jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

users: refactor change password page.

Browse Source 
* Fix users being redirected back to the change password page after
  successfully changing their password.
* Move passwords controller out of /maintenance/ namespace.
* Add tests.
This commit is contained in:
evazion
2020-03-08 16:07:34 -05:00
parent c30ba8d5bc
commit f25bace766
6 changed files with 72 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/controllers/maintenance/user/passwords_controller.rb
View File

@@ -1,9 +0,0 @@
module Maintenance
module User
class PasswordsController < ApplicationController
def edit
@user = CurrentUser.user
end
end
end
end

31
app/controllers/passwords_controller.rb Normal file
View File

@@ -0,0 +1,31 @@
class PasswordsController < ApplicationController
before_action :member_only
respond_to :html, :xml, :json
def edit
@user = User.find(params[:user_id])
check_privilege(@user)
respond_with(@user)
end
def update
@user = User.find(params[:user_id])
check_privilege(@user)
@user.update(user_params)
flash[:notice] = @user.errors.none? ? "Password updated" : @user.errors.full_messages.join("; ")
respond_with(@user, location: @user)
end
private
def check_privilege(user)
raise User::PrivilegeError unless user.id == CurrentUser.id || CurrentUser.is_admin?
end
def user_params
params.require(:user).permit(%i[old_password password password_confirmation])
end
end

13
app/views/maintenance/user/passwords/edit.html.erb
View File

@@ -1,13 +0,0 @@
<% page_title "Change Password" %>
<div id="c-maintenance-user-passwords">
<div id="a-edit">
<h1>Change Password</h1>
<%= edit_form_for @user do |f| %>
<%= f.input :old_password, :as => :password, :input_html => {:autocomplete => "off"} %>
<%= f.input :password, :label => "New password", :input_html => {:autocomplete => "off"} %>
<%= f.button :submit, "Submit" %>
<% end %>
</div>
</div>

14
app/views/passwords/edit.html.erb Normal file
View File

@@ -0,0 +1,14 @@
<% page_title "Change Password" %>
<div id="c-passwords">
<div id="a-edit">
<h1>Change Password</h1>
<%= edit_form_for(@user, url: user_password_path(@user)) do |f| %>
<%= f.input :old_password, as: :password, hint: "Re-enter your current password." %>
<%= f.input :password, label: "New password", hint: "Must be at least 5 characters long." %>
<%= f.input :password_confirmation, label: "Confirm new password" %>
<%= f.submit "Save" %>
<% end %>
</div>
</div>

2
config/routes.rb
View File

@@ -246,7 +246,7 @@ Rails.application.routes.draw do
end end
resources :users do resources :users do
resources :favorite_groups, controller: "favorite_groups", only: [:index], as: "favorite_groups" resources :favorite_groups, controller: "favorite_groups", only: [:index], as: "favorite_groups"
resource :password, :only => [:edit], :controller => "maintenance/user/passwords" resource :password, only: [:edit, :update]
resource :api_key, :only => [:show, :view, :update, :destroy], :controller => "maintenance/user/api_keys" do resource :api_key, :only => [:show, :view, :update, :destroy], :controller => "maintenance/user/api_keys" do
post :view post :view
end end

26
test/functional/passwords_controller_test.rb Normal file
View File

@@ -0,0 +1,26 @@
require 'test_helper'
class PasswordsControllerTest < ActionDispatch::IntegrationTest
context "The passwords controller" do
setup do
@user = create(:user, password: "12345")
end
context "edit action" do
should "work" do
get_auth edit_user_password_path(@user), @user
assert_response :success
end
end
context "update action" do
should "work" do
put_auth user_password_path(@user), @user, params: { user: { old_password: "12345", password: "abcde", password_confirmation: "abcde" } }
assert_redirected_to user_path(@user)
assert_equal(nil, User.authenticate(@user.name, "12345"))
assert_equal(@user, User.authenticate(@user.name, "abcde"))
end
end
end
end