diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb similarity index 94% rename from app/controllers/users/passwords_controller.rb rename to app/controllers/auth/passwords_controller.rb index 6517b6581..0f6e1c9b0 100644 --- a/app/controllers/users/passwords_controller.rb +++ b/app/controllers/auth/passwords_controller.rb @@ -1,4 +1,4 @@ -class Users::PasswordsController < Devise::PasswordsController +class Auth::PasswordsController < Devise::PasswordsController include Helpers::Email def reset_confirmation diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb similarity index 90% rename from app/controllers/users/sessions_controller.rb rename to app/controllers/auth/sessions_controller.rb index f81f8fb05..a117aecff 100644 --- a/app/controllers/users/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -1,4 +1,4 @@ -class Users::SessionsController < Devise::SessionsController +class Auth::SessionsController < Devise::SessionsController include Helpers::Email def create diff --git a/app/controllers/users/account_controller.rb b/app/controllers/users/account_controller.rb deleted file mode 100644 index f696d3ae7..000000000 --- a/app/controllers/users/account_controller.rb +++ /dev/null @@ -1,27 +0,0 @@ -class Users::AccountController < ApplicationController - def index - check_logged_in - end - - def edit - check_logged_in - end - - def update - if current_user.update(user_params) - redirect_to(users_account_path) - end - end - -private - - def check_logged_in - if current_user.nil? - redirect_to(new_user_session_path) - end - end - - def user_params - params.require(:user).permit(:email, :name, :password) - end -end diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb deleted file mode 100644 index 2c3775488..000000000 --- a/app/controllers/users/registrations_controller.rb +++ /dev/null @@ -1,14 +0,0 @@ -class Users::RegistrationsController < Devise::RegistrationsController - skip_before_action :require_no_authentication - - def new - self.resource = resource_class.new - respond_with resource - end - -protected - - def after_update_path_for(_resource) - users_account_path - end -end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb new file mode 100644 index 000000000..6435a03d8 --- /dev/null +++ b/app/controllers/users_controller.rb @@ -0,0 +1,23 @@ +class UsersController < ApplicationController + before_action :authenticate_user! + + def update + if current_user.update(user_params) + redirect_to(user_path) + end + end + + def new + @resource = User.new + end + + def create + User.create!(user_params) + end + +private + + def user_params + params.require(:user).permit(:email, :name, :password) + end +end diff --git a/app/models/user.rb b/app/models/user.rb index cd129255c..81d3d2d9c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -2,7 +2,7 @@ class User < ApplicationRecord # Include default devise modules. Others available are: # :confirmable, :lockable, :timeoutable and :omniauthable devise :database_authenticatable, :recoverable, :rememberable, :validatable, - :trackable, :registerable + :trackable belongs_to :organisation has_many :owned_case_logs, through: :organisation diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index be85834c2..abbd8b4b5 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -1,18 +1,26 @@ -<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %> +<% content_for :before_content do %> + <%= govuk_back_link( + text: 'Back', + href: :back, + ) %> +<% end %> + +<%= form_for(current_user, as: :user, url: account_update_path(), html: { method: :patch }) do |f| %>
-

Reset your password

- <%= render "devise/shared/error_messages", resource: resource %> +

Change your password

- <%= f.hidden_field :reset_password_token %> + <%= f.govuk_password_field :current_password, + label: { text: "Current password" }, + autocomplete: "current-password" + %> <%= f.govuk_password_field :password, - label: { text: "New password" }, hint: @minimum_password_length ? { text: "Your password must be at least #{@minimum_password_length} characters and hard to guess." } : nil, autocomplete: "new-password" %> - <%= f.govuk_submit "Reset password" %> + <%= f.govuk_submit "Update" %>
<% end %> diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb deleted file mode 100644 index d8fd2d9ce..000000000 --- a/app/views/devise/registrations/edit.html.erb +++ /dev/null @@ -1,26 +0,0 @@ -<% content_for :before_content do %> - <%= govuk_back_link( - text: 'Back', - href: :back, - ) %> -<% end %> - -<%= form_for(resource, as: resource_name, url: user_registration_path(), html: { method: :patch }) do |f| %> -
-
-

Change your password

- - <%= f.govuk_password_field :current_password, - label: { text: "Current password" }, - autocomplete: "current-password" - %> - - <%= f.govuk_password_field :password, - hint: @minimum_password_length ? { text: "Your password must be at least #{@minimum_password_length} characters and hard to guess." } : nil, - autocomplete: "new-password" - %> - - <%= f.govuk_submit "Update" %> -
-
-<% end %> diff --git a/app/views/devise/shared/_error_messages.html.erb b/app/views/devise/shared/_error_messages.html.erb deleted file mode 100644 index ba7ab8870..000000000 --- a/app/views/devise/shared/_error_messages.html.erb +++ /dev/null @@ -1,15 +0,0 @@ -<% if resource.errors.any? %> -
-

- <%= I18n.t("errors.messages.not_saved", - count: resource.errors.count, - resource: resource.class.model_name.human.downcase) - %> -

- -
-<% end %> diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 960a4ecbd..ce2ec84db 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -41,7 +41,7 @@ elsif component.navigation_item(text: 'Case logs', href: case_logs_path) component.navigation_item(text: 'Your organisation', href: "/organisations/#{current_user.organisation.id}") - component.navigation_item(text: 'Your account', href: users_account_path) + component.navigation_item(text: 'Your account', href: user_path(current_user)) component.navigation_item(text: 'Sign out', href: destroy_user_session_path, options: {:method => :delete}) end end diff --git a/app/views/organisations/users.html.erb b/app/views/organisations/users.html.erb index 0a6328f01..e18ab39e5 100644 --- a/app/views/organisations/users.html.erb +++ b/app/views/organisations/users.html.erb @@ -3,7 +3,7 @@ <%= "Users" %> <% end %> -<%= govuk_button_link_to "Invite user", new_user_registration_path, html: { "data-turbo" => "false", method: :get } %> +<%= govuk_button_link_to "Invite user", users_invite_organisation_path(@organisation), html: { method: :get } %> <%= govuk_table do |table| %> <%= table.head do |head| %> <%= head.row do |row| diff --git a/app/views/users/account/edit.html.erb b/app/views/users/edit.html.erb similarity index 83% rename from app/views/users/account/edit.html.erb rename to app/views/users/edit.html.erb index 0db97f6b7..1d12d702b 100644 --- a/app/views/users/account/edit.html.erb +++ b/app/views/users/edit.html.erb @@ -5,7 +5,7 @@ ) %> <% end %> -<%= form_for(current_user, as: :user, url: account_update_path(), html: { method: :patch }) do |f| %> +<%= form_for(current_user, as: :user, html: { method: :patch }) do |f| %>

Change your personal details

diff --git a/app/views/devise/registrations/new.html.erb b/app/views/users/new.html.erb similarity index 80% rename from app/views/devise/registrations/new.html.erb rename to app/views/users/new.html.erb index 3106bd105..df1c7b045 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/users/new.html.erb @@ -5,7 +5,7 @@ ) %> <% end %> -<%= form_for(resource, as: resource_name, url: user_registration_path(), html: { method: :patch }) do |f| %> +<%= form_for(@resource, as: @resource_name, url: account_create_path(), html: { method: :post }) do |f| %>
<%= f.govuk_error_summary %> @@ -19,7 +19,7 @@ <%= f.govuk_email_field :email, label: { text: "Email address" }, autocomplete: "email", - value: resource.email + value: @resource.email %> <%= f.govuk_submit "Continue" %> diff --git a/app/views/users/account/index.html.erb b/app/views/users/show.html.erb similarity index 79% rename from app/views/users/account/index.html.erb rename to app/views/users/show.html.erb index bc9ae8a89..c9988446e 100644 --- a/app/views/users/account/index.html.erb +++ b/app/views/users/show.html.erb @@ -11,19 +11,19 @@ <%= summary_list.row do |row| row.key { 'Name' } row.value { current_user.name } - row.action(visually_hidden_text: 'name', href: '/users/account/personal-details', html_attributes: { 'data-qa': 'change-name' }) + row.action(visually_hidden_text: 'name', href: edit_user_path, html_attributes: { 'data-qa': 'change-name' }) end %> <%= summary_list.row() do |row| row.key { 'Email address' } row.value { current_user.email } - row.action(visually_hidden_text: 'email address', href: '/users/account/personal-details', html_attributes: { 'data-qa': 'change-email' }) + row.action(visually_hidden_text: 'email address', href: edit_user_path, html_attributes: { 'data-qa': 'change-email' }) end %> <%= summary_list.row do |row| row.key { 'Password' } row.value { '••••••••' } - row.action(visually_hidden_text: 'password', href: edit_user_registration_path, html_attributes: { 'data-qa': 'change-password' }) + row.action(visually_hidden_text: 'password', href: edit_user_password_path, html_attributes: { 'data-qa': 'change-password' }) end %> <%= summary_list.row do |row| diff --git a/config/routes.rb b/config/routes.rb index 75910be5a..095e5ff87 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,18 +1,12 @@ Rails.application.routes.draw do devise_for :admin_users, ActiveAdmin::Devise.config devise_for :users, controllers: { - passwords: "users/passwords", - sessions: "users/sessions", - registrations: "users/registrations", - }, path_names: { sign_in: "sign-in", sign_out: "sign-out", sign_up: "invite" } + passwords: "auth/passwords", + sessions: "auth/sessions", + }, path_names: { sign_in: "sign-in", sign_out: "sign-out" } devise_scope :user do - get "user", to: "users/account#index" - get "users", to: "users/account#index" - get "users/account", to: "users/account#index" - get "confirmations/reset", to: "users/passwords#reset_confirmation" - get "users/account/personal-details", to: "users/account#edit" - patch "details", to: "users/account#update", as: "account_update" + get "confirmations/reset", to: "auth/passwords#reset_confirmation" end # For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html @@ -20,16 +14,19 @@ Rails.application.routes.draw do root to: "test#index" get "about", to: "about#index" - form_handler = FormHandler.instance - form = form_handler.get_form("2021_2022") + resources :users resources :organisations do member do get "details", to: "organisations#show" get "users", to: "organisations#users" + get "users/invite", to: "users/account#new" end end + form_handler = FormHandler.instance + form = form_handler.get_form("2021_2022") + resources :case_logs, path: "/case-logs" do collection do post "bulk-upload", to: "bulk_upload#bulk_upload" diff --git a/spec/features/organisation_spec.rb b/spec/features/organisation_spec.rb index 9ccff1168..416cb4367 100644 --- a/spec/features/organisation_spec.rb +++ b/spec/features/organisation_spec.rb @@ -32,7 +32,7 @@ RSpec.describe "User Features" do visit("/organisations/#{org_id}") click_link("Users") click_link("Invite user") - expect(page).to have_current_path("/users/invite") + expect(page).to have_current_path("/organisations/#{org_id}/users/invite") expect(page).to have_content("Invite user to submit CORE data") end end diff --git a/spec/features/user_spec.rb b/spec/features/user_spec.rb index d70e33ec8..e12c49442 100644 --- a/spec/features/user_spec.rb +++ b/spec/features/user_spec.rb @@ -96,7 +96,7 @@ RSpec.describe "User Features" do end it "tries to access account page, redirects to log in page" do - visit("/users/account") + visit("/users/#{user.id}") expect(page).to have_content("Sign in to your account to submit CORE data") end end @@ -141,41 +141,41 @@ RSpec.describe "User Features" do visit("/case-logs") expect(page).to have_link("Your account") click_link("Your account") - expect(page).to have_current_path("/users/account") + expect(page).to have_current_path("/users/#{user.id}") end it "main page is present and accessible" do - visit("/users/account") + visit("/users/#{user.id}") expect(page).to have_content("Your account") end it "personal details page is present and accessible" do - visit("/users/account/personal-details") + visit("/users/#{user.id}/edit") expect(page).to have_content("Change your personal details") end it "edit password page present and accessible" do - visit("users/edit") + visit("users/#{user.id}/password/edit") expect(page).to have_content("Change your password") end it "can navigate to change your password page from main account page" do - visit("/users/account") + visit("/users/#{user.id}") find('[data-qa="change-password"]').click expect(page).to have_content("Change your password") fill_in("user[current_password]", with: "pAssword1") fill_in("user[password]", with: "Password123!") click_button("Update") - expect(page).to have_current_path("/users/account") + expect(page).to have_current_path("/users/#{user.id}") end it "allow user to change name" do - visit("/users/account") + visit("/users/#{user.id}") find('[data-qa="change-name"]').click expect(page).to have_content("Change your personal details") fill_in("user[name]", with: "Test New") click_button("Save changes") - expect(page).to have_current_path("/users/account") + expect(page).to have_current_path("/users/#{user.id}") expect(page).to have_content("Test New") end end diff --git a/spec/requests/users/passwords_controller_spec.rb b/spec/requests/auth/passwords_controller_spec.rb similarity index 88% rename from spec/requests/users/passwords_controller_spec.rb rename to spec/requests/auth/passwords_controller_spec.rb index ac48332e1..947355298 100644 --- a/spec/requests/users/passwords_controller_spec.rb +++ b/spec/requests/auth/passwords_controller_spec.rb @@ -1,7 +1,7 @@ require "rails_helper" require_relative "../../support/devise" -RSpec.describe Users::PasswordsController, type: :request do +RSpec.describe Auth::PasswordsController, type: :request do let(:params) { { user: { email: email } } } context "when a password reset is requested for a valid email" do @@ -18,7 +18,7 @@ RSpec.describe Users::PasswordsController, type: :request do context "when a password reset is requested with an email that doesn't exist in the system" do before do - allow_any_instance_of(Users::PasswordsController).to receive(:is_navigational_format?).and_return(false) + allow_any_instance_of(Auth::PasswordsController).to receive(:is_navigational_format?).and_return(false) end let(:email) { "madeup_email@test.com" }