users: refactor change password page.

* Fix users being redirected back to the change password page after successfully changing their password. * Move passwords controller out of /maintenance/ namespace. * Add tests.
2020-03-08 16:07:34 -05:00
parent c30ba8d5bc
commit f25bace766
6 changed files with 72 additions and 23 deletions
--- a/app/controllers/maintenance/user/passwords_controller.rb
+++ b/app/controllers/maintenance/user/passwords_controller.rb
@@ -1,9 +0,0 @@
-module Maintenance
-  module User
-    class PasswordsController < ApplicationController
-      def edit
-        @user = CurrentUser.user
-      end
-    end
-  end
-end
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@ -0,0 +1,31 @@
+class PasswordsController < ApplicationController
+  before_action :member_only
+  respond_to :html, :xml, :json
+
+  def edit
+    @user = User.find(params[:user_id])
+    check_privilege(@user)
+
+    respond_with(@user)
+  end
+
+  def update
+    @user = User.find(params[:user_id])
+    check_privilege(@user)
+
+    @user.update(user_params)
+    flash[:notice] = @user.errors.none? ? "Password updated" : @user.errors.full_messages.join("; ")
+
+    respond_with(@user, location: @user)
+  end
+
+  private
+
+  def check_privilege(user)
+    raise User::PrivilegeError unless user.id == CurrentUser.id || CurrentUser.is_admin?
+  end
+
+  def user_params
+    params.require(:user).permit(%i[old_password password password_confirmation])
+  end
+end
--- a/app/views/maintenance/user/passwords/edit.html.erb
+++ b/app/views/maintenance/user/passwords/edit.html.erb
@@ -1,13 +0,0 @@
-<% page_title "Change Password" %>
-
-<div id="c-maintenance-user-passwords">
-  <div id="a-edit">
-    <h1>Change Password</h1>
-
-    <%= edit_form_for @user do |f| %>
-      <%= f.input :old_password, :as => :password, :input_html => {:autocomplete => "off"} %>
-      <%= f.input :password, :label => "New password", :input_html => {:autocomplete => "off"} %>
-      <%= f.button :submit, "Submit" %>
-    <% end %>
-  </div>
-</div>
--- a/app/views/passwords/edit.html.erb
+++ b/app/views/passwords/edit.html.erb
@@ -0,0 +1,14 @@
+<% page_title "Change Password" %>
+
+<div id="c-passwords">
+  <div id="a-edit">
+    <h1>Change Password</h1>
+
+    <%= edit_form_for(@user, url: user_password_path(@user)) do |f| %>
+      <%= f.input :old_password, as: :password, hint: "Re-enter your current password." %>
+      <%= f.input :password, label: "New password", hint: "Must be at least 5 characters long." %>
+      <%= f.input :password_confirmation, label: "Confirm new password" %>
+      <%= f.submit "Save" %>
+    <% end %>
+  </div>
+</div>