Confirmable

3 years ago · 1f8647828e
16 changed files with 67 additions and 55 deletions
--- a/app/controllers/user/confirmations_controller.rb
+++ b/app/controllers/user/confirmations_controller.rb
@ -0,0 +1,8 @@
+class User::ConfirmationsController < Devise::ConfirmationsController
+
+protected
+
+  def after_confirmation_path_for(resource_name, resource)
+    new_user_confirmation_path(resource)
+  end
+end
--- a/app/controllers/user/passwords_controller.rb
+++ b/app/controllers/user/passwords_controller.rb
@ -1,4 +1,4 @@
-class Auth::PasswordsController < Devise::PasswordsController
+class User::PasswordsController < Devise::PasswordsController
  include Helpers::Email

  def reset_confirmation
@ -11,7 +11,7 @@ class Auth::PasswordsController < Devise::PasswordsController
      resource.errors.add :email, "Enter an email address in the correct format, like name@example.com"
      render "devise/passwords/new", status: :unprocessable_entity
    else
-      render "devise/confirmations/reset"
+      render "devise/passwords/reset_confirmation"
    end
  end

--- a/app/controllers/user/sessions_controller.rb
+++ b/app/controllers/user/sessions_controller.rb
@ -1,4 +1,4 @@
-class Auth::SessionsController < Devise::SessionsController
+class User::SessionsController < Devise::SessionsController
  include Helpers::Email

  def create
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -34,7 +34,6 @@ class UsersController < ApplicationController
      render :new, status: :unprocessable_entity
    else
      @user = User.create!(user_params.merge(org_params).merge(password_params))
-      @user.send_reset_password_instructions
      redirect_to users_organisation_path(current_user.organisation)
    end
  end
--- a/app/mailers/notify_devise_mailer.rb
+++ b/app/mailers/notify_devise_mailer.rb
@ -5,6 +5,10 @@ class NotifyDeviseMailer < Devise::Mailer
    @notify_client ||= ::Notifications::Client.new(ENV["GOVUK_NOTIFY_API_KEY"])
  end

+  def host
+    @host ||= ENV["APP_HOST"]
+  end
+
  def send_email(email, template_id, personalisation)
    notify_client.send_email(
      email_address: email,
@ -18,7 +22,7 @@ class NotifyDeviseMailer < Devise::Mailer
    personalisation = {
      name: record.name,
      email: record.email,
-      link: "#{ENV['host']}/users/password/edit?reset_password_token=#{token}"
+      link: "https://#{host}/users/password/edit?reset_password_token=#{token}"
    }
    send_email(record.email, template_id, personalisation)
  end
@ -29,8 +33,9 @@ class NotifyDeviseMailer < Devise::Mailer
      name: record.name,
      email: record.email,
      organisation: record.organisation.name,
-      link: "#{ENV['host']}/users/password/edit?reset_password_token=#{token}"
+      link: "https://#{host}/users/confirmation?confirmation_token=#{token}"
    }
+    send_email(record.email, template_id, personalisation)
  end

  def unlock_instructions(record, token, opts = {})
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -2,9 +2,9 @@ class User < ApplicationRecord
  include Constants::User

  # Include default devise modules. Others available are:
-  # :confirmable, :lockable, :timeoutable and :omniauthable
+  # :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :recoverable, :rememberable, :validatable,
-         :trackable
+         :trackable, :confirmable

  belongs_to :organisation
  has_many :owned_case_logs, through: :organisation
--- a/app/views/devise/confirmations/new.html.erb
+++ b/app/views/devise/confirmations/new.html.erb
@ -1,16 +1,32 @@
-<h2>Resend confirmation instructions</h2>
+<% content_for :title, "Set your password" %>

-<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
-  <%= render "devise/shared/error_messages", resource: resource %>
+<% content_for :before_content do %>
+  <%= govuk_back_link(
+    text: 'Back',
+    href: :back,
+  ) %>
+<% end %>

-  <%= f.govuk_email_field :email,
-    label: { text: "Email address" },
-    autocomplete: "email",
-    spellcheck: "false",
-    value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email)
-  %>
+<%= form_for(@user, as: :user, html: { method: :patch }) do |f| %>
+  <div class="govuk-grid-row">
+    <div class="govuk-grid-column-two-thirds">
+      <%= f.govuk_error_summary(presenter: ErrorSummaryFullMessagesPresenter) %>

-  <%= f.govuk_submit "Resend confirmation instructions" %>
-<% end %>
+      <h1 class="govuk-heading-l">
+        <%= content_for(:title) %>
+      </h1>
+
+      <%= f.govuk_password_field :password,
+        label: { text: "New password" },
+        hint: @minimum_password_length ? { text: "Your password must be at least #{@minimum_password_length} characters and hard to guess." } : nil,
+        autocomplete: "new-password"
+      %>

-<%= render "devise/shared/links" %>
+      <%= f.govuk_password_field :password_confirmation,
+        label: { text: "Confirm new password" }
+      %>
+
+      <%= f.govuk_submit "Update" %>
+    </div>
+  </div>
+<% end %>
--- a/app/views/devise/mailer/_password_change_forgotten.html.erb
+++ b/app/views/devise/mailer/_password_change_forgotten.html.erb
@ -1,8 +0,0 @@
-<p>Hello <%= @resource.email %>!</p>
-
-<p>Someone has requested a link to change your password. You can do this through the link below.</p>
-
-<p><%= govuk_link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>
-
-<p>If you didn't request this, please ignore this email.</p>
-<p>Your password won't change until you access the link above and create a new one.</p>
--- a/app/views/devise/mailer/_password_change_initial.html.erb
+++ b/app/views/devise/mailer/_password_change_initial.html.erb
@ -1,6 +0,0 @@
-<p>Hello <%= @resource.name %>!</p>
-
-<p>An account has been created for you to submit CORE data on behalf of <%= @resource.organisation.name %>.</p>
-
-<p>Your username is <%= @resource.email %>, use the link below to set your password.
-<p><%= govuk_link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>
--- a/app/views/devise/mailer/confirmation_instructions.html.erb
+++ b/app/views/devise/mailer/confirmation_instructions.html.erb
@ -1,5 +0,0 @@
-<p>Welcome <%= @email %>!</p>
-
-<p>You can confirm your account email through the link below:</p>
-
-<p><%= govuk_link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>
--- a/app/views/devise/mailer/reset_password_instructions.html.erb
+++ b/app/views/devise/mailer/reset_password_instructions.html.erb
@ -1,5 +0,0 @@
-<% if @resource.last_sign_in_at.nil? %>
-  <%= render partial: "password_change_initial" %>
-<% else %>
-  <%= render partial: "password_change_forgotten" %>
-<% end %>
--- a/app/views/devise/passwords/reset_confirmation.html.erb
+++ b/app/views/devise/passwords/reset_confirmation.html.erb
--- a/app/views/devise/shared/_links.html.erb
+++ b/app/views/devise/shared/_links.html.erb
@ -10,10 +10,6 @@
  <p class="govuk-body"> You can <%= govuk_link_to "reset your password", new_password_path(resource_name) %> if you’ve forgotten it.<p><br />
 <% end %>

-<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
-  <%= govuk_link_to "Didn’t receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
-<% end %>
-
 <%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
  <%= govuk_link_to "Didn’t receive unlock instructions?", new_unlock_path(resource_name) %><br />
 <% end %>
--- a/config/routes.rb
+++ b/config/routes.rb
@ -1,14 +1,11 @@
 Rails.application.routes.draw do
  devise_for :admin_users, ActiveAdmin::Devise.config
  devise_for :users, controllers: {
-    passwords: "auth/passwords",
-    sessions: "auth/sessions",
+    passwords: "user/passwords",
+    sessions: "user/sessions",
+    confirmations: "user/confirmations"
  }, path_names: { sign_in: "sign-in", sign_out: "sign-out" }

-  devise_scope :user do
-    get "confirmations/reset", to: "auth/passwords#reset_confirmation"
-  end
-
  # For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html
  ActiveAdmin.routes(self)

--- a/db/migrate/20220121153444_users_confirmable.rb
+++ b/db/migrate/20220121153444_users_confirmable.rb
@ -0,0 +1,11 @@
+class UsersConfirmable < ActiveRecord::Migration[7.0]
+  def change
+    change_table :users, bulk: true do |t|
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      t.string   :unconfirmed_email # Only if using reconfirmable
+    end
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 2022_01_14_105351) do
+ActiveRecord::Schema.define(version: 2022_01_21_153444) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@ -236,6 +236,10 @@ ActiveRecord::Schema.define(version: 2022_01_14_105351) do
    t.string "current_sign_in_ip"
    t.string "last_sign_in_ip"
    t.integer "role"
+    t.string "confirmation_token"
+    t.datetime "confirmed_at"
+    t.datetime "confirmation_sent_at"
+    t.string "unconfirmed_email"
    t.index ["email"], name: "index_users_on_email", unique: true
    t.index ["organisation_id"], name: "index_users_on_organisation_id"
    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true