From 313be0e30470757295ea934245ea8d6ee0745b80 Mon Sep 17 00:00:00 2001 From: baarkerlounger <5101747+baarkerlounger@users.noreply.github.com> Date: Thu, 2 Dec 2021 12:07:57 +0000 Subject: [PATCH] Invite new user (#134) * Clean up user routes * Make user registerable * Merge * Turbo devise strikes again * URL naming * Dashes not underscores * Consistent syntax * Turning off turbo changes our html * Update password link not working yet * New user path * Password edit path * Updating password keeps you signed in and redirects to show * Set new user org * Write a failing spec for user creation * Reset user password and redirect back to org users page * Test redirect * Use invite template * Request specs over feature specs * Add email validation --- .../{users => auth}/passwords_controller.rb | 2 +- .../{users => auth}/sessions_controller.rb | 2 +- app/controllers/users/account_controller.rb | 25 ---------- .../users/registrations_controller.rb | 7 --- app/controllers/users_controller.rb | 50 +++++++++++++++++++ .../_password_change_forgotten.html.erb | 8 +++ .../mailer/_password_change_initial.html.erb | 6 +++ .../reset_password_instructions.html.erb | 13 ++--- app/views/devise/passwords/edit.html.erb | 18 ------- app/views/devise/registrations/new.html.erb | 23 --------- .../devise/shared/_error_messages.html.erb | 15 ------ app/views/layouts/application.html.erb | 2 +- app/views/organisations/users.html.erb | 2 +- ...ersonal_details.html.erb => edit.html.erb} | 2 +- .../edit_password.html.erb} | 2 +- app/views/users/new.html.erb | 28 +++++++++++ .../{account/index.html.erb => show.html.erb} | 6 +-- config/routes.rb | 29 +++++------ db/schema.rb | 2 +- spec/features/organisation_spec.rb | 14 ++++++ spec/features/user_spec.rb | 46 +++++++++-------- .../passwords_controller_spec.rb | 6 +-- .../requests/organisations_controller_spec.rb | 5 +- spec/requests/user_controller_spec.rb | 41 +++++++++++++++ 24 files changed, 207 insertions(+), 147 deletions(-) rename app/controllers/{users => auth}/passwords_controller.rb (94%) rename app/controllers/{users => auth}/sessions_controller.rb (90%) delete mode 100644 app/controllers/users/account_controller.rb delete mode 100644 app/controllers/users/registrations_controller.rb create mode 100644 app/controllers/users_controller.rb create mode 100644 app/views/devise/mailer/_password_change_forgotten.html.erb create mode 100644 app/views/devise/mailer/_password_change_initial.html.erb delete mode 100644 app/views/devise/passwords/edit.html.erb delete mode 100644 app/views/devise/registrations/new.html.erb delete mode 100644 app/views/devise/shared/_error_messages.html.erb rename app/views/users/{account/personal_details.html.erb => edit.html.erb} (83%) rename app/views/{devise/registrations/edit.html.erb => users/edit_password.html.erb} (86%) create mode 100644 app/views/users/new.html.erb rename app/views/users/{account/index.html.erb => show.html.erb} (75%) rename spec/requests/{users => auth}/passwords_controller_spec.rb (84%) create mode 100644 spec/requests/user_controller_spec.rb diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb similarity index 94% rename from app/controllers/users/passwords_controller.rb rename to app/controllers/auth/passwords_controller.rb index 6517b6581..0f6e1c9b0 100644 --- a/app/controllers/users/passwords_controller.rb +++ b/app/controllers/auth/passwords_controller.rb @@ -1,4 +1,4 @@ -class Users::PasswordsController < Devise::PasswordsController +class Auth::PasswordsController < Devise::PasswordsController include Helpers::Email def reset_confirmation diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb similarity index 90% rename from app/controllers/users/sessions_controller.rb rename to app/controllers/auth/sessions_controller.rb index f81f8fb05..a117aecff 100644 --- a/app/controllers/users/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -1,4 +1,4 @@ -class Users::SessionsController < Devise::SessionsController +class Auth::SessionsController < Devise::SessionsController include Helpers::Email def create diff --git a/app/controllers/users/account_controller.rb b/app/controllers/users/account_controller.rb deleted file mode 100644 index ccbc9cc31..000000000 --- a/app/controllers/users/account_controller.rb +++ /dev/null @@ -1,25 +0,0 @@ -class Users::AccountController < ApplicationController - def check_logged_in - if current_user.nil? - redirect_to(new_user_session_path) - end - end - - def index - check_logged_in - end - - def personal_details - check_logged_in - end - - def update - if current_user.update(user_params) - redirect_to(users_account_path) - end - end - - def user_params - params.require(:user).permit(:email, :name, :password) - end -end diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb deleted file mode 100644 index 985099900..000000000 --- a/app/controllers/users/registrations_controller.rb +++ /dev/null @@ -1,7 +0,0 @@ -class Users::RegistrationsController < Devise::RegistrationsController -protected - - def after_update_path_for(_resource) - users_account_path - end -end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb new file mode 100644 index 000000000..2f6da5342 --- /dev/null +++ b/app/controllers/users_controller.rb @@ -0,0 +1,50 @@ +class UsersController < ApplicationController + include Devise::Controllers::SignInOut + include Helpers::Email + before_action :authenticate_user! + + def update + if current_user.update(user_params) + bypass_sign_in current_user + redirect_to user_path(current_user) + end + end + + def new + @resource = User.new + end + + def create + @resource = User.new + if user_params["email"].empty? + @resource.errors.add :email, "Enter an email address" + elsif !email_valid?(user_params["email"]) + @resource.errors.add :email, "Enter an email address in the correct format, like name@example.com" + end + if @resource.errors.present? + render :new, status: :unprocessable_entity + else + @user = User.create!(user_params.merge(org_params).merge(password_params)) + @user.send_reset_password_instructions + redirect_to users_organisation_path(current_user.organisation) + end + end + + def edit_password + render :edit_password + end + +private + + def password_params + { password: SecureRandom.hex(8) } + end + + def org_params + { organisation: current_user.organisation } + end + + def user_params + params.require(:user).permit(:email, :name, :password) + end +end diff --git a/app/views/devise/mailer/_password_change_forgotten.html.erb b/app/views/devise/mailer/_password_change_forgotten.html.erb new file mode 100644 index 000000000..894cbda1d --- /dev/null +++ b/app/views/devise/mailer/_password_change_forgotten.html.erb @@ -0,0 +1,8 @@ +
Hello <%= @resource.email %>!
+ +Someone has requested a link to change your password. You can do this through the link below.
+ +<%= govuk_link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>
+ +If you didn't request this, please ignore this email.
+Your password won't change until you access the link above and create a new one.
diff --git a/app/views/devise/mailer/_password_change_initial.html.erb b/app/views/devise/mailer/_password_change_initial.html.erb new file mode 100644 index 000000000..6645c7c77 --- /dev/null +++ b/app/views/devise/mailer/_password_change_initial.html.erb @@ -0,0 +1,6 @@ +Hello <%= @resource.name %>!
+ +An account has been created for you to submit CORE data on behalf of @resource.organisation.
+ +Your username is <% @resource.email %>, use the link below to set your password. +
<%= govuk_link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>
diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb index 894cbda1d..dd4412b35 100644 --- a/app/views/devise/mailer/reset_password_instructions.html.erb +++ b/app/views/devise/mailer/reset_password_instructions.html.erb @@ -1,8 +1,5 @@ -Hello <%= @resource.email %>!
- -Someone has requested a link to change your password. You can do this through the link below.
- -<%= govuk_link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>
- -If you didn't request this, please ignore this email.
-Your password won't change until you access the link above and create a new one.
+<% if @resource.last_sign_in_at.nil? %> + <%= render partial: "password_change_initial" %> +<% else %> + <%= render partial: "password_change_forgotten" %> +<% end %> diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb deleted file mode 100644 index be85834c2..000000000 --- a/app/views/devise/passwords/edit.html.erb +++ /dev/null @@ -1,18 +0,0 @@ -<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %> -