reset confirmed_at, password and sign in count when deactivated. Send reactivation email if user has previously logged in

3 years ago · 28eabd3144
3 changed files with 23 additions and 4 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -41,8 +41,14 @@ class UsersController < ApplicationController
        flash[:notice] = I18n.t("devise.passwords.updated") if user_params.key?("password")
        redirect_to account_path
      else
-        flash[:notice] = I18n.t("devise.activation.deactivated", user_name: @user.name) if user_params[:active] == "false"
-        flash[:notice] = I18n.t("devise.activation.reactivated", user_name: @user.name) if user_params[:active] == "true"
+        case user_params[:active]
+        when "false"
+          @user.update!(confirmed_at: nil, sign_in_count: 0, encrypted_password: "")
+          flash[:notice] = I18n.t("devise.activation.deactivated", user_name: @user.name)
+        when "true"
+          @user.send_confirmation_instructions
+          flash[:notice] = I18n.t("devise.activation.reactivated", user_name: @user.name)
+        end
        redirect_to user_path(@user)
      end
    elsif user_params.key?("password")
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -73,13 +73,16 @@ class User < ApplicationRecord
  RESET_PASSWORD_TEMPLATE_ID = "2c410c19-80a7-481c-a531-2bcb3264f8e6".freeze
  CONFIRMABLE_TEMPLATE_ID = "257460a6-6616-4640-a3f9-17c3d73d9e91".freeze
  BETA_ONBOARDING_TEMPLATE_ID = "b48bc2cd-5887-4611-8296-d0ab3ed0e7fd".freeze
+  USER_REACTIVATED_TEMPLATE_ID = "ac45a899-490e-4f59-ae8d-1256fc0001f9".freeze

  def reset_password_notify_template
    RESET_PASSWORD_TEMPLATE_ID
  end

  def confirmable_template
-    if was_migrated_from_softwire?
+    if last_sign_in_at.present?
+      USER_REACTIVATED_TEMPLATE_ID
+    elsif was_migrated_from_softwire?
      BETA_ONBOARDING_TEMPLATE_ID
    else
      CONFIRMABLE_TEMPLATE_ID
--- a/spec/features/user_spec.rb
+++ b/spec/features/user_spec.rb
@ -407,9 +407,18 @@ RSpec.describe "User Features" do

    context "when reactivating a user" do
      let!(:user) { FactoryBot.create(:user, :data_coordinator, last_sign_in_at: Time.zone.now) }
-      let!(:other_user) { FactoryBot.create(:user, name: "Other name", active: false, organisation: user.organisation) }
+      let!(:other_user) { FactoryBot.create(:user, name: "Other name", active: false, organisation: user.organisation, last_sign_in_at: Time.zone.now) }
+      let(:personalisation) do
+        {
+          name: other_user.name,
+          email: other_user.email,
+          organisation: other_user.organisation.name,
+          link: include("/account/confirmation?confirmation_token=#{other_user.confirmation_token}"),
+        }
+      end

      before do
+        other_user.update!(confirmation_token: "abc")
        visit("/logs")
        fill_in("user[email]", with: user.email)
        fill_in("user[password]", with: "pAssword1")
@ -426,6 +435,7 @@ RSpec.describe "User Features" do
      end

      it "allows to reactivate the user" do
+        expect(notify_client).to receive(:send_email).with(email_address: other_user.email, template_id: User::USER_REACTIVATED_TEMPLATE_ID, personalisation:).once
        click_button("I’m sure - reactivate this user")
        expect(page).to have_current_path("/users/#{other_user.id}")
        expect(page).to have_no_content("This user has been deactivated.")