From ae2b62956ae31a3a22e165a9997f4698d19ef0eb Mon Sep 17 00:00:00 2001 From: Emi Matchu Date: Mon, 8 Apr 2024 04:02:54 -0700 Subject: [PATCH] Eject AuthUsersController from the default Devise controller I'm getting ready to add handling for "what if you don't *have* a current password*??", so it seems like the right way to do that is to just eject the controller and start customizing! --- .../registrations => auth_users}/edit.sass | 4 +- app/controllers/auth_users_controller.rb | 50 +++++++++++++++++++ .../edit.html.erb | 24 ++++----- .../registrations => auth_users}/new.html.erb | 4 +- app/views/devise/shared/_links.html.erb | 18 ++----- app/views/layouts/application.html.haml | 2 +- config/routes.rb | 4 +- 7 files changed, 75 insertions(+), 31 deletions(-) rename app/assets/stylesheets/{devise/registrations => auth_users}/edit.sass (89%) create mode 100644 app/controllers/auth_users_controller.rb rename app/views/{devise/registrations => auth_users}/edit.html.erb (78%) rename app/views/{devise/registrations => auth_users}/new.html.erb (88%) diff --git a/app/assets/stylesheets/devise/registrations/edit.sass b/app/assets/stylesheets/auth_users/edit.sass similarity index 89% rename from app/assets/stylesheets/devise/registrations/edit.sass rename to app/assets/stylesheets/auth_users/edit.sass index 4d22860f..68e86ec7 100644 --- a/app/assets/stylesheets/devise/registrations/edit.sass +++ b/app/assets/stylesheets/auth_users/edit.sass @@ -1,6 +1,6 @@ -@import "../../partials/clean/constants" +@import "../partials/clean/constants" -body.devise-registrations-edit, body.devise-registrations-update +body.auth_users-edit, body.auth_users-update .settings-form border: 1px solid $module-border-color background: $module-bg-color diff --git a/app/controllers/auth_users_controller.rb b/app/controllers/auth_users_controller.rb new file mode 100644 index 00000000..befa40d3 --- /dev/null +++ b/app/controllers/auth_users_controller.rb @@ -0,0 +1,50 @@ +class AuthUsersController < ApplicationController + before_action :authenticate_user!, except: [:new, :create] + + def create + @auth_user = AuthUser.create(auth_user_params) + + if @auth_user.persisted? + sign_in :auth_user, @auth_user + flash[:notice] = "Welcome to Dress to Impress, #{@auth_user.name}! 💖" + redirect_to root_path + else + render action: :new, status: :unprocessable_entity + end + end + + def edit + @auth_user = current_auth_user + end + + def new + @auth_user = AuthUser.new + end + + def update + @auth_user = load_auth_user + + if @auth_user.update_with_password(auth_user_params) + flash[:notice] = "Settings successfully saved." + redirect_to action: :edit + else + render action: :edit, status: :unprocessable_entity + end + end + + private + + def auth_user_params + params.require(:auth_user).permit(:name, :email, :password, + :password_confirmation, :current_password) + end + + def load_auth_user + # Well, what we *actually* do is just use `current_auth_user`, and enforce + # that the provided user ID matches. The user ID param is only really for + # REST semantics and such! + raise AccessDenied unless auth_user_signed_in? + raise AccessDenied unless current_auth_user.id == params[:id].to_i + current_auth_user + end +end diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/auth_users/edit.html.erb similarity index 78% rename from app/views/devise/registrations/edit.html.erb rename to app/views/auth_users/edit.html.erb index 68857d5f..a7eec3ec 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/auth_users/edit.html.erb @@ -1,8 +1,8 @@

Settings

-<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put, class: "settings-form" }) do |f| %> +<%= form_with(model: @auth_user, method: :put, class: "settings-form") do |f| %>

Your info

- <%= render "devise/shared/error_messages", resource: resource %> + <%= render "devise/shared/error_messages", resource: @auth_user %>
@@ -52,11 +52,11 @@
<% end %> -<% if resource.uses_neopass? %> - <%= form_with url: user_neopass_connection_path(resource.user), method: :delete, - class: "settings-form", data: { +<% if @auth_user.uses_neopass? %> + <%= form_with url: user_neopass_connection_path(@auth_user.user), + method: :delete, class: "settings-form", data: { turbo_confirm: "Are you sure? Without a NeoPass, you'll need to use " + - "your password or your recovery email \"#{resource.email}\" to " + + "your password or your recovery email \"#{@auth_user.email}\" to " + "log in again.\n\nMake sure you have everything all set up first! " + "Otherwise, you might be locked out of this account forever!" } do |form| @@ -66,7 +66,7 @@ NeoPass ID: - <%= resource.neopass_friendly_id %> + <%= @auth_user.neopass_friendly_id %>

@@ -75,26 +75,26 @@ you can still use "Forgot your password?" to recover your Dress to Impress account, using the Email saved in "Your info".

- <% if !resource.uses_password? && !resource.email %> + <% if !@auth_user.uses_password? && !@auth_user.email %>

You can't remove this NeoPass yet, because you need to either set a password or a recovery email first. (Ideally both!)

- <% elsif !resource.uses_password? %> + <% elsif !@auth_user.uses_password? %>

Be extra careful here! Your account doesn't have a password set.

- <% elsif !resource.email? %> + <% elsif !@auth_user.email? %>

Be extra careful here! Your account doesn't have an email set.

<% end %>
<%= form.submit "Disconnect your NeoPass", - disabled: !resource.uses_password? && !resource.email? %> + disabled: !@auth_user.uses_password? && !@auth_user.email? %> <% end %> <% end %> <% content_for :stylesheets do %> - <%= stylesheet_link_tag "devise/registrations/edit" %> + <%= stylesheet_link_tag "auth_users/edit" %> <% end %> diff --git a/app/views/devise/registrations/new.html.erb b/app/views/auth_users/new.html.erb similarity index 88% rename from app/views/devise/registrations/new.html.erb rename to app/views/auth_users/new.html.erb index 6a9a9f0b..a29ef1e4 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/auth_users/new.html.erb @@ -1,7 +1,7 @@

Sign up

-<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %> - <%= render "devise/shared/error_messages", resource: resource %> +<%= form_with(model: @auth_user, method: :post) do |f| %> + <%= render "devise/shared/error_messages", resource: @auth_user %>

Choose a username, and an email address we can use to reset your password. diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb index 933dda99..06058f33 100644 --- a/app/views/devise/shared/_links.html.erb +++ b/app/views/devise/shared/_links.html.erb @@ -1,19 +1,11 @@ <%- if controller_name != 'sessions' %> - <%= link_to "Log in", new_session_path(resource_name) %>
+ <%= link_to "Log in", new_auth_user_session_path %>
<% end %> -<%- if devise_mapping.registerable? && controller_name != 'registrations' %> - <%= link_to "Sign up", new_registration_path(resource_name) %>
+<%- if controller_name != 'auth_users' %> + <%= link_to "Sign up", new_auth_user_path %>
<% end %> -<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %> - <%= link_to "Forgot your password?", new_password_path(resource_name) %>
-<% end %> - -<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %> - <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>
-<% end %> - -<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %> - <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>
+<%- if controller_name != 'passwords' && controller_name != 'registrations' %> + <%= link_to "Forgot your password?", new_auth_user_password_path %>
<% end %> diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index 50fa6fd6..7584f938 100644 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -49,7 +49,7 @@ = userbar_contributions_summary(current_user) = link_to t('.userbar.items'), user_closet_hangers_path(current_user), :id => 'userbar-items-link' = link_to t('.userbar.outfits'), current_user_outfits_path - = link_to t('.userbar.settings'), edit_auth_user_registration_path + = link_to t('.userbar.settings'), edit_auth_user_path = button_to t('.userbar.logout'), destroy_auth_user_session_path, method: :delete, params: {return_to: request.fullpath} - else diff --git a/config/routes.rb b/config/routes.rb index cc41e4ac..240cf790 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -2,7 +2,9 @@ OpenneoImpressItems::Application.routes.draw do root :to => 'outfits#new' # Login and account management! - devise_for :auth_users, path: "users" + devise_for :auth_users, path: "users", skip: [:registrations] + resources :auth_users, only: [:new, :create, :update] + get '/users/edit', to: 'auth_users#edit', as: 'edit_auth_user' # The outfit editor! # TODO: It's a bit silly that outfits/new points to outfits#edit.