Emi Matchu 58d86cf3ac Prevent user from removing all their login methods ... Oh right, if you can remove your email, there's a way to fully lock out your account: 1. Create account via NeoPass, so no password is set. 2. Ensure you have an email saved, then disconnect NeoPass. 3. Remove the email. 4. Now you have no NeoPass, no email, and no password! In this change, we add a validation that requires an account to always have at least one login method. This works well for the case described above, and also helps offer server-side validation to the "can't disconnect NeoPass until you have an email and password" stuff that previously was only enforced by disabling the button. That is, the following procedure could also lock you out before, whereas now it raises the "Whoops, there was an error disconnecting your NeoPass from your account, sorry." message: 1. Create account via NeoPass, so no password is set. 2. Ensure you have an email saved, so "Disconnect" button is enabled. 3. Open a new browser tab, and remove the email. 4. In the original browser tab, click "Disconnect".		2024-04-09 06:40:56 -07:00
..
assets	Eject AuthUsersController from the default Devise controller	2024-04-08 04:02:54 -07:00
controllers	Fix bugs in Settings page when changes to the model are incomplete	2024-04-09 06:34:06 -07:00
helpers	Add additional cookie method to view hidden NeoPass features	2024-04-09 06:36:44 -07:00
javascript	Oh wow, don't use the images.neopets.com asset proxy anymore either!	2024-04-06 03:38:23 -07:00
mailers/fundraising	Move most fundraising files into a Fundraising module	2024-02-18 20:12:14 -08:00
models	Prevent user from removing all their login methods	2024-04-09 06:40:56 -07:00
services	Save manifest load info when preloading them, too	2024-02-25 16:02:36 -08:00
views	Fix bugs in Settings page when changes to the model are incomplete	2024-04-09 06:34:06 -07:00