devise, what is /my_users/password/edit

2
votes

I've done a very basic devise setup (devise 3.3.0, rails 4.1.5, ruby 2.1.1).
I let it create the model (rails g devise:install and rails devise my_user) in my emtpy application.
Let's have a look at the routes that now i have (i've added blank lines for better viewing):


 1         new_my_user_session    GET    /my_users/sign_in(.:format)         devise/sessions#new
 2             my_user_session    POST   /my_users/sign_in(.:format)         devise/sessions#create
 3     destroy_my_user_session    DELETE /my_users/sign_out(.:format)        devise/sessions#destroy

 4            my_user_password    POST   /my_users/password(.:format)        devise/passwords#create
 5        new_my_user_password    GET    /my_users/password/new(.:format)    devise/passwords#new
 6       edit_my_user_password    GET    /my_users/password/edit(.:format)   devise/passwords#edit
 7                                PATCH  /my_users/password(.:format)        devise/passwords#update
 8                                PUT    /my_users/password(.:format)        devise/passwords#update

 9 cancel_my_user_registration    GET    /my_users/cancel(.:format)          devise/registrations#cancel

10        my_user_registration    POST   /my_users(.:format)                 devise/registrations#create

11    new_my_user_registration    GET    /my_users/sign_up(.:format)         devise/registrations#new
12   edit_my_user_registration    GET    /my_users/edit(.:format)            devise/registrations#edit
13                                PATCH  /my_users(.:format)                 devise/registrations#update
14                                PUT    /my_users(.:format)                 devise/registrations#update
15                                DELETE /my_users(.:format)                 devise/registrations#destroy

Now let's recap:

[1,2]       user sign in (available w/o authentication)
[3]         user sign out
[4,5]       forgotten password form (w/o authentication)
[6,7,8]     editing password? WHAT DOES IT DO THIS?
[9]         cancel registration?
[10,11]     user sign up (registration of a new user) 
[12,13,14]  user editing his data
[15]        user delete himself

I'm expecially interested in understand what are meant to do the 6,7,8 actions, that seem to edit the password, but actually don't. Infact, there are two other ways of doing this, that are:

  1. 'forgotten password' capability (actions 4,5)
  2. 'edit user' capability (actions 12,13,14)

The second question is, what does it do the cancel registration action?

Edit 1

Moreover, the my_user/password/edit route, whatever it is supposed to do, seems to be not working. When i browse it, i simply get redirected to the root page. Here is the log: 

Started GET "/my_users/password/edit" for 127.0.0.1 at 2014-09-22 16:37:04 +0200
Processing by Devise::PasswordsController#edit as HTML
  MyUser Load (0.7ms)  SELECT  "my_users".* FROM "my_users"  WHERE "my_users"."id" = 5  ORDER BY "my_users"."id" ASC LIMIT 1
Redirected to http://localhost:3000/
Filter chain halted as :require_no_authentication rendered or redirected
1
ruby-on-railsdevise
Didn't you ever change a password? You know, the form with three field (current password, new password, new password confirmation). I bet that 6,7,8 are for this one.Sergio Tulentsev
perhaps i didn't explain very well. there is no one, but there are TWO other ways to change password, you know that form with three fields... (actions 12,13,14) :-) and the other one, that that allows you to do it via emailAgostinoX

1 Answers

2
votes

'forgotten password' capability (actions 4,5)

This will generate new reset password token for registered email. This is a part of forgot password functionality.

'edit user' capability (actions 12,13,14)

This is also part of forgot password functionality. This will find user to edit on the basis of there reset password token and update password afterwards.

The second question is, what does it do the cancel registration action?

this will remove all session data user inserted during registration. Like clear functionality. below comment in devise registration cancel action. link here https://github.com/plataformatec/devise/blob/master/app/controllers/devise/registrations_controller.rb

# GET /resource/cancel
# Forces the session data which is usually expired after sign
# in to be expired now. This is useful if the user wants to
# cancel oauth signing in/up in the middle of the process,
# removing all OAuth session data.