The built-in controllers can be overridden with your own custom controllers.
For example, the default behavior of the validate_token
method of the TokenValidationController
is to return the User
object as json (sans password and token data). The following example shows how to override the validate_token
action to include a model method as well.
# config/routes.rb
Rails.application.routes.draw do
...
mount_devise_token_auth_for 'User', at: 'auth', controllers: {
token_validations: 'overrides/token_validations'
}
end
# app/controllers/overrides/token_validations_controller.rb
module Overrides
class TokenValidationsController < DeviseTokenAuth::TokenValidationsController
def validate_token
# @resource will have been set by set_user_by_token concern
if @resource
render json: {
data: @resource.as_json(methods: :calculate_operating_thetan)
}
else
render json: {
success: false,
errors: ["Invalid login credentials"]
}, status: 401
end
end
end
end
To customize json rendering, implement the following protected controller methods, for success methods, assume that the @resource object is available:
- render_create_error_missing_confirm_success_url
- render_create_error_redirect_url_not_allowed
- render_create_success
- render_create_error
- render_update_success
- render_update_error
- render_update_error_user_not_found
- render_new_error
- render_create_success
- render_create_error_not_confirmed
- render_create_error_bad_credentials
- render_destroy_success
- render_destroy_error
- render_create_error_missing_email
- render_create_error_missing_redirect_url
- render_create_error_not_allowed_redirect_url
- render_create_success
- render_create_error
- render_update_error_unauthorized
- render_update_error_password_not_required
- render_update_error_missing_password
- render_update_success
- render_update_error
- render_validate_token_success
- render_validate_token_error
- render_create_error_missing_email
- render_create_success
- render_not_found_error
mount_devise_token_auth_for 'User', at: 'auth', controllers: {
confirmations: 'devise_token_auth/confirmations',
passwords: 'devise_token_auth/passwords',
omniauth_callbacks: 'devise_token_auth/omniauth_callbacks',
registrations: 'devise_token_auth/registrations',
sessions: 'devise_token_auth/sessions',
token_validations: 'devise_token_auth/token_validations'
}
Note: Controller overrides must implement the expected actions of the controllers that they replace.
It may be that you simply want to add behavior to existing controllers without having to re-implement their behavior completely. In this case, you can do so by creating a new controller that inherits from any of DeviseTokenAuth's controllers, overriding whichever methods you'd like to add behavior to by passing a block to super
:
class Custom::RegistrationsController < DeviseTokenAuth::RegistrationsController
def create
super do |resource|
resource.do_something(extra)
end
end
end
Your block will be performed just before the controller would usually render a successful response.
You will probably want to override the default email templates for email sign-up and password-reset confirmation. Run the following command to copy the email templates into your app:
rails generate devise_token_auth:install_views
This will create two new files:
app/views/devise/mailer/reset_password_instructions.html.erb
app/views/devise/mailer/confirmation_instructions.html.erb
These files may be edited to suit your taste. You can customize the e-mail subjects like this.
Note: if you choose to modify these templates, do not modify the link_to
blocks unless you absolutely know what you are doing.