Oh right, hide NeoPass on settings page unless you set the magic param!

Simplified this a bit into a helper. It's kinda odd to me, but
convenient for this moment, that Rails allows views to read `params`! I
guess it's for escape hatches exactly like this! lol
This commit is contained in:
Emi Matchu 2024-04-08 05:34:47 -07:00
parent 5cc219c795
commit 0a046ed9c1
4 changed files with 6 additions and 9 deletions

View file

@ -12,7 +12,6 @@ class ApplicationController < ActionController::Base
before_action :set_locale
before_action :configure_permitted_parameters, if: :devise_controller?
before_action :check_neopass_access, if: :devise_controller?
before_action :save_return_to_path,
if: ->(c) { c.controller_name == 'sessions' && c.action_name == 'new' }
@ -88,12 +87,6 @@ class ApplicationController < ActionController::Base
devise_parameter_sanitizer.permit(:account_update, keys: [:email])
end
def check_neopass_access
@can_use_neopass = (
params[:neopass] == Rails.configuration.neopass_access_secret
)
end
def save_return_to_path
if params[:return_to]
Rails.logger.debug "Saving return_to path: #{params[:return_to].inspect}"

View file

@ -69,6 +69,10 @@ module ApplicationHelper
end
end
def can_use_neopass
params[:neopass] == Rails.configuration.neopass_access_secret
end
def contact_email
"matchu@openneo.net"
end

View file

@ -96,7 +96,7 @@
<%= form.submit "Disconnect your NeoPass",
disabled: !@auth_user.uses_password? && !@auth_user.email? %>
<% end %>
<% else %>
<% elsif can_use_neopass %>
<%= form_with url: auth_user_neopass_omniauth_authorize_path(intent: "connect"),
method: :post, class: "settings-form", data: {turbo: false} do |form|
%>

View file

@ -1,6 +1,6 @@
<h2>Log in</h2>
<% if @can_use_neopass %>
<% if can_use_neopass %>
🌟✨🌟✨🌟✨🌟✨🌟
<br />
<%= button_to "Log in with NeoPass",