Eject AuthUsersController from the default Devise controller

I'm getting ready to add handling for "what if you don't *have* a
current password*??", so it seems like the right way to do that is to
just eject the controller and start customizing!

app/assets/stylesheets/auth_users/edit.sass

@@ -1,6 +1,6 @@
-@import "../../partials/clean/constants"
+@import "../partials/clean/constants"
 
-body.devise-registrations-edit, body.devise-registrations-update
+body.auth_users-edit, body.auth_users-update
 	.settings-form
 		border: 1px solid $module-border-color
 		background: $module-bg-color

app/controllers/auth_users_controller.rb

@@ -0,0 +1,50 @@
+class AuthUsersController < ApplicationController
+	before_action :authenticate_user!, except: [:new, :create]
+
+	def create
+		@auth_user = AuthUser.create(auth_user_params)
+
+		if @auth_user.persisted?
+			sign_in :auth_user, @auth_user
+			flash[:notice] = "Welcome to Dress to Impress, #{@auth_user.name}! 💖"
+			redirect_to root_path
+		else
+			render action: :new, status: :unprocessable_entity
+		end
+	end
+
+	def edit
+		@auth_user = current_auth_user
+	end
+
+	def new
+		@auth_user = AuthUser.new
+	end
+
+	def update
+		@auth_user = load_auth_user
+
+		if @auth_user.update_with_password(auth_user_params)
+			flash[:notice] = "Settings successfully saved."
+			redirect_to action: :edit
+		else
+			render action: :edit, status: :unprocessable_entity
+		end
+	end
+
+	private
+
+	def auth_user_params
+		params.require(:auth_user).permit(:name, :email, :password,
+			:password_confirmation, :current_password)
+	end
+
+	def load_auth_user
+		# Well, what we *actually* do is just use `current_auth_user`, and enforce
+		# that the provided user ID matches. The user ID param is only really for
+		# REST semantics and such!
+		raise AccessDenied unless auth_user_signed_in?
+		raise AccessDenied unless current_auth_user.id == params[:id].to_i
+		current_auth_user
+	end
+end

app/views/auth_users/edit.html.erb

@@ -1,8 +1,8 @@
 <h2>Settings</h2>
 
-<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put, class: "settings-form" }) do |f| %>
+<%= form_with(model: @auth_user, method: :put, class: "settings-form") do |f| %>
   <h2>Your info</h2>
-  <%= render "devise/shared/error_messages", resource: resource %>
+  <%= render "devise/shared/error_messages", resource: @auth_user %>
 
   <fieldset>
     <div class="field">
@@ -52,11 +52,11 @@
   </div>
 <% end %>
 
-<% if resource.uses_neopass? %>
+<% if @auth_user.uses_neopass? %>
-  <%= form_with url: user_neopass_connection_path(resource.user), method: :delete,
+  <%= form_with url: user_neopass_connection_path(@auth_user.user),
-      class: "settings-form", data: {
+      method: :delete, class: "settings-form", data: {
         turbo_confirm: "Are you sure? Without a NeoPass, you'll need to use " +
-          "your password or your recovery email \"#{resource.email}\" to " +
+          "your password or your recovery email \"#{@auth_user.email}\" to " +
           "log in again.\n\nMake sure you have everything all set up first! " +
           "Otherwise, you might be locked out of this account forever!"
       } do |form|
@@ -66,7 +66,7 @@
       <strong>
         NeoPass ID:
       </strong>
-      <%= resource.neopass_friendly_id %>
+      <%= @auth_user.neopass_friendly_id %>
     </section>
     <section class="neopass-explanation">
       <p>
@@ -75,26 +75,26 @@
         you can still use "Forgot your password?" to recover your Dress to
         Impress account, using the Email saved in "Your info".
       </p>
-      <% if !resource.uses_password? && !resource.email %>
+      <% if !@auth_user.uses_password? && !@auth_user.email %>
         <p>
           You can't remove this NeoPass yet, because you need to either set a
           password or a recovery email first. (Ideally both!)
         </p>
-      <% elsif !resource.uses_password? %>
+      <% elsif !@auth_user.uses_password? %>
         <p>
           Be extra careful here! Your account doesn't have a password set.
         </p>
-      <% elsif !resource.email? %>
+      <% elsif !@auth_user.email? %>
         <p>
           Be extra careful here! Your account doesn't have an email set.
         </p>
       <% end %>
     </section>
     <%= form.submit "Disconnect your NeoPass",
-        disabled: !resource.uses_password? && !resource.email? %>
+        disabled: !@auth_user.uses_password? && !@auth_user.email? %>
   <% end %>
 <% end %>
 
 <% content_for :stylesheets do %>
-  <%= stylesheet_link_tag "devise/registrations/edit" %>
+  <%= stylesheet_link_tag "auth_users/edit" %>
 <% end %>

app/views/auth_users/new.html.erb

@@ -1,7 +1,7 @@
 <h2>Sign up</h2>
 
-<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
+<%= form_with(model: @auth_user, method: :post) do |f| %>
-  <%= render "devise/shared/error_messages", resource: resource %>
+  <%= render "devise/shared/error_messages", resource: @auth_user %>
 
   <p>
     Choose a username, and an email address we can use to reset your password.

app/views/devise/shared/_links.html.erb

@@ -1,19 +1,11 @@
 <%- if controller_name != 'sessions' %>
-  <%= link_to "Log in", new_session_path(resource_name) %><br />
+  <%= link_to "Log in", new_auth_user_session_path %><br />
 <% end %>
 
-<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
+<%- if controller_name != 'auth_users' %>
-  <%= link_to "Sign up", new_registration_path(resource_name) %><br />
+  <%= link_to "Sign up", new_auth_user_path %><br />
 <% end %>
 
-<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
+<%- if controller_name != 'passwords' && controller_name != 'registrations' %>
-  <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
+  <%= link_to "Forgot your password?", new_auth_user_password_path %><br />
-<% end %>
-
-<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
-  <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
-<% end %>
-
-<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
-  <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
 <% end %>

app/views/layouts/application.html.haml

@@ -49,7 +49,7 @@
             = userbar_contributions_summary(current_user)
           = link_to t('.userbar.items'), user_closet_hangers_path(current_user), :id => 'userbar-items-link'
           = link_to t('.userbar.outfits'), current_user_outfits_path
-          = link_to t('.userbar.settings'), edit_auth_user_registration_path
+          = link_to t('.userbar.settings'), edit_auth_user_path
           = button_to t('.userbar.logout'), destroy_auth_user_session_path, method: :delete,
             params: {return_to: request.fullpath}
         - else

config/routes.rb

@@ -2,7 +2,9 @@ OpenneoImpressItems::Application.routes.draw do
   root :to => 'outfits#new'
 
   # Login and account management!
-  devise_for :auth_users, path: "users"
+  devise_for :auth_users, path: "users", skip: [:registrations]
+  resources :auth_users, only: [:new, :create, :update]
+  get '/users/edit', to: 'auth_users#edit', as: 'edit_auth_user'
 
   # The outfit editor!
   # TODO: It's a bit silly that outfits/new points to outfits#edit.