Update password link not working yet

4 years ago · 275ef81b4e
18 changed files with 69 additions and 123 deletions
--- a/app/controllers/users/passwords_controller.rb
+++ b/app/controllers/users/passwords_controller.rb
@ -1,4 +1,4 @@
-class Users::PasswordsController < Devise::PasswordsController
+class Auth::PasswordsController < Devise::PasswordsController
  include Helpers::Email

  def reset_confirmation
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@ -1,4 +1,4 @@
-class Users::SessionsController < Devise::SessionsController
+class Auth::SessionsController < Devise::SessionsController
  include Helpers::Email

  def create
--- a/app/controllers/users/account_controller.rb
+++ b/app/controllers/users/account_controller.rb
@ -1,27 +0,0 @@
-class Users::AccountController < ApplicationController
-  def index
-    check_logged_in
-  end
-
-  def edit
-    check_logged_in
-  end
-
-  def update
-    if current_user.update(user_params)
-      redirect_to(users_account_path)
-    end
-  end
-
-private
-
-  def check_logged_in
-    if current_user.nil?
-      redirect_to(new_user_session_path)
-    end
-  end
-
-  def user_params
-    params.require(:user).permit(:email, :name, :password)
-  end
-end
--- a/app/controllers/users/registrations_controller.rb
+++ b/app/controllers/users/registrations_controller.rb
@ -1,14 +0,0 @@
-class Users::RegistrationsController < Devise::RegistrationsController
-  skip_before_action :require_no_authentication
-
-  def new
-    self.resource = resource_class.new
-    respond_with resource
-  end
-
-protected
-
-  def after_update_path_for(_resource)
-    users_account_path
-  end
-end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -0,0 +1,23 @@
+class UsersController < ApplicationController
+  before_action :authenticate_user!
+
+  def update
+    if current_user.update(user_params)
+      redirect_to(user_path)
+    end
+  end
+
+  def new
+    @resource = User.new
+  end
+
+  def create
+    User.create!(user_params)
+  end
+
+private
+
+  def user_params
+    params.require(:user).permit(:email, :name, :password)
+  end
+end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -2,7 +2,7 @@ class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :recoverable, :rememberable, :validatable,
-         :trackable, :registerable
+         :trackable

  belongs_to :organisation
  has_many :owned_case_logs, through: :organisation
--- a/app/views/devise/passwords/edit.html.erb
+++ b/app/views/devise/passwords/edit.html.erb
@ -1,18 +1,26 @@
-<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
+<% content_for :before_content do %>
+  <%= govuk_back_link(
+    text: 'Back',
+    href: :back,
+  ) %>
+<% end %>
+
+<%= form_for(current_user, as: :user, url: account_update_path(), html: { method: :patch }) do |f| %>
  <div class="govuk-grid-row">
    <div class="govuk-grid-column-two-thirds">
-      <h1 class="govuk-heading-l">Reset your password</h1>
-      <%= render "devise/shared/error_messages", resource: resource %>
+      <h1 class="govuk-heading-l">Change your password</h1>

-      <%= f.hidden_field :reset_password_token %>
+      <%= f.govuk_password_field :current_password,
+        label: { text: "Current password" },
+        autocomplete: "current-password"
+      %>

      <%= f.govuk_password_field :password,
-        label: { text: "New password" },
        hint: @minimum_password_length ? { text: "Your password must be at least #{@minimum_password_length} characters and hard to guess." } : nil,
        autocomplete: "new-password"
      %>

-      <%= f.govuk_submit "Reset password" %>
+      <%= f.govuk_submit "Update" %>
    </div>
  </div>
 <% end %>
--- a/app/views/devise/registrations/edit.html.erb
+++ b/app/views/devise/registrations/edit.html.erb
@ -1,26 +0,0 @@
-<% content_for :before_content do %>
-  <%= govuk_back_link(
-    text: 'Back',
-    href: :back,
-  ) %>
-<% end %>
-
-<%= form_for(resource, as: resource_name, url: user_registration_path(), html: { method: :patch }) do |f| %>
-  <div class="govuk-grid-row">
-    <div class="govuk-grid-column-two-thirds">
-      <h1 class="govuk-heading-l">Change your password</h1>
-
-      <%= f.govuk_password_field :current_password,
-        label: { text: "Current password" },
-        autocomplete: "current-password"
-      %>
-
-      <%= f.govuk_password_field :password,
-        hint: @minimum_password_length ? { text: "Your password must be at least #{@minimum_password_length} characters and hard to guess." } : nil,
-        autocomplete: "new-password"
-      %>
-
-      <%= f.govuk_submit "Update" %>
-    </div>
-  </div>
-<% end %>
--- a/app/views/devise/shared/_error_messages.html.erb
+++ b/app/views/devise/shared/_error_messages.html.erb
@ -1,15 +0,0 @@
-<% if resource.errors.any? %>
-  <div id="error_explanation">
-    <h2>
-      <%= I18n.t("errors.messages.not_saved",
-                 count: resource.errors.count,
-                 resource: resource.class.model_name.human.downcase)
-       %>
-    </h2>
-    <ul>
-      <% resource.errors.full_messages.each do |message| %>
-        <li><%= message %></li>
-      <% end %>
-    </ul>
-  </div>
-<% end %>
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@ -41,7 +41,7 @@
        elsif
          component.navigation_item(text: 'Case logs', href: case_logs_path)
          component.navigation_item(text: 'Your organisation', href: "/organisations/#{current_user.organisation.id}")
-          component.navigation_item(text: 'Your account', href: users_account_path)
+          component.navigation_item(text: 'Your account', href: user_path(current_user))
          component.navigation_item(text: 'Sign out', href: destroy_user_session_path, options: {:method => :delete})
        end
      end
--- a/app/views/organisations/users.html.erb
+++ b/app/views/organisations/users.html.erb
@ -3,7 +3,7 @@
  <%= "Users" %>
 <% end %>

-<%= govuk_button_link_to "Invite user", new_user_registration_path, html: { "data-turbo" => "false", method: :get } %>
+<%= govuk_button_link_to "Invite user", users_invite_organisation_path(@organisation), html: { method: :get } %>
 <%= govuk_table do |table| %>
  <%= table.head do |head| %>
    <%= head.row do |row|
--- a/app/views/users/account/edit.html.erb
+++ b/app/views/users/account/edit.html.erb
@ -5,7 +5,7 @@
  ) %>
 <% end %>

-<%= form_for(current_user, as: :user, url: account_update_path(), html: { method: :patch }) do |f| %>
+<%= form_for(current_user, as: :user, html: { method: :patch }) do |f| %>
  <div class="govuk-grid-row">
    <div class="govuk-grid-column-two-thirds">
      <h1 class="govuk-heading-l">Change your personal details</h1>
--- a/app/views/devise/registrations/new.html.erb
+++ b/app/views/devise/registrations/new.html.erb
@ -5,7 +5,7 @@
  ) %>
 <% end %>

-<%= form_for(resource, as: resource_name, url: user_registration_path(), html: { method: :patch }) do |f| %>
+<%= form_for(@resource, as: @resource_name, url: account_create_path(), html: { method: :post }) do |f| %>
  <div class="govuk-grid-row">
    <div class="govuk-grid-column-two-thirds">
      <%= f.govuk_error_summary %>
@ -19,7 +19,7 @@
      <%= f.govuk_email_field :email,
        label: { text: "Email address" },
        autocomplete: "email",
-        value: resource.email
+        value: @resource.email
      %>

      <%= f.govuk_submit "Continue" %>
--- a/app/views/users/account/index.html.erb
+++ b/app/views/users/account/index.html.erb
@ -11,19 +11,19 @@
      <%= summary_list.row do |row|
        row.key { 'Name' }
        row.value { current_user.name }
-        row.action(visually_hidden_text: 'name', href: '/users/account/personal-details', html_attributes: { 'data-qa': 'change-name' })
+        row.action(visually_hidden_text: 'name', href: edit_user_path, html_attributes: { 'data-qa': 'change-name' })
      end %>

      <%= summary_list.row() do |row|
        row.key { 'Email address' }
        row.value { current_user.email }
-        row.action(visually_hidden_text: 'email address', href: '/users/account/personal-details', html_attributes: { 'data-qa': 'change-email' })
+        row.action(visually_hidden_text: 'email address', href: edit_user_path, html_attributes: { 'data-qa': 'change-email' })
      end %>

      <%= summary_list.row do |row|
        row.key { 'Password' }
        row.value { '••••••••' }
-        row.action(visually_hidden_text: 'password', href: edit_user_registration_path, html_attributes: { 'data-qa': 'change-password' })
+        row.action(visually_hidden_text: 'password', href: edit_user_password_path, html_attributes: { 'data-qa': 'change-password' })
      end %>

      <%= summary_list.row do |row|
--- a/config/routes.rb
+++ b/config/routes.rb
@ -1,18 +1,12 @@
 Rails.application.routes.draw do
  devise_for :admin_users, ActiveAdmin::Devise.config
  devise_for :users, controllers: {
-    passwords: "users/passwords",
-    sessions: "users/sessions",
-    registrations: "users/registrations",
-  }, path_names: { sign_in: "sign-in", sign_out: "sign-out", sign_up: "invite" }
+    passwords: "auth/passwords",
+    sessions: "auth/sessions",
+  }, path_names: { sign_in: "sign-in", sign_out: "sign-out" }

  devise_scope :user do
-    get "user", to: "users/account#index"
-    get "users", to: "users/account#index"
-    get "users/account", to: "users/account#index"
-    get "confirmations/reset", to: "users/passwords#reset_confirmation"
-    get "users/account/personal-details", to: "users/account#edit"
-    patch "details", to: "users/account#update", as: "account_update"
+    get "confirmations/reset", to: "auth/passwords#reset_confirmation"
  end

  # For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html
@ -20,16 +14,19 @@ Rails.application.routes.draw do
  root to: "test#index"
  get "about", to: "about#index"

-  form_handler = FormHandler.instance
-  form = form_handler.get_form("2021_2022")
+  resources :users

  resources :organisations do
    member do
      get "details", to: "organisations#show"
      get "users", to: "organisations#users"
+      get "users/invite", to: "users/account#new"
    end
  end

+  form_handler = FormHandler.instance
+  form = form_handler.get_form("2021_2022")
+
  resources :case_logs, path: "/case-logs" do
    collection do
      post "bulk-upload", to: "bulk_upload#bulk_upload"
--- a/spec/features/organisation_spec.rb
+++ b/spec/features/organisation_spec.rb
@ -32,7 +32,7 @@ RSpec.describe "User Features" do
      visit("/organisations/#{org_id}")
      click_link("Users")
      click_link("Invite user")
-      expect(page).to have_current_path("/users/invite")
+      expect(page).to have_current_path("/organisations/#{org_id}/users/invite")
      expect(page).to have_content("Invite user to submit CORE data")
    end
  end
--- a/spec/features/user_spec.rb
+++ b/spec/features/user_spec.rb
@ -96,7 +96,7 @@ RSpec.describe "User Features" do
    end

    it "tries to access account page, redirects to log in page" do
-      visit("/users/account")
+      visit("/users/#{user.id}")
      expect(page).to have_content("Sign in to your account to submit CORE data")
    end
  end
@ -141,41 +141,41 @@ RSpec.describe "User Features" do
      visit("/case-logs")
      expect(page).to have_link("Your account")
      click_link("Your account")
-      expect(page).to have_current_path("/users/account")
+      expect(page).to have_current_path("/users/#{user.id}")
    end

    it "main page is present and accessible" do
-      visit("/users/account")
+      visit("/users/#{user.id}")
      expect(page).to have_content("Your account")
    end

    it "personal details page is present and accessible" do
-      visit("/users/account/personal-details")
+      visit("/users/#{user.id}/edit")
      expect(page).to have_content("Change your personal details")
    end

    it "edit password page present and accessible" do
-      visit("users/edit")
+      visit("users/#{user.id}/password/edit")
      expect(page).to have_content("Change your password")
    end

    it "can navigate to change your password page from main account page" do
-      visit("/users/account")
+      visit("/users/#{user.id}")
      find('[data-qa="change-password"]').click
      expect(page).to have_content("Change your password")
      fill_in("user[current_password]", with: "pAssword1")
      fill_in("user[password]", with: "Password123!")
      click_button("Update")
-      expect(page).to have_current_path("/users/account")
+      expect(page).to have_current_path("/users/#{user.id}")
    end

    it "allow user to change name" do
-      visit("/users/account")
+      visit("/users/#{user.id}")
      find('[data-qa="change-name"]').click
      expect(page).to have_content("Change your personal details")
      fill_in("user[name]", with: "Test New")
      click_button("Save changes")
-      expect(page).to have_current_path("/users/account")
+      expect(page).to have_current_path("/users/#{user.id}")
      expect(page).to have_content("Test New")
    end
  end
--- a/spec/requests/users/passwords_controller_spec.rb
+++ b/spec/requests/users/passwords_controller_spec.rb
@ -1,7 +1,7 @@
 require "rails_helper"
 require_relative "../../support/devise"

-RSpec.describe Users::PasswordsController, type: :request do
+RSpec.describe Auth::PasswordsController, type: :request do
  let(:params) { { user: { email: email } } }

  context "when a password reset is requested for a valid email" do
@ -18,7 +18,7 @@ RSpec.describe Users::PasswordsController, type: :request do

  context "when a password reset is requested with an email that doesn't exist in the system" do
    before do
-      allow_any_instance_of(Users::PasswordsController).to receive(:is_navigational_format?).and_return(false)
+      allow_any_instance_of(Auth::PasswordsController).to receive(:is_navigational_format?).and_return(false)
    end

    let(:email) { "madeup_email@test.com" }