diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb similarity index 94% rename from app/controllers/users/passwords_controller.rb rename to app/controllers/auth/passwords_controller.rb index 6517b6581..0f6e1c9b0 100644 --- a/app/controllers/users/passwords_controller.rb +++ b/app/controllers/auth/passwords_controller.rb @@ -1,4 +1,4 @@ -class Users::PasswordsController < Devise::PasswordsController +class Auth::PasswordsController < Devise::PasswordsController include Helpers::Email def reset_confirmation diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb similarity index 90% rename from app/controllers/users/sessions_controller.rb rename to app/controllers/auth/sessions_controller.rb index f81f8fb05..a117aecff 100644 --- a/app/controllers/users/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -1,4 +1,4 @@ -class Users::SessionsController < Devise::SessionsController +class Auth::SessionsController < Devise::SessionsController include Helpers::Email def create diff --git a/app/controllers/users/account_controller.rb b/app/controllers/users/account_controller.rb deleted file mode 100644 index ccbc9cc31..000000000 --- a/app/controllers/users/account_controller.rb +++ /dev/null @@ -1,25 +0,0 @@ -class Users::AccountController < ApplicationController - def check_logged_in - if current_user.nil? - redirect_to(new_user_session_path) - end - end - - def index - check_logged_in - end - - def personal_details - check_logged_in - end - - def update - if current_user.update(user_params) - redirect_to(users_account_path) - end - end - - def user_params - params.require(:user).permit(:email, :name, :password) - end -end diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb deleted file mode 100644 index 985099900..000000000 --- a/app/controllers/users/registrations_controller.rb +++ /dev/null @@ -1,7 +0,0 @@ -class Users::RegistrationsController < Devise::RegistrationsController -protected - - def after_update_path_for(_resource) - users_account_path - end -end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb new file mode 100644 index 000000000..2f6da5342 --- /dev/null +++ b/app/controllers/users_controller.rb @@ -0,0 +1,50 @@ +class UsersController < ApplicationController + include Devise::Controllers::SignInOut + include Helpers::Email + before_action :authenticate_user! + + def update + if current_user.update(user_params) + bypass_sign_in current_user + redirect_to user_path(current_user) + end + end + + def new + @resource = User.new + end + + def create + @resource = User.new + if user_params["email"].empty? + @resource.errors.add :email, "Enter an email address" + elsif !email_valid?(user_params["email"]) + @resource.errors.add :email, "Enter an email address in the correct format, like name@example.com" + end + if @resource.errors.present? + render :new, status: :unprocessable_entity + else + @user = User.create!(user_params.merge(org_params).merge(password_params)) + @user.send_reset_password_instructions + redirect_to users_organisation_path(current_user.organisation) + end + end + + def edit_password + render :edit_password + end + +private + + def password_params + { password: SecureRandom.hex(8) } + end + + def org_params + { organisation: current_user.organisation } + end + + def user_params + params.require(:user).permit(:email, :name, :password) + end +end diff --git a/app/views/devise/mailer/_password_change_forgotten.html.erb b/app/views/devise/mailer/_password_change_forgotten.html.erb new file mode 100644 index 000000000..894cbda1d --- /dev/null +++ b/app/views/devise/mailer/_password_change_forgotten.html.erb @@ -0,0 +1,8 @@ +
Hello <%= @resource.email %>!
+ +Someone has requested a link to change your password. You can do this through the link below.
+ +<%= govuk_link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>
+ +If you didn't request this, please ignore this email.
+Your password won't change until you access the link above and create a new one.
diff --git a/app/views/devise/mailer/_password_change_initial.html.erb b/app/views/devise/mailer/_password_change_initial.html.erb new file mode 100644 index 000000000..6645c7c77 --- /dev/null +++ b/app/views/devise/mailer/_password_change_initial.html.erb @@ -0,0 +1,6 @@ +Hello <%= @resource.name %>!
+ +An account has been created for you to submit CORE data on behalf of @resource.organisation.
+ +Your username is <% @resource.email %>, use the link below to set your password. +
<%= govuk_link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>
diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb index 894cbda1d..dd4412b35 100644 --- a/app/views/devise/mailer/reset_password_instructions.html.erb +++ b/app/views/devise/mailer/reset_password_instructions.html.erb @@ -1,8 +1,5 @@ -Hello <%= @resource.email %>!
- -Someone has requested a link to change your password. You can do this through the link below.
- -<%= govuk_link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>
- -If you didn't request this, please ignore this email.
-Your password won't change until you access the link above and create a new one.
+<% if @resource.last_sign_in_at.nil? %> + <%= render partial: "password_change_initial" %> +<% else %> + <%= render partial: "password_change_forgotten" %> +<% end %> diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb deleted file mode 100644 index be85834c2..000000000 --- a/app/views/devise/passwords/edit.html.erb +++ /dev/null @@ -1,18 +0,0 @@ -<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %> -