Signup and settings page for OpenNeo ID accounts

Hey nice!!

Note that I removed an account delete button from the settings page. You can still send a DELETE request to the right endpoint to do it, but it's not gonna delete all the associated records, and I wanna think a bit about how to handle that better before exposing that button.
This commit is contained in:
Emi Matchu 2023-08-06 17:26:56 -07:00
parent eee097a9f8
commit d65aafdd4c
6 changed files with 94 additions and 3 deletions

View file

@ -9,6 +9,8 @@ class ApplicationController < ActionController::Base
before_action :set_locale before_action :set_locale
before_action :configure_permitted_parameters, if: :devise_controller?
def authenticate_user! def authenticate_user!
redirect_to(new_auth_user_session_path) unless user_signed_in? redirect_to(new_auth_user_session_path) unless user_signed_in?
end end
@ -70,5 +72,12 @@ class ApplicationController < ActionController::Base
def valid_locale?(locale) def valid_locale?(locale)
locale && I18n.usable_locales.include?(locale.to_sym) locale && I18n.usable_locales.include?(locale.to_sym)
end end
def configure_permitted_parameters
# Devise will automatically permit the authentication key (username) and
# the password, but we need to let the email field through ourselves.
devise_parameter_sanitizer.permit(:sign_up, keys: [:email])
devise_parameter_sanitizer.permit(:account_update, keys: [:email])
end
end end

View file

@ -1,7 +1,7 @@
class AuthUser < AuthRecord class AuthUser < AuthRecord
self.table_name = 'users' self.table_name = 'users'
devise :database_authenticatable, :encryptable devise :database_authenticatable, :encryptable, :registerable, :validatable
# devise :database_authenticatable, :lockable, :registerable, :recoverable, # devise :database_authenticatable, :lockable, :registerable, :recoverable,
# :trackable, :validatable # :trackable, :validatable

View file

@ -0,0 +1,39 @@
<h2>Edit <%= resource_name.to_s.humanize %></h2>
<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
<%= render "devise/shared/error_messages", resource: resource %>
<div class="field">
<%= f.label :email %><br />
<%= f.email_field :email, autofocus: true, autocomplete: "email" %>
</div>
<% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
<div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
<% end %>
<div class="field">
<%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
<%= f.password_field :password, autocomplete: "new-password" %>
<% if @minimum_password_length %>
<br />
<em><%= @minimum_password_length %> characters minimum</em>
<% end %>
</div>
<div class="field">
<%= f.label :password_confirmation %><br />
<%= f.password_field :password_confirmation, autocomplete: "new-password" %>
</div>
<div class="field">
<%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
<%= f.password_field :current_password, autocomplete: "current-password" %>
</div>
<div class="actions">
<%= f.submit "Update" %>
</div>
<% end %>
<%= link_to "Back", :back %>

View file

@ -0,0 +1,44 @@
<h2>Sign up</h2>
<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
<%= render "devise/shared/error_messages", resource: resource %>
<p>
Choose a username, and an email address we can use to reset your password.
</p>
<p>
<strong>Do not use your Neopets or email password here.</strong>
We don't expect a security breach, and we hash your password securely.
Regardless, if anything happens, we want there to be absolutely no harm done.
</p>
<div class="field">
<%= f.label :name, 'Username' %><br />
<%= f.text_field :name, autofocus: true, autocomplete: "username" %>
</div>
<div class="field">
<%= f.label :email %><br />
<%= f.email_field :email, autofocus: true, autocomplete: "email" %>
</div>
<div class="field">
<%= f.label :password %>
<% if @minimum_password_length %>
<em>(<%= @minimum_password_length %> characters minimum)</em>
<% end %><br />
<%= f.password_field :password, autocomplete: "new-password" %>
</div>
<div class="field">
<%= f.label :password_confirmation %><br />
<%= f.password_field :password_confirmation, autocomplete: "new-password" %>
</div>
<div class="actions">
<%= f.submit "Sign up" %>
</div>
<% end %>
<%= render "devise/shared/links" %>

View file

@ -47,7 +47,7 @@
= userbar_contributions_summary(current_user) = userbar_contributions_summary(current_user)
= link_to t('.userbar.items'), user_closet_hangers_path(current_user), :id => 'userbar-items-link' = link_to t('.userbar.items'), user_closet_hangers_path(current_user), :id => 'userbar-items-link'
= link_to t('.userbar.outfits'), current_user_outfits_path = link_to t('.userbar.outfits'), current_user_outfits_path
= link_to t('.userbar.settings'), auth_user_settings_path = link_to t('.userbar.settings'), edit_auth_user_registration_path
= button_to t('.userbar.logout'), destroy_auth_user_session_path, method: :delete = button_to t('.userbar.logout'), destroy_auth_user_session_path, method: :delete
- else - else
= link_to auth_user_sign_in_path_with_return_to, :id => 'userbar-log-in' do = link_to auth_user_sign_in_path_with_return_to, :id => 'userbar-log-in' do

View file

@ -48,7 +48,6 @@ OpenneoImpressItems::Application.routes.draw do
get '/modeling' => 'pets#bulk', :as => :bulk_pets get '/modeling' => 'pets#bulk', :as => :bulk_pets
devise_for :auth_users devise_for :auth_users
get '/users/current-user/settings', to: redirect('/?TODO'), as: :auth_user_settings
post '/locales/choose' => 'locales#choose', :as => :choose_locale post '/locales/choose' => 'locales#choose', :as => :choose_locale