From ac6f7de5badb37617885b059f814369f335b846e Mon Sep 17 00:00:00 2001 From: baarkerlounger Date: Tue, 17 May 2022 11:58:14 +0100 Subject: [PATCH] Confirmable --- .../auth/confirmations_controller.rb | 9 +++++ app/mailers/devise_notify_mailer.rb | 23 +++++++++---- app/models/user.rb | 12 ++++--- app/views/devise/confirmations/new.html.erb | 33 ++++++++++++++----- .../devise/passwords/reset_password.html.erb | 1 + config/routes.rb | 1 + .../20220517093906_add_confirmable_users.rb | 11 +++++++ db/schema.rb | 5 +++ lib/tasks/onboarding_emails.rake | 6 +--- 9 files changed, 78 insertions(+), 23 deletions(-) create mode 100644 app/controllers/auth/confirmations_controller.rb create mode 100644 db/migrate/20220517093906_add_confirmable_users.rb diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb new file mode 100644 index 000000000..4b6a37372 --- /dev/null +++ b/app/controllers/auth/confirmations_controller.rb @@ -0,0 +1,9 @@ +class Auth::ConfirmationsController < Devise::ConfirmationsController + def create + super + end + + def show + super + end +end diff --git a/app/mailers/devise_notify_mailer.rb b/app/mailers/devise_notify_mailer.rb index 3d44cbec2..0a260dc3d 100644 --- a/app/mailers/devise_notify_mailer.rb +++ b/app/mailers/devise_notify_mailer.rb @@ -13,7 +13,7 @@ class DeviseNotifyMailer < Devise::Mailer ) end - def reset_password_instructions(record, token, _opts = {}) + def personalisation(record, token) url = public_send("edit_#{record.class.name.underscore}_password_url") personalisation = { name: record.name || record.email, @@ -21,13 +21,24 @@ class DeviseNotifyMailer < Devise::Mailer organisation: record.respond_to?(:organisation) ? record.organisation.name : "", link: "#{url}?reset_password_token=#{token}", } - send_email(record.email, record.reset_password_notify_template, personalisation) end - # def confirmation_instructions(record, token, _opts = {}) - # super - # end - # + def reset_password_instructions(record, token, _opts = {}) + send_email( + record.email, + record.reset_password_notify_template, + personalisation(record, token) + ) + end + + def confirmation_instructions(record, token, _opts = {}) + send_email( + record.email, + record.confirmable_template, + personalisation(record, token) + ) + end + # def unlock_instructions(record, token, opts = {}) # super # end diff --git a/app/models/user.rb b/app/models/user.rb index 6cb41585b..5e8f0f627 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,8 +1,8 @@ class User < ApplicationRecord # Include default devise modules. Others available are: - # :confirmable, :timeoutable and :omniauthable + # :omniauthable devise :database_authenticatable, :recoverable, :rememberable, :validatable, - :trackable, :lockable, :two_factor_authenticatable + :trackable, :lockable, :two_factor_authenticatable, :confirmable, :timeoutable belongs_to :organisation has_many :owned_case_logs, through: :organisation @@ -66,10 +66,14 @@ class User < ApplicationRecord MFA_TEMPLATE_ID = "6bdf5ee1-8e01-4be1-b1f9-747061d8a24c".freeze RESET_PASSWORD_TEMPLATE_ID = "2c410c19-80a7-481c-a531-2bcb3264f8e6".freeze - SET_PASSWORD_TEMPLATE_ID = "257460a6-6616-4640-a3f9-17c3d73d9e91".freeze + CONFIRMABLE_TEMPLATE_ID = "257460a6-6616-4640-a3f9-17c3d73d9e91".freeze def reset_password_notify_template - last_sign_in_at ? RESET_PASSWORD_TEMPLATE_ID : SET_PASSWORD_TEMPLATE_ID + RESET_PASSWORD_TEMPLATE_ID + end + + def confirmable_template + CONFIRMABLE_TEMPLATE_ID end def need_two_factor_authentication?(_request) diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb index fe57a4a06..1b9ca13ea 100644 --- a/app/views/devise/confirmations/new.html.erb +++ b/app/views/devise/confirmations/new.html.erb @@ -1,15 +1,32 @@ -

Resend confirmation instructions

+<% content_for :title, "Resend invitation link" %> + +<% content_for :before_content do %> + <%= govuk_back_link( + text: "Back", + href: :back, + ) %> +<% end %> <%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %> - <%= render "devise/shared/error_messages", resource: resource %> +
+
+ <%= f.govuk_error_summary %> + +

+ <%= content_for(:title) %> +

+ +

Enter your email address to get a new invitation link.

- <%= f.govuk_email_field :email, - label: { text: "Email address" }, - autocomplete: "email", - spellcheck: "false", - value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %> + <%= f.govuk_email_field :email, + label: { text: "Email address" }, + autocomplete: "email", + spellcheck: "false", + value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %> - <%= f.govuk_submit "Resend confirmation instructions" %> + <%= f.govuk_submit "Send email" %> +
+
<% end %> <%= render "devise/shared/links" %> diff --git a/app/views/devise/passwords/reset_password.html.erb b/app/views/devise/passwords/reset_password.html.erb index 04353c7b2..6399a99d9 100644 --- a/app/views/devise/passwords/reset_password.html.erb +++ b/app/views/devise/passwords/reset_password.html.erb @@ -11,6 +11,7 @@ <%= f.hidden_field :reset_password_token %>
+ <% binding.pry %> <%= f.govuk_error_summary %>

diff --git a/config/routes.rb b/config/routes.rb index 3c8995519..f8269ed12 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -26,6 +26,7 @@ Rails.application.routes.draw do devise_for :users, { path: :account, controllers: { + confirmations: "auth/confirmations", passwords: "auth/passwords", sessions: "auth/sessions", two_factor_authentication: "auth/two_factor_authentication", diff --git a/db/migrate/20220517093906_add_confirmable_users.rb b/db/migrate/20220517093906_add_confirmable_users.rb new file mode 100644 index 000000000..46a050266 --- /dev/null +++ b/db/migrate/20220517093906_add_confirmable_users.rb @@ -0,0 +1,11 @@ +class AddConfirmableUsers < ActiveRecord::Migration[7.0] + def change + change_table :users, bulk: true do |t| + t.column :confirmation_token, :string + t.column :confirmed_at, :datetime + t.column :confirmation_sent_at, :datetime + t.string :unconfirmed_email + end + add_index :users, :confirmation_token, unique: true + end +end diff --git a/db/schema.rb b/db/schema.rb index a65c0df64..0fa555d87 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -343,6 +343,11 @@ ActiveRecord::Schema[7.0].define(version: 2022_05_18_115438) do t.datetime "direct_otp_sent_at", precision: nil t.datetime "totp_timestamp", precision: nil t.boolean "active", default: true + t.string "confirmation_token" + t.datetime "confirmed_at", precision: nil + t.datetime "confirmation_sent_at", precision: nil + t.string "unconfirmed_email" + t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true t.index ["email"], name: "index_users_on_email", unique: true t.index ["encrypted_otp_secret_key"], name: "index_users_on_encrypted_otp_secret_key", unique: true t.index ["organisation_id"], name: "index_users_on_organisation_id" diff --git a/lib/tasks/onboarding_emails.rake b/lib/tasks/onboarding_emails.rake index 6610358db..e0282ada9 100644 --- a/lib/tasks/onboarding_emails.rake +++ b/lib/tasks/onboarding_emails.rake @@ -12,11 +12,7 @@ namespace :onboarding_emails do organisation.users.each do |user| next unless URI::MailTo::EMAIL_REGEXP.match?(user.email) - onboarding_template_id = "b48bc2cd-5887-4611-8296-d0ab3ed0e7fd".freeze - token = user.send(:set_reset_password_token) - url = "#{host}/account/password/edit?reset_password_token=#{token}" - personalisation = { name: user.name || user.email, link: url } - DeviseNotifyMailer.new.send_email(user.email, onboarding_template_id, personalisation) + user.send_confirmation_instructions end end end