Search code examples
ruby-on-railsrestaccount-management

Misc account management pages in a RESTful design in Rails 3

How do miscellaneous account management pages fit into a RESTful design in Rails 3?

For example, a user registers (create action) and is then forwarded to a registration success page (? action) where they are asked to now verify their email address via a url with a token (emailed to them).

When they click the link in the email, technically they are "updating" their account as part of the verification process right? So I'm thinking that would somehow map to the "update" action but the update action is expecting a PUT request. Is that correct? How do you make that work via the email?

I'm also wondering how forgot password, reset password, etc also fit into a RESTful design? Just trying to wrap my head around this.

Solution

  • Just because you have a result design, doesn't mean you HAVE to restrict yourself to only CRUD verbs that map 1:1 to Get/Post/Put/Delete. That said, if you want to get really RESTful, you can start to think of some of these things in terms of being their own resources. For example user verification:

    • User signs up, and gets sent a verification email, you already have that all squared away RESTfully it looks like
    • Verification url looks like: http://app.com/user_verifications/new?token=foobar (GET)
    • They follow the url and maybe are presented with a "Hello Dan, welcome back! Click here to verify your account" at that point you submit a form to http://app.com/user_verifications to trigger the create action there. Now on the backend, you can perform whatever actions you want, updating the user, setting them to active, or actually creating a "UserVerification" model.

    Not a perfect example, but the idea is that the RESTful interface you are providing has an additional resource, in this case "user_verifications" and a user is acting upon it via HTTP methods in order to achieve the user's goals. You can apply similar logic to reset/forgot password either with a "UserSession" type resource or even as specific as a specific "ForgotPassword" resource.