Signup and settings page for OpenNeo ID accounts

Hey nice!!

Note that I removed an account delete button from the settings page. You can still send a DELETE request to the right endpoint to do it, but it's not gonna delete all the associated records, and I wanna think a bit about how to handle that better before exposing that button.

app/controllers/application_controller.rb

@@ -9,6 +9,8 @@ class ApplicationController < ActionController::Base
   
   before_action :set_locale
 
+  before_action :configure_permitted_parameters, if: :devise_controller?
+
   def authenticate_user!
     redirect_to(new_auth_user_session_path) unless user_signed_in?
   end
@@ -70,5 +72,12 @@ class ApplicationController < ActionController::Base
   def valid_locale?(locale)
     locale && I18n.usable_locales.include?(locale.to_sym)
   end
+
+  def configure_permitted_parameters
+    # Devise will automatically permit the authentication key (username) and
+    # the password, but we need to let the email field through ourselves.
+    devise_parameter_sanitizer.permit(:sign_up, keys: [:email])
+    devise_parameter_sanitizer.permit(:account_update, keys: [:email])
+  end
 end
 

app/models/auth_user.rb

@@ -1,7 +1,7 @@
 class AuthUser < AuthRecord
   self.table_name = 'users'
 
-  devise :database_authenticatable, :encryptable
+  devise :database_authenticatable, :encryptable, :registerable, :validatable
   # devise :database_authenticatable, :lockable, :registerable, :recoverable,
   #   :trackable, :validatable
 

app/views/devise/registrations/edit.html.erb

@@ -0,0 +1,39 @@
+<h2>Edit <%= resource_name.to_s.humanize %></h2>
+
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
+  <%= render "devise/shared/error_messages", resource: resource %>
+
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
+  </div>
+
+  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
+    <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
+  <% end %>
+
+  <div class="field">
+    <%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
+    <%= f.password_field :password, autocomplete: "new-password" %>
+    <% if @minimum_password_length %>
+      <br />
+      <em><%= @minimum_password_length %> characters minimum</em>
+    <% end %>
+  </div>
+
+  <div class="field">
+    <%= f.label :password_confirmation %><br />
+    <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
+  </div>
+
+  <div class="field">
+    <%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
+    <%= f.password_field :current_password, autocomplete: "current-password" %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit "Update" %>
+  </div>
+<% end %>
+
+<%= link_to "Back", :back %>

app/views/devise/registrations/new.html.erb

@@ -0,0 +1,44 @@
+<h2>Sign up</h2>
+
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
+  <%= render "devise/shared/error_messages", resource: resource %>
+
+  <p>
+    Choose a username, and an email address we can use to reset your password.
+  </p>
+
+  <p>
+    <strong>Do not use your Neopets or email password here.</strong>
+    We don't expect a security breach, and we hash your password securely.
+    Regardless, if anything happens, we want there to be absolutely no harm done.
+  </p>
+
+  <div class="field">
+    <%= f.label :name, 'Username' %><br />
+    <%= f.text_field :name, autofocus: true, autocomplete: "username" %>
+  </div>
+
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
+  </div>
+
+  <div class="field">
+    <%= f.label :password %>
+    <% if @minimum_password_length %>
+    <em>(<%= @minimum_password_length %> characters minimum)</em>
+    <% end %><br />
+    <%= f.password_field :password, autocomplete: "new-password" %>
+  </div>
+
+  <div class="field">
+    <%= f.label :password_confirmation %><br />
+    <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit "Sign up" %>
+  </div>
+<% end %>
+
+<%= render "devise/shared/links" %>

app/views/layouts/application.html.haml

@@ -47,7 +47,7 @@
             = userbar_contributions_summary(current_user)
           = link_to t('.userbar.items'), user_closet_hangers_path(current_user), :id => 'userbar-items-link'
           = link_to t('.userbar.outfits'), current_user_outfits_path
-          = link_to t('.userbar.settings'), auth_user_settings_path
+          = link_to t('.userbar.settings'), edit_auth_user_registration_path
           = button_to t('.userbar.logout'), destroy_auth_user_session_path, method: :delete
         - else
           = link_to auth_user_sign_in_path_with_return_to, :id => 'userbar-log-in' do

config/routes.rb

@@ -48,7 +48,6 @@ OpenneoImpressItems::Application.routes.draw do
   get '/modeling' => 'pets#bulk', :as => :bulk_pets
 
   devise_for :auth_users
-  get '/users/current-user/settings', to: redirect('/?TODO'), as: :auth_user_settings
   
   post '/locales/choose' => 'locales#choose', :as => :choose_locale