From 0a046ed9c1aaa68656083d506dd95f55e091403f Mon Sep 17 00:00:00 2001
From: Emi Matchu <emi@matchu.dev>
Date: Mon, 8 Apr 2024 05:34:47 -0700
Subject: [PATCH] Oh right, hide NeoPass on settings page unless you set the
 magic param!

Simplified this a bit into a helper. It's kinda odd to me, but
convenient for this moment, that Rails allows views to read `params`! I
guess it's for escape hatches exactly like this! lol
---
 app/controllers/application_controller.rb | 7 -------
 app/helpers/application_helper.rb         | 4 ++++
 app/views/auth_users/edit.html.erb        | 2 +-
 app/views/devise/sessions/new.html.erb    | 2 +-
 4 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1c35d994..f6628297 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -12,7 +12,6 @@ class ApplicationController < ActionController::Base
   before_action :set_locale
 
   before_action :configure_permitted_parameters, if: :devise_controller?
-  before_action :check_neopass_access, if: :devise_controller?
   before_action :save_return_to_path,
     if: ->(c) { c.controller_name == 'sessions' && c.action_name == 'new' }
 
@@ -88,12 +87,6 @@ class ApplicationController < ActionController::Base
     devise_parameter_sanitizer.permit(:account_update, keys: [:email])
   end
 
-  def check_neopass_access
-    @can_use_neopass = (
-      params[:neopass] == Rails.configuration.neopass_access_secret
-    )
-  end
-
   def save_return_to_path
     if params[:return_to]
       Rails.logger.debug "Saving return_to path: #{params[:return_to].inspect}"
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 73a9cf9c..5185e79e 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -69,6 +69,10 @@ module ApplicationHelper
     end
   end
 
+  def can_use_neopass
+    params[:neopass] == Rails.configuration.neopass_access_secret
+  end
+
   def contact_email
     "matchu@openneo.net"
   end
diff --git a/app/views/auth_users/edit.html.erb b/app/views/auth_users/edit.html.erb
index f6154033..839c0a3f 100644
--- a/app/views/auth_users/edit.html.erb
+++ b/app/views/auth_users/edit.html.erb
@@ -96,7 +96,7 @@
     <%= form.submit "Disconnect your NeoPass",
         disabled: !@auth_user.uses_password? && !@auth_user.email? %>
   <% end %>
-<% else %>
+<% elsif can_use_neopass %>
   <%= form_with url: auth_user_neopass_omniauth_authorize_path(intent: "connect"),
       method: :post, class: "settings-form", data: {turbo: false} do |form|
   %>
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb
index 996e6a1b..87928f91 100644
--- a/app/views/devise/sessions/new.html.erb
+++ b/app/views/devise/sessions/new.html.erb
@@ -1,6 +1,6 @@
 <h2>Log in</h2>
 
-<% if @can_use_neopass %>
+<% if can_use_neopass %>
   🌟✨🌟✨🌟✨🌟✨🌟
   <br />
   <%= button_to "Log in with NeoPass",