impress/app/controllers/neopass_connections_controller.rb

class NeoPassConnectionsController < ApplicationController
	def destroy
		@user = load_user

		if @user.disconnect_neopass
			flash[:notice] = "Your NeoPass has been disconnected. In the future, " +
				"to log into this account, you'll need to use your password or your " +
				"recovery email. You can also connect a different NeoPass, if you'd " +
				"like."
		else
			flash[:alert] = "Whoops, there was an error disconnecting your " +
				"NeoPass from your account, sorry. If this keeps happening, let us " +
				"know!"
		end

		redirect_to edit_auth_user_path
	end

	private

	def load_user
		# Well, what we *actually* do is just use `current_user`, and enforce that
		# the provided user ID matches. The user ID param is only really for REST
		# semantics and such!
		raise AccessDenied unless user_signed_in?
		raise AccessDenied unless current_user.id == params[:user_id].to_i
		current_user
	end
end
Use Neopets username as base name for new NeoPass accounts, if possible Yay, we got the API endpoint for this! The `linkage` scope is the key. Rather than pulling back the specific fallback behavior we had wrote for usernames before, which was slightly different and involved appending `neopass` in there too (e.g. `matchu-neopass-1234`), I figured let's just use a lot of the same logic, and just use the preferred name as the base name. (I figure the `neopass` suffix isn't that useful anyway, `matchu-1234` kinda looks better tbh! And it's all fallback stuff that I expect serious users to replace, anyway.) 2024-04-09 07:48:13 -07:00			`class NeoPassConnectionsController < ApplicationController`
Add form to disconnect NeoPass Can't connect it back yet! But you can disconnect it! :3 2024-04-07 07:52:23 -07:00			`def destroy`
			`@user = load_user`

			`if @user.disconnect_neopass`
			`flash[:notice] = "Your NeoPass has been disconnected. In the future, " +`
			`"to log into this account, you'll need to use your password or your " +`
			`"recovery email. You can also connect a different NeoPass, if you'd " +`
			`"like."`
			`else`
			`flash[:alert] = "Whoops, there was an error disconnecting your " +`
			`"NeoPass from your account, sorry. If this keeps happening, let us " +`
			`"know!"`
			`end`

Oops, fix a redirect URL I missed when ejecting from Devise controller 2024-04-08 04:32:34 -07:00			`redirect_to edit_auth_user_path`
Add form to disconnect NeoPass Can't connect it back yet! But you can disconnect it! :3 2024-04-07 07:52:23 -07:00			`end`

			`private`

			`def load_user`
			# Well, what we actually do is just use `current_user`, and enforce that
			`# the provided user ID matches. The user ID param is only really for REST`
			`# semantics and such!`
			`raise AccessDenied unless user_signed_in?`
Oops, fix bug for authorizing the NeoPass disconnect endpoint Ahh right, in development `User` and `AuthUser` will have the same ID, but that got messed up early on for us in production DTI 😅 Here, we switch the form to reference the `User` instead of the `AuthUser` (to get the ID right), then we also change how we compare the IDs, because `User#to_param` appends extra text onto the ID after the number! 2024-04-07 08:11:22 -07:00			`raise AccessDenied unless current_user.id == params[:user_id].to_i`
Add form to disconnect NeoPass Can't connect it back yet! But you can disconnect it! :3 2024-04-07 07:52:23 -07:00			`current_user`
			`end`
			`end`