2024-04-08 04:02:54 -07:00
|
|
|
class AuthUsersController < ApplicationController
|
|
|
|
|
before_action :authenticate_user!, except: [:new, :create]
|
|
|
|
|
|
|
|
|
|
def create
|
|
|
|
|
@auth_user = AuthUser.create(auth_user_params)
|
|
|
|
|
|
|
|
|
|
if @auth_user.persisted?
|
|
|
|
|
sign_in :auth_user, @auth_user
|
|
|
|
|
flash[:notice] = "Welcome to Dress to Impress, #{@auth_user.name}! 💖"
|
|
|
|
|
redirect_to root_path
|
|
|
|
|
else
|
|
|
|
|
render action: :new, status: :unprocessable_entity
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def edit
|
Fix bugs in Settings page when changes to the model are incomplete
Ahh okay tricky lil thing: if you show the settings page with a partial
change to `AuthUser` that didn't get saved, it can throw off the state
of some stuff. For example, if you don't have a password yet, then
enter a new password but leave the confirmation box blank, then you'll
correctly see "Password confirmation can't be blank", but you'll *also*
then be prompted for your "Current password", even though you don't
have one yet, because `@auth_user.uses_password?` is true now.
In this change, we extend the Settings form to use two copies of the
`AuthUser`. One is the copy with changes on it, and the other is the
"persisted" copy, which we check for parts of the UI that care about
what's actually saved, vs form state.
2024-04-09 06:23:54 -07:00
|
|
|
# For the edit form, the auth user *is* the persisted auth user.
|
|
|
|
|
@persisted_auth_user = current_auth_user
|
|
|
|
|
@auth_user = @persisted_auth_user
|
2024-04-08 04:02:54 -07:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def new
|
|
|
|
|
@auth_user = AuthUser.new
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def update
|
Fix bugs in Settings page when changes to the model are incomplete
Ahh okay tricky lil thing: if you show the settings page with a partial
change to `AuthUser` that didn't get saved, it can throw off the state
of some stuff. For example, if you don't have a password yet, then
enter a new password but leave the confirmation box blank, then you'll
correctly see "Password confirmation can't be blank", but you'll *also*
then be prompted for your "Current password", even though you don't
have one yet, because `@auth_user.uses_password?` is true now.
In this change, we extend the Settings form to use two copies of the
`AuthUser`. One is the copy with changes on it, and the other is the
"persisted" copy, which we check for parts of the UI that care about
what's actually saved, vs form state.
2024-04-09 06:23:54 -07:00
|
|
|
# When updating, we hold onto the original `@persisted_auth_user`, then
|
|
|
|
|
# make our changes to `@auth_user`. That way, the form can check the *live*
|
|
|
|
|
# value of `uses_password?` to decide whether to show the "Current
|
|
|
|
|
# password" field, instead of getting thrown off if the password changed
|
|
|
|
|
# but the record didn't get saved.
|
|
|
|
|
#
|
|
|
|
|
# HACK: Is there a way to get the kind of copy we want for real? `dup`
|
|
|
|
|
# actually returns a *new* unsaved record with the same attributes.
|
2024-04-08 04:02:54 -07:00
|
|
|
@auth_user = load_auth_user
|
Fix bugs in Settings page when changes to the model are incomplete
Ahh okay tricky lil thing: if you show the settings page with a partial
change to `AuthUser` that didn't get saved, it can throw off the state
of some stuff. For example, if you don't have a password yet, then
enter a new password but leave the confirmation box blank, then you'll
correctly see "Password confirmation can't be blank", but you'll *also*
then be prompted for your "Current password", even though you don't
have one yet, because `@auth_user.uses_password?` is true now.
In this change, we extend the Settings form to use two copies of the
`AuthUser`. One is the copy with changes on it, and the other is the
"persisted" copy, which we check for parts of the UI that care about
what's actually saved, vs form state.
2024-04-09 06:23:54 -07:00
|
|
|
@persisted_auth_user = @auth_user.dup
|
2024-04-08 04:02:54 -07:00
|
|
|
|
2024-04-09 06:20:13 -07:00
|
|
|
if @auth_user.update_with_password(auth_user_params)
|
2024-04-08 04:12:46 -07:00
|
|
|
# NOTE: Changing the password will sign you out, so make sure we stay
|
|
|
|
|
# signed in!
|
|
|
|
|
bypass_sign_in @auth_user, scope: :auth_user
|
|
|
|
|
|
2024-04-08 04:02:54 -07:00
|
|
|
flash[:notice] = "Settings successfully saved."
|
|
|
|
|
redirect_to action: :edit
|
|
|
|
|
else
|
|
|
|
|
render action: :edit, status: :unprocessable_entity
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
def auth_user_params
|
|
|
|
|
params.require(:auth_user).permit(:name, :email, :password,
|
|
|
|
|
:password_confirmation, :current_password)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def load_auth_user
|
|
|
|
|
# Well, what we *actually* do is just use `current_auth_user`, and enforce
|
|
|
|
|
# that the provided user ID matches. The user ID param is only really for
|
|
|
|
|
# REST semantics and such!
|
|
|
|
|
raise AccessDenied unless auth_user_signed_in?
|
|
|
|
|
raise AccessDenied unless current_auth_user.id == params[:id].to_i
|
|
|
|
|
current_auth_user
|
|
|
|
|
end
|
|
|
|
|
end
|
