Signup and settings page for OpenNeo ID accounts

Hey nice!! Note that I removed an account delete button from the settings page. You can still send a DELETE request to the right endpoint to do it, but it's not gonna delete all the associated records, and I wanna think a bit about how to handle that better before exposing that button.
2023-08-06 17:26:56 -07:00 · 2023-08-06 17:26:56 -07:00 · d65aafdd4c
commit d65aafdd4c
parent eee097a9f8
6 changed files with 94 additions and 3 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -9,6 +9,8 @@ class ApplicationController < ActionController::Base
  
  before_action :set_locale

+  before_action :configure_permitted_parameters, if: :devise_controller?
+
  def authenticate_user!
    redirect_to(new_auth_user_session_path) unless user_signed_in?
  end
@ -70,5 +72,12 @@ class ApplicationController < ActionController::Base
  def valid_locale?(locale)
    locale && I18n.usable_locales.include?(locale.to_sym)
  end
+
+  def configure_permitted_parameters
+    # Devise will automatically permit the authentication key (username) and
+    # the password, but we need to let the email field through ourselves.
+    devise_parameter_sanitizer.permit(:sign_up, keys: [:email])
+    devise_parameter_sanitizer.permit(:account_update, keys: [:email])
+  end
 end

--- a/app/models/auth_user.rb
+++ b/app/models/auth_user.rb
@ -1,7 +1,7 @@
 class AuthUser < AuthRecord
  self.table_name = 'users'

-  devise :database_authenticatable, :encryptable
+  devise :database_authenticatable, :encryptable, :registerable, :validatable
  # devise :database_authenticatable, :lockable, :registerable, :recoverable,
  #   :trackable, :validatable

--- a/app/views/devise/registrations/edit.html.erb
+++ b/app/views/devise/registrations/edit.html.erb
@ -0,0 +1,39 @@
+<h2>Edit <%= resource_name.to_s.humanize %></h2>
+
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
+  <%= render "devise/shared/error_messages", resource: resource %>
+
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
+  </div>
+
+  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
+    <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
+  <% end %>
+
+  <div class="field">
+    <%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
+    <%= f.password_field :password, autocomplete: "new-password" %>
+    <% if @minimum_password_length %>
+      <br />
+      <em><%= @minimum_password_length %> characters minimum</em>
+    <% end %>
+  </div>
+
+  <div class="field">
+    <%= f.label :password_confirmation %><br />
+    <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
+  </div>
+
+  <div class="field">
+    <%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
+    <%= f.password_field :current_password, autocomplete: "current-password" %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit "Update" %>
+  </div>
+<% end %>
+
+<%= link_to "Back", :back %>
--- a/app/views/devise/registrations/new.html.erb
+++ b/app/views/devise/registrations/new.html.erb
@ -0,0 +1,44 @@
+<h2>Sign up</h2>
+
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
+  <%= render "devise/shared/error_messages", resource: resource %>
+
+  <p>
+    Choose a username, and an email address we can use to reset your password.
+  </p>
+
+  <p>
+    <strong>Do not use your Neopets or email password here.</strong>
+    We don't expect a security breach, and we hash your password securely.
+    Regardless, if anything happens, we want there to be absolutely no harm done.
+  </p>
+
+  <div class="field">
+    <%= f.label :name, 'Username' %><br />
+    <%= f.text_field :name, autofocus: true, autocomplete: "username" %>
+  </div>
+
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
+  </div>
+
+  <div class="field">
+    <%= f.label :password %>
+    <% if @minimum_password_length %>
+    <em>(<%= @minimum_password_length %> characters minimum)</em>
+    <% end %><br />
+    <%= f.password_field :password, autocomplete: "new-password" %>
+  </div>
+
+  <div class="field">
+    <%= f.label :password_confirmation %><br />
+    <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit "Sign up" %>
+  </div>
+<% end %>
+
+<%= render "devise/shared/links" %>
--- a/app/views/layouts/application.html.haml
+++ b/app/views/layouts/application.html.haml
@ -47,7 +47,7 @@
            = userbar_contributions_summary(current_user)
          = link_to t('.userbar.items'), user_closet_hangers_path(current_user), :id => 'userbar-items-link'
          = link_to t('.userbar.outfits'), current_user_outfits_path
-          = link_to t('.userbar.settings'), auth_user_settings_path
+          = link_to t('.userbar.settings'), edit_auth_user_registration_path
          = button_to t('.userbar.logout'), destroy_auth_user_session_path, method: :delete
        - else
          = link_to auth_user_sign_in_path_with_return_to, :id => 'userbar-log-in' do
--- a/config/routes.rb
+++ b/config/routes.rb
@ -48,7 +48,6 @@ OpenneoImpressItems::Application.routes.draw do
  get '/modeling' => 'pets#bulk', :as => :bulk_pets

  devise_for :auth_users
-  get '/users/current-user/settings', to: redirect('/?TODO'), as: :auth_user_settings
  
  post '/locales/choose' => 'locales#choose', :as => :choose_locale