Oh right, hide NeoPass on settings page unless you set the magic param!

Simplified this a bit into a helper. It's kinda odd to me, but
convenient for this moment, that Rails allows views to read `params`! I
guess it's for escape hatches exactly like this! lol

app/controllers/application_controller.rb

@@ -12,7 +12,6 @@ class ApplicationController < ActionController::Base
   before_action :set_locale
 
   before_action :configure_permitted_parameters, if: :devise_controller?
-  before_action :check_neopass_access, if: :devise_controller?
   before_action :save_return_to_path,
     if: ->(c) { c.controller_name == 'sessions' && c.action_name == 'new' }
 
@@ -88,12 +87,6 @@ class ApplicationController < ActionController::Base
     devise_parameter_sanitizer.permit(:account_update, keys: [:email])
   end
 
-  def check_neopass_access
-    @can_use_neopass = (
-      params[:neopass] == Rails.configuration.neopass_access_secret
-    )
-  end
-
   def save_return_to_path
     if params[:return_to]
       Rails.logger.debug "Saving return_to path: #{params[:return_to].inspect}"

app/helpers/application_helper.rb

@@ -69,6 +69,10 @@ module ApplicationHelper
     end
   end
 
+  def can_use_neopass
+    params[:neopass] == Rails.configuration.neopass_access_secret
+  end
+
   def contact_email
     "matchu@openneo.net"
   end

app/views/auth_users/edit.html.erb

@@ -96,7 +96,7 @@
     <%= form.submit "Disconnect your NeoPass",
         disabled: !@auth_user.uses_password? && !@auth_user.email? %>
   <% end %>
-<% else %>
+<% elsif can_use_neopass %>
   <%= form_with url: auth_user_neopass_omniauth_authorize_path(intent: "connect"),
       method: :post, class: "settings-form", data: {turbo: false} do |form|
   %>

app/views/devise/sessions/new.html.erb

@@ -1,6 +1,6 @@
 <h2>Log in</h2>
 
-<% if @can_use_neopass %>
+<% if can_use_neopass %>
   🌟✨🌟✨🌟✨🌟✨🌟
   <br />
   <%= button_to "Log in with NeoPass",