feat: Improved password security policy (#2345)

Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
2025-11-01 19:48:08 +00:00 · 2021-06-07 17:26:08 +05:30
parent d1b3c7b0c2
commit 467b45b427
36 changed files with 284 additions and 151 deletions
--- a/app/controllers/devise_overrides/passwords_controller.rb
+++ b/app/controllers/devise_overrides/passwords_controller.rb
@@ -13,7 +13,7 @@ class DeviseOverrides::PasswordsController < Devise::PasswordsController
      send_auth_headers(@recoverable)
      render partial: 'devise/auth.json', locals: { resource: @recoverable }
    else
-      render json: { "message": 'Invalid token', "redirect_url": '/' }, status: 422
+      render json: { message: 'Invalid token', redirect_url: '/' }, status: :unprocessable_entity
    end
  end

@@ -27,7 +27,7 @@ class DeviseOverrides::PasswordsController < Devise::PasswordsController
    end
  end

-  protected
+  private

  def reset_password_and_confirmation(recoverable)
    recoverable.confirm unless recoverable.confirmed? # confirm if user resets password without confirming anytime before
@@ -40,7 +40,7 @@ class DeviseOverrides::PasswordsController < Devise::PasswordsController

  def build_response(message, status)
    render json: {
-      "message": message
+      message: message
    }, status: status
  end
 end