already exists!' }, :status => :unprocessable_entity
          return
        end
      end

      user.save

      # send inviteation if needed / only if session exists
      if params[:invite] && current_user

        # generate token
        token = Token.create( :action => 'PasswordReset', :user_id => user.id )

        # send mail
        data = {}
        data[:subject] = 'Invitation to #{config.product_name} at #{config.fqdn}'
        data[:body]    = 'Hi #{user.firstname},

I (#{current_user.firstname} #{current_user.lastname}) invite you to #{config.product_name} - a customer support / ticket system platform.

Click on the following link and set your password:

#{config.http_type}://#{config.fqdn}/#password_reset_verify/#{token.name}

Enjoy,

  #{current_user.firstname} #{current_user.lastname}

  Your #{config.product_name} Team
'
    
        # prepare subject & body
        [:subject, :body].each { |key|
          data[key.to_sym] = NotificationFactory.build(
            :locale  => user.locale,
            :string  => data[key.to_sym],
            :objects => {
              :token        => token,
              :user         => user,
              :current_user => current_user,
            }
          )
        }
    
        # send notification
        NotificationFactory.send(
          :recipient => user,
          :subject   => data[:subject],
          :body      => data[:body]
        )
      end

      user_new = User.user_data_full( user.id )
      render :json => user_new, :status => :created
    rescue Exception => e
      render :json => { :error => e.message }, :status => :unprocessable_entity
    end
  end

=begin

Resource:
PUT /api/users/#{id}.json

Payload:
{
  "login": "some_login",
  "firstname": "some firstname",
  "lastname": "some lastname",
  "email": "some@example.com"
}

Response:
{
  "id": 2,
  "login": "some_login",
  ...
},

Test:
curl http://localhost/api/users/2.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"login": "some_login","firstname": "some firstname","lastname": "some lastname","email": "some@example.com"}'

=end

  def update
    user = User.find(params[:id])

    begin
      user.update_attributes( User.param_cleanup(params) )
      if params[:role_ids]
        user.role_ids = params[:role_ids]
      end
      if params[:group_ids]
        user.group_ids = params[:group_ids]
      end
      if params[:organization_ids]
        user.organization_ids = params[:organization_ids]
      end
      user_new = User.user_data_full( params[:id] )
      render :json => user_new, :status => :ok
    rescue Exception => e
      render :json => { :error => e.message }, :status => :unprocessable_entity
    end
  end

  # DELETE /api/users/1
  def destroy
    model_destory_render(User, params)
  end

  # GET /api/users/search
  def search

    # get params
    query = params[:term]
    limit = params[:limit] || 18

    # do query
    user_all = User.find(
      :all,
      :limit      => limit,
      :conditions => ['firstname LIKE ? or lastname LIKE ? or email LIKE ?', "%#{query}%", "%#{query}%", "%#{query}%"],
      :order      => 'firstname'
    )

    # build result list
    users = []
    user_all.each do |user|
      realname = user.firstname.to_s + ' ' + user.lastname.to_s
      if user.email && user.email.to_s != ''
        realname = realname + ' <' +  user.email.to_s + '>'
      end
      a = { :id => user.id, :label => realname, :value => realname }
      users.push a
    end

    # return result
    render :json => users
  end

=begin

Resource:
POST /api/users/password_reset

Payload:
{
  "username": "some user name"
}

Response:
{
  :message => 'ok'
}

Test:
curl http://localhost/api/users/password_reset.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"username": "some_username"}'

=end

  def password_reset_send

    # check if feature is enabled
    if !Setting.get('user_lost_password')
      render :json => { :error => 'Feature not enabled!' }, :status => :unprocessable_entity
      return
    end

    success = User.password_reset_send( params[:username] )
    if success
      render :json => { :message => 'ok' }, :status => :ok
    else
      render :json => { :message => 'failed' }, :status => :unprocessable_entity
    end
  end

=begin

Resource:
POST /api/users/password_reset_verify

Payload:
{
  "token": "SoMeToKeN",
  "password" "new_password"
}

Response:
{
  :message => 'ok'
}

Test:
curl http://localhost/api/users/password_reset_verify.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"token": "SoMeToKeN", "password" "new_password"}'

=end

  def password_reset_verify
    if params[:password]
      user = User.password_reset_via_token( params[:token], params[:password] )
    else
      user = User.password_reset_check( params[:token] )
    end
    if user
      render :json => { :message => 'ok', :user_login => user.login }, :status => :ok
    else
      render :json => { :message => 'failed' }, :status => :unprocessable_entity
    end
  end

=begin

Resource:
POST /api/users/password_change

Payload:
{
  "password_old": "some_password_old",
  "password_new" "some_password_new"
}

Response:
{
  :message => 'ok'
}

Test:
curl http://localhost/api/users/password_change.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"password_old": "password_old", "password_new" "password_new"}'

=end

  def password_change

    # check old password
    if !params[:password_old]
      render :json => { :message => 'Old password needed!' }, :status => :unprocessable_entity
      return  
    end
    user = User.authenticate( current_user.login, params[:password_old] )
    if !user
      render :json => { :message => 'Old password is wrong!' }, :status => :unprocessable_entity
      return  
    end

    # set new password
    if !params[:password_new]
      render :json => { :message => 'New password needed!' }, :status => :unprocessable_entity
      return  
    end
    user.update_attributes( :password => params[:password_new] )
    render :json => { :message => 'ok', :user_login => user.login }, :status => :ok
  end

end
Init version. 2012-04-10 14:06:46 +00:00			`class UsersController < ApplicationController`
Init version pf password reset. 2012-04-23 06:55:16 +00:00			`before_filter :authentication_check, :except => [:create, :password_reset_send, :password_reset_verify]`
Init version. 2012-04-10 14:06:46 +00:00
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`=begin`

			`Format:`
			`JSON`

			`Example:`
			`{`
			`"id":2,`
			`"organization_id":null,`
			`"login":"m@edenhofer.de",`
			`"firstname":"Marti",`
			`"lastname":"Ede",`
			`"email":"m@edenhofer.de",`
			`"image":"http://www.gravatar.com/avatar/1c38b099f2344976005de69965733465?s=48",`
			`"web":"http://127.0.0.1",`
			`"password":"123",`
			`"phone":"112",`
			`"fax":"211",`
			`"mobile":"",`
			`"street":"",`
			`"zip":"",`
			`"city":"",`
			`"country":null,`
			`"verified":false,`
			`"active":true,`
			`"note":"some note",`
			`"source":null,`
			`"role_ids":[1,2],`
			`"group_ids":[1,2,3,4],`
			`}`

			`=end`

			`=begin`

			`Resource:`
			`GET /api/users.json`

			`Response:`
			`[`
			`{`
			`"id": 1,`
			`"login": "some_login1",`
			`...`
			`},`
			`{`
			`"id": 2,`
			`"login": "some_login2",`
			`...`
			`}`
			`]`

			`Test:`
			`curl http://localhost/api/users.json -v -u #{login}:#{password}`

			`=end`

Init version. 2012-04-10 14:06:46 +00:00			`def index`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`users = User.all`
			`users_all = []`
			`users.each {\|user\|`
			`users_all.push User.user_data_full( user.id )`
Init version. 2012-04-10 14:06:46 +00:00			`}`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`render :json => users_all`
Init version. 2012-04-10 14:06:46 +00:00			`end`

Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`=begin`

			`Resource:`
			`GET /api/users/1.json`

			`Response:`
			`{`
			`"id": 1,`
			`"login": "some_login1",`
			`...`
			`},`

			`Test:`
			`curl http://localhost/api/users/#{id}.json -v -u #{login}:#{password}`

			`=end`

Init version. 2012-04-10 14:06:46 +00:00			`def show`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`user = User.user_data_full( params[:id] )`
			`render :json => user`
Init version. 2012-04-10 14:06:46 +00:00			`end`

Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`=begin`

			`Resource:`
			`POST /api/users.json`

			`Payload:`
			`{`
			`"login": "some_login",`
			`"firstname": "some firstname",`
			`"lastname": "some lastname",`
			`"email": "some@example.com"`
			`}`

			`Response:`
			`{`
			`"id": 1,`
			`"login": "some_login",`
			`...`
			`},`

			`Test:`
			`curl http://localhost/api/users.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"login": "some_login","firstname": "some firstname","lastname": "some lastname","email": "some@example.com"}'`

			`=end`

Init version. 2012-04-10 14:06:46 +00:00			`def create`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`user = User.new( User.param_cleanup(params) )`
Some datables cleanups. 2012-11-06 21:43:13 +00:00			`user.updated_by_id = (current_user && current_user.id) \|\| 1`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`user.created_by_id = (current_user && current_user.id) \|\| 1`
Use settings params to check if password reset and new user creation is enbled. 2013-01-08 00:43:07 +00:00
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`begin`
Init version. 2012-04-10 14:06:46 +00:00
Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00			`# if it's a signup, add user to customer role`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`if user.created_by_id == 1`
Fixed syntax error. 2012-08-10 07:43:36 +00:00
Use settings params to check if password reset and new user creation is enbled. 2013-01-08 00:43:07 +00:00			`# check if feature is enabled`
			`if !Setting.get('user_create_account')`
			`render :json => { :error => 'Feature not enabled!' }, :status => :unprocessable_entity`
			`return`
			`end`

Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00			`# check if it's first user`
Added first user also to all groups (master agent). 2012-04-13 13:51:10 +00:00			`count = User.all.count()`
			`group_ids = []`
			`role_ids = []`

			`# add first user as admin/agent and to all groups`
Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00			`if count <= 2`
Added first user also to all groups (master agent). 2012-04-13 13:51:10 +00:00			`Role.where( :name => [ 'Admin', 'Agent'] ).each { \|role\|`
			`role_ids.push role.id`
			`}`
			`Group.all().each { \|group\|`
			`group_ids.push group.id`
			`}`
Fixed syntax error. 2012-08-10 07:43:36 +00:00
Added first user also to all groups (master agent). 2012-04-13 13:51:10 +00:00			`# everybody else will go as customer per default`
Init version. 2012-04-10 14:06:46 +00:00			`else`
Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00			`role_ids.push Role.where( :name => 'Customer' ).first.id`
			`end`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`user.role_ids = role_ids`
			`user.group_ids = group_ids`
Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00
			`# else do assignment as defined`
			`else`
			`if params[:role_ids]`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`user.role_ids = params[:role_ids]`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00			`if params[:group_ids]`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`user.group_ids = params[:group_ids]`
Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00			`end`
			`end`
Fixed syntax error. 2012-08-10 07:43:36 +00:00
Added duplicate email check. 2013-01-20 01:27:47 +00:00			`# check if user already exists`
			`if user.email`
			`exists = User.where( :email => user.email ).first`
			`if exists`
			`render :json => { :error => 'User already exists!' }, :status => :unprocessable_entity`
			`return`
			`end`
			`end`

Some datables cleanups. 2012-11-06 21:43:13 +00:00			`user.save`

Fixed user invitation. 2013-01-03 10:47:39 +00:00			`# send inviteation if needed / only if session exists`
			`if params[:invite] && current_user`
Fixed syntax error. 2012-08-10 07:43:36 +00:00
Added user invitation email support. 2013-01-03 09:39:33 +00:00			`# generate token`
			`token = Token.create( :action => 'PasswordReset', :user_id => user.id )`

			`# send mail`
			`data = {}`
			`data[:subject] = 'Invitation to #{config.product_name} at #{config.fqdn}'`
Fixed typo in text. 2013-01-03 10:53:11 +00:00			`data[:body] = 'Hi #{user.firstname},`
Added user invitation email support. 2013-01-03 09:39:33 +00:00
Fixed user invitation. 2013-01-03 10:47:39 +00:00			`I (#{current_user.firstname} #{current_user.lastname}) invite you to #{config.product_name} - a customer support / ticket system platform.`
Added user invitation email support. 2013-01-03 09:39:33 +00:00
			`Click on the following link and set your password:`

			`#{config.http_type}://#{config.fqdn}/#password_reset_verify/#{token.name}`

			`Enjoy,`

			`#{current_user.firstname} #{current_user.lastname}`

			`Your #{config.product_name} Team`
			`'`

			`# prepare subject & body`
			`[:subject, :body].each { \|key\|`
			`data[key.to_sym] = NotificationFactory.build(`
Added unit tests for notification template generation (e. g. for emails). Added translation tags i18n('some text') ot i18n(ticket.ticket_state.name) will be translated to frontend locale of recipient. Fixed #26. 2013-01-04 14:28:55 +00:00			`:locale => user.locale,`
Added user invitation email support. 2013-01-03 09:39:33 +00:00			`:string => data[key.to_sym],`
			`:objects => {`
			`:token => token,`
			`:user => user,`
			`:current_user => current_user,`
			`}`
			`)`
			`}`

			`# send notification`
			`NotificationFactory.send(`
			`:recipient => user,`
			`:subject => data[:subject],`
			`:body => data[:body]`
			`)`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Added user invitation email support. 2013-01-03 09:39:33 +00:00
Moved to reworked template processing. Added organization to user model. 2012-10-16 09:46:22 +00:00			`user_new = User.user_data_full( user.id )`
			`render :json => user_new, :status => :created`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`rescue Exception => e`
			`render :json => { :error => e.message }, :status => :unprocessable_entity`
Init version. 2012-04-10 14:06:46 +00:00			`end`
			`end`

Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`=begin`

			`Resource:`
			`PUT /api/users/#{id}.json`

			`Payload:`
			`{`
			`"login": "some_login",`
			`"firstname": "some firstname",`
			`"lastname": "some lastname",`
			`"email": "some@example.com"`
			`}`

			`Response:`
			`{`
			`"id": 2,`
			`"login": "some_login",`
			`...`
			`},`

			`Test:`
			`curl http://localhost/api/users/2.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"login": "some_login","firstname": "some firstname","lastname": "some lastname","email": "some@example.com"}'`

			`=end`

Init version. 2012-04-10 14:06:46 +00:00			`def update`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`user = User.find(params[:id])`
Init version. 2012-04-10 14:06:46 +00:00
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`begin`
			`user.update_attributes( User.param_cleanup(params) )`
Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00			`if params[:role_ids]`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`user.role_ids = params[:role_ids]`
Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00			`end`
			`if params[:group_ids]`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`user.group_ids = params[:group_ids]`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Do not give any password to frontend. Only keep them in rest storage. Use old password if no new one is given. 2012-04-20 15:39:50 +00:00			`if params[:organization_ids]`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`user.organization_ids = params[:organization_ids]`
Do not give any password to frontend. Only keep them in rest storage. Use old password if no new one is given. 2012-04-20 15:39:50 +00:00			`end`
Moved to reworked template processing. Added organization to user model. 2012-10-16 09:46:22 +00:00			`user_new = User.user_data_full( params[:id] )`
			`render :json => user_new, :status => :ok`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`rescue Exception => e`
			`render :json => { :error => e.message }, :status => :unprocessable_entity`
Init version. 2012-04-10 14:06:46 +00:00			`end`
			`end`

Init version of ticket search. 2012-11-14 01:05:53 +00:00			`# DELETE /api/users/1`
Init version. 2012-04-10 14:06:46 +00:00			`def destroy`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`model_destory_render(User, params)`
			`end`
Init version. 2012-04-10 14:06:46 +00:00
Init version of ticket search. 2012-11-14 01:05:53 +00:00			`# GET /api/users/search`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`def search`
Init version of ticket search. 2012-11-14 01:05:53 +00:00
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`# get params`
			`query = params[:term]`
			`limit = params[:limit] \|\| 18`

			`# do query`
			`user_all = User.find(`
			`:all,`
			`:limit => limit,`
			`:conditions => ['firstname LIKE ? or lastname LIKE ? or email LIKE ?', "%#{query}%", "%#{query}%", "%#{query}%"],`
			`:order => 'firstname'`
			`)`
Init version of ticket search. 2012-11-14 01:05:53 +00:00
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`# build result list`
			`users = []`
			`user_all.each do \|user\|`
			`realname = user.firstname.to_s + ' ' + user.lastname.to_s`
			`if user.email && user.email.to_s != ''`
			`realname = realname + ' <' + user.email.to_s + '>'`
			`end`
			`a = { :id => user.id, :label => realname, :value => realname }`
			`users.push a`
			`end`

			`# return result`
			`render :json => users`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Init version pf password reset. 2012-04-23 06:55:16 +00:00
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`=begin`

			`Resource:`
			`POST /api/users/password_reset`

			`Payload:`
			`{`
			`"username": "some user name"`
			`}`

			`Response:`
			`{`
			`:message => 'ok'`
			`}`

			`Test:`
			`curl http://localhost/api/users/password_reset.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"username": "some_username"}'`

			`=end`

Init version pf password reset. 2012-04-23 06:55:16 +00:00			`def password_reset_send`
Use settings params to check if password reset and new user creation is enbled. 2013-01-08 00:43:07 +00:00
			`# check if feature is enabled`
			`if !Setting.get('user_lost_password')`
			`render :json => { :error => 'Feature not enabled!' }, :status => :unprocessable_entity`
			`return`
			`end`

Init version pf password reset. 2012-04-23 06:55:16 +00:00			`success = User.password_reset_send( params[:username] )`
			`if success`
			`render :json => { :message => 'ok' }, :status => :ok`
			`else`
			`render :json => { :message => 'failed' }, :status => :unprocessable_entity`
			`end`
			`end`

Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`=begin`

			`Resource:`
			`POST /api/users/password_reset_verify`

			`Payload:`
			`{`
			`"token": "SoMeToKeN",`
			`"password" "new_password"`
			`}`

			`Response:`
			`{`
			`:message => 'ok'`
			`}`

			`Test:`
			`curl http://localhost/api/users/password_reset_verify.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"token": "SoMeToKeN", "password" "new_password"}'`

			`=end`

Init version pf password reset. 2012-04-23 06:55:16 +00:00			`def password_reset_verify`
Improved password reset feature. 2012-04-23 16:59:35 +00:00			`if params[:password]`
Added auto login after password reset. 2013-01-03 12:00:55 +00:00			`user = User.password_reset_via_token( params[:token], params[:password] )`
Improved password reset feature. 2012-04-23 16:59:35 +00:00			`else`
Added auto login after password reset. 2013-01-03 12:00:55 +00:00			`user = User.password_reset_check( params[:token] )`
Improved password reset feature. 2012-04-23 16:59:35 +00:00			`end`
Added auto login after password reset. 2013-01-03 12:00:55 +00:00			`if user`
			`render :json => { :message => 'ok', :user_login => user.login }, :status => :ok`
Init version pf password reset. 2012-04-23 06:55:16 +00:00			`else`
			`render :json => { :message => 'failed' }, :status => :unprocessable_entity`
			`end`
			`end`

Added password change to profile page. 2013-02-10 21:38:35 +00:00			`=begin`

			`Resource:`
			`POST /api/users/password_change`

			`Payload:`
			`{`
			`"password_old": "some_password_old",`
			`"password_new" "some_password_new"`
			`}`

			`Response:`
			`{`
			`:message => 'ok'`
			`}`

			`Test:`
			`curl http://localhost/api/users/password_change.json -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"password_old": "password_old", "password_new" "password_new"}'`

			`=end`

			`def password_change`

			`# check old password`
			`if !params[:password_old]`
			`render :json => { :message => 'Old password needed!' }, :status => :unprocessable_entity`
			`return`
			`end`
			`user = User.authenticate( current_user.login, params[:password_old] )`
			`if !user`
			`render :json => { :message => 'Old password is wrong!' }, :status => :unprocessable_entity`
			`return`
			`end`

			`# set new password`
			`if !params[:password_new]`
			`render :json => { :message => 'New password needed!' }, :status => :unprocessable_entity`
			`return`
			`end`
			`user.update_attributes( :password => params[:password_new] )`
			`render :json => { :message => 'ok', :user_login => user.login }, :status => :ok`
			`end`

Init version. 2012-04-10 14:06:46 +00:00			`end`