Example of a 'service' object

activations_controller.rb

class ActivationsController < ApplicationController

  respond_to :json

  def create
    new_password = params[:user] && params[:user][:password]
    token = params[:confirmation_token]

    if !new_password
      render_errors({"password"=>["can't be blank"]}.to_json)

    elsif (@user = User.for_confirmation_token(token))

      if @user.try(:suspended?)
        render_unauthorized @user.inactive_message
      else
        setter = PasswordSetter.new(@user)
        setter.set_password new_password, self
      end
    else
      render_unauthorized
    end
  end

  def render_success
    @user.confirm!
    super
  end

end

password_setter.rb

class PasswordSetter

  def initialize user
    @user = user
  end

  def set_password password, responder
    @user.password = password
    if @user.valid?
      @user.save!
      responder.render_success
    else
      errors = @user.errors.messages.to_json
      responder.render_errors errors
    end
  end

end

users_controller.rb

class UsersController < ApplicationController

  respond_to :json

  def update
    new_password = params[:user] && params[:user][:password]
    token = params[:authentication_token]

    if !new_password
      render_errors({"password"=>["can't be blank"]}.to_json)
    elsif (user = User.for_authentication_token(token))
      if user.suspended?
        render_forbidden user.inactive_message
      else
        setter = PasswordSetter.new(user)
        setter.set_password new_password, self
      end
    else
      render_unauthorized
    end
  end
end