Add form to disconnect NeoPass

Can't connect it back yet! But you can disconnect it! :3
This commit is contained in:
Emi Matchu 2024-04-07 07:52:23 -07:00
parent 21b967f83d
commit 88a2688ac8
6 changed files with 62 additions and 6 deletions

View file

@ -53,6 +53,3 @@
.neopass-explanation
font-size: .85em
p:last-of-type
margin-bottom: 0

View file

@ -0,0 +1,29 @@
class NeopassConnectionsController < ApplicationController
def destroy
@user = load_user
if @user.disconnect_neopass
flash[:notice] = "Your NeoPass has been disconnected. In the future, " +
"to log into this account, you'll need to use your password or your " +
"recovery email. You can also connect a different NeoPass, if you'd " +
"like."
else
flash[:alert] = "Whoops, there was an error disconnecting your " +
"NeoPass from your account, sorry. If this keeps happening, let us " +
"know!"
end
redirect_to edit_auth_user_registration_path
end
private
def load_user
# Well, what we *actually* do is just use `current_user`, and enforce that
# the provided user ID matches. The user ID param is only really for REST
# semantics and such!
raise AccessDenied unless user_signed_in?
raise AccessDenied unless current_user.id.to_s == params[:user_id]
current_user
end
end

View file

@ -48,6 +48,27 @@ class AuthUser < AuthRecord
neopass_email || uid
end
def disconnect_neopass
# If there's no NeoPass, we're already done!
return true if !neopass?
begin
# Remove all of the NeoPass fields, and return whether we were
# successful. (I don't know why it wouldn't be, but let's be resilient!)
#
# NOTE: I considered leaving `neopass_email` in place, to help us support
# users who accidentally got locked out… but I think it's more
# important to respect data privacy and not be holding onto an
# email address the user doesn't realize we have!
update(provider: nil, uid: nil, neopass_email: nil)
rescue => error
# If something strange happens, log it and gracefully return `false`!
Sentry.capture_exception error
Rails.logger.error error
false
end
end
def self.from_omniauth(auth)
raise MissingAuthInfoError, "Email missing" if auth.info.email.blank?

View file

@ -4,7 +4,7 @@ class User < ApplicationRecord
PreviewTopContributorsCount = 3
belongs_to :auth_user, foreign_key: :remote_id, inverse_of: :user
delegate :neopass?, to: :auth_user
delegate :neopass?, :disconnect_neopass, to: :auth_user
has_many :closet_hangers
has_many :closet_lists

View file

@ -53,8 +53,14 @@
<% end %>
<% if resource.neopass? %>
<%= form_with model: resource, url: registration_path(resource_name),
html: { method: :put, class: "settings-form" } do |form| %>
<%= form_with url: user_neopass_connection_path(resource), method: :delete,
class: "settings-form", data: {
turbo_confirm: "Are you sure? Without a NeoPass, you'll need to use " +
"your password or your recovery email \"#{resource.email}\" to " +
"log in again.\n\nMake sure you have everything all set up first! " +
"Otherwise, you might be locked out of this account forever!"
} do |form|
%>
<h2>Your NeoPass</h2>
<section class="neopass-info">
<strong>
@ -70,6 +76,7 @@
Impress account, using the Email saved in "Your info".
</p>
</section>
<%= form.submit "Disconnect your NeoPass" %>
<% end %>
<% end %>

View file

@ -66,6 +66,8 @@ OpenneoImpressItems::Application.routes.draw do
resources :neopets_connections, path: 'neopets-connections',
only: [:create, :destroy]
resource :neopass_connection, path: "neopass-connection", only: [:destroy]
end
get 'users/current-user/closet' => 'closet_hangers#index', :as => :your_items