Add account management

2022-06-25 23:45:47 +01:00 · 2022-06-25 23:45:47 +01:00 · 4f190f67f0
commit 4f190f67f0
parent 882d0a51ed
25 changed files with 323 additions and 6 deletions
--- a/5
+++ b/5
@ -4,13 +4,14 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby "3.1.2"
 gem "bootsnap", require: false
 gem "clearance"
 gem "dotenv-rails"
 gem "importmap-rails"
 gem "pg", "~> 1.1"
 gem "propshaft"
 gem "puma", "~> 5.0"
 gem "rails", "~> 7.0.3"
 gem "dotenv-rails"
 gem "pundit"
 gem "rails", "~> 7.0.3"
 gem "ransack"
 group :development, :test do
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -66,10 +66,22 @@ GEM
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
      tzinfo (~> 2.0)
    argon2 (2.1.1)
      ffi (~> 1.14)
      ffi-compiler (~> 1.0)
    bcrypt (3.1.18)
    bindex (0.8.1)
    bootsnap (1.12.0)
      msgpack (~> 1.2)
    builder (3.2.4)
    clearance (2.6.0)
      actionmailer (>= 5.0)
      activemodel (>= 5.0)
      activerecord (>= 5.0)
      argon2 (~> 2.0, >= 2.0.2)
      bcrypt (>= 3.1.1)
      email_validator (~> 2.0)
      railties (>= 5.0)
    concurrent-ruby (1.1.10)
    crass (1.0.6)
    debug (1.5.0)
@ -80,7 +92,13 @@ GEM
    dotenv-rails (2.7.6)
      dotenv (= 2.7.6)
      railties (>= 3.2)
    email_validator (2.2.3)
      activemodel
    erubi (1.10.0)
    ffi (1.15.5)
    ffi-compiler (1.0.1)
      ffi (>= 1.0.0)
      rake
    globalid (1.0.0)
      activesupport (>= 5.0)
    i18n (1.10.0)
@ -186,6 +204,7 @@ PLATFORMS
 DEPENDENCIES
  bootsnap
  clearance
  debug
  dotenv-rails
  importmap-rails
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,2 +1,3 @@
 class ApplicationController < ActionController::Base
  include Clearance::Controller
 end
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@ -0,0 +1,20 @@
 class BoardsController < ApplicationController
  before_action :require_login
  def edit
    @users = User.where(active: true)
    @users += Array.new(5 - @users.size) { User.new }
  end
  def update
    User.update_board_members(board_params)
    redirect_to edit_board_path
  end
  private
  def board_params
    params.require('users')
  end
 end
--- a/app/controllers/contributions_controller.rb
+++ b/app/controllers/contributions_controller.rb
@ -1,4 +1,5 @@
 class ContributionsController < ApplicationController
  before_action :require_login
  before_action :set_member, only: %i[ new create ]
  before_action :set_contribution, only: %i[ edit update delete destroy ]
--- a/app/controllers/members_controller.rb
+++ b/app/controllers/members_controller.rb
@ -1,4 +1,5 @@
 class MembersController < ApplicationController
  before_action :require_login
  before_action :set_member, only: %i[ show edit update delete destroy ]
  helper_method :sort_params
--- a/app/guards/active_guard.rb
+++ b/app/guards/active_guard.rb
@ -0,0 +1,9 @@
 class ActiveGuard < Clearance::SignInGuard
  def call
    if signed_in? && !current_user.active
      failure(t('sessions.new.deactivated_error'))
    else
      next_guard
    end
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -0,0 +1,27 @@
 class User < ApplicationRecord
  include Clearance::User
  def self.update_board_members(new_emails)
    where(active: true).each do |user|
      if !new_emails.include?(user.email)
        user.update(active: false)
        # TODO: notify board member of deactivation
      end
    end
    new_emails.each do |email|
      user = User.find_by(email: email)
      if user
        if !user.active?
          # TODO: notify board member of activation
          user.update(active: true, password: SecureRandom.hex(32))
        end
      else
        # TODO: notify board member of activation
        User.create(email: email, password: SecureRandom.hex(32))
      end
    end
  end
 end
--- a/app/views/boards/edit.html.erb
+++ b/app/views/boards/edit.html.erb
@ -0,0 +1,19 @@
 <h1><%= t('boards.edit.title') %></h1>
 <p><%= t('boards.edit.warning') %></p>
 <%= form_with scope: :users, url: board_path, method: :put do |form| %>
  <table class='lined'>
    <% @users.each do |user| %>
      <tr>
        <td>
          <%= form.email_field nil, value: user.email %>
        </td>
      </tr>
    <% end %>
  </table>
  <div>
    <%= form.submit %>
  </div>
 <% end %>
--- a/app/views/clearance_mailer/change_password.html.erb
+++ b/app/views/clearance_mailer/change_password.html.erb
@ -0,0 +1,8 @@
 <p><%= t(".opening") %></p>
 <p>
  <%= link_to t(".link_text", default: "Change my password"),
    url_for([@user, :password, action: :edit, token: @user.confirmation_token]) %>
 </p>
 <p><%= t(".closing") %></p>
--- a/app/views/clearance_mailer/change_password.text.erb
+++ b/app/views/clearance_mailer/change_password.text.erb
@ -0,0 +1,5 @@
 <%= t(".opening") %>
 <%= url_for([@user, :password, action: :edit, token: @user.confirmation_token]) %>
 <%= t(".closing") %>
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@ -11,9 +11,19 @@
  </head>
  <body>
-    <nav>
+    <% if signed_in? %>
-      <%= link_to t('navigation.members'), members_path %>
+      <nav>
-    </nav>
+        <ul>
          <li><%= link_to t('navigation.members'), members_path %></li>
          <li><%= link_to t('navigation.board'), edit_board_path %></li>
          <li>
            <%= button_to sign_out_path, method: :delete do %>
              Sign out of <%= current_user.email %>
            <% end %>
          </li>
        </ul>
      </nav>
    <% end %>
    <%= yield %>
  </body>
--- a/app/views/passwords/create.html.erb
+++ b/app/views/passwords/create.html.erb
@ -0,0 +1,3 @@
 <div id="clearance" class="password-reset">
  <p><%= t(".description") %></p>
 </div>
--- a/app/views/passwords/edit.html.erb
+++ b/app/views/passwords/edit.html.erb
@ -0,0 +1,18 @@
 <div id="clearance" class="password-reset">
  <h2><%= t(".title") %></h2>
  <p><%= t(".description") %></p>
  <%= form_for :password_reset,
        url: [@user, :password, token: @user.confirmation_token],
        html: { method: :put } do |form| %>
    <div class="password-field">
      <%= form.label :password %>
      <%= form.password_field :password %>
    </div>
    <div class="submit-field">
      <%= form.submit %>
    </div>
  <% end %>
 </div>
--- a/app/views/passwords/new.html.erb
+++ b/app/views/passwords/new.html.erb
@ -0,0 +1,16 @@
 <div id="clearance" class="password-reset">
  <h2><%= t(".title") %></h2>
  <p><%= t(".description") %></p>
  <%= form_for :password, url: passwords_path do |form| %>
    <div class="text-field">
      <%= form.label :email %>
      <%= form.email_field :email %>
    </div>
    <div class="submit-field">
      <%= form.submit %>
    </div>
  <% end %>
 </div>
--- a/app/views/sessions/_form.html.erb
+++ b/app/views/sessions/_form.html.erb
@ -0,0 +1,28 @@
 <%= form_for :session, url: session_path do |form| %>
  <table>
    <tr>
      <td>
        <%= form.label :email %>
      </td>
      <td>
        <%= form.email_field :email %>
      </td>
    </tr>
    <tr>
      <td><%= form.label :password %></td>
      <td><%= form.password_field :password %></td>
    </tr>
  </table>
  <div class="submit-field">
    <%= form.submit %>
  </div>
  <div class="other-links">
    <% if Clearance.configuration.allow_sign_up? %>
      <%= link_to t(".sign_up"), sign_up_path %>
    <% end %>
    <%= link_to t(".forgot_password"), new_password_path %>
  </div>
 <% end %>
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@ -0,0 +1,5 @@
 <div id="clearance" class="sign-in">
  <h2><%= t(".title") %></h2>
  <%= render partial: '/sessions/form' %>
 </div>
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@ -53,6 +53,10 @@ Rails.application.configure do
    enable_starttls_auto: true,
  }
  config.action_mailer.default_url_options = {
    host: ENV['BASE_HOST'],
  }
  # Print deprecation notices to the Rails logger.
  config.active_support.deprecation = :log
--- a/config/initializers/clearance.rb
+++ b/config/initializers/clearance.rb
@ -0,0 +1,8 @@
 Clearance.configure do |config|
  config.allow_sign_up = false
  config.mailer_sender = ENV['SMTP_FROM_ADDRESS']
  config.rotate_csrf_on_sign_in = true
  config.secure_cookie = true
  config.signed_cookie = true
  config.sign_in_guards = ["ActiveGuard"]
 end
--- a/config/locales/clearance.en.yml
+++ b/config/locales/clearance.en.yml
@ -0,0 +1,64 @@
 ---
 en:
  clearance:
    models:
      clearance_mailer:
        change_password: Change your password
  clearance_mailer:
    change_password:
      closing: If you didn't request this, ignore this email. Your password has
        not been changed.
      link_text: Change my password
      opening: "Someone, hopefully you, requested we send you a link to change
        your password:"
  flashes:
    failure_after_create: Bad email or password.
    failure_after_update: Password can't be blank.
    failure_when_forbidden: Please double check the URL or try submitting
      the form again.
    failure_when_not_signed_in: Please sign in to continue.
    failure_when_missing_email: Email can't be blank.
  helpers:
    label:
      password:
        email: Email address
      password_reset:
        password: Choose password
      session:
        password: Password
      user:
        password: Password
    submit:
      password:
        submit: Reset password
      password_reset:
        submit: Save this password
      session:
        submit: Sign in
      user:
        create: Sign up
  layouts:
    application:
      sign_in: Sign in
      sign_out: Sign out
  passwords:
    create:
      description: You will receive an email within the next few minutes. It
        contains instructions for changing your password.
    edit:
      description: Your password has been reset. Choose a new password below.
      title: Change your password
    new:
      description: To be emailed a link to reset your password, please enter
        your email address.
      title: Reset your password
  sessions:
    form:
      forgot_password: Forgot password?
      sign_up: Sign up
    new:
      title: Sign in
  users:
    new:
      sign_in: Sign in
      title: Sign up
--- a/config/locales/pt.yml
+++ b/config/locales/pt.yml
@ -101,3 +101,14 @@ pt:
    cancelled:
      subject: "ANSOL - Inscrição cancelada"
    greetings: "Caro(a) %{display_name}"
  sessions:
    new:
      title: "Entrar"
    attributes:
      email: "oi"
  boards:
    edit:
      title: "Actualizar membros da direcção"
      warning: |
        Atenção: qualquer endereço que ficar omisso verá a sua conta suspensa e
        deixará de poder aceder a este sistema.
--- a/config/routes.rb
+++ b/config/routes.rb
@ -3,6 +3,8 @@ Rails.application.routes.draw do
  # Defines the root path route ("/")
  # root "articles#index"
  #
  root to: redirect('/members')
  resources :members do
    member do
@ -16,4 +18,6 @@ Rails.application.routes.draw do
      get :delete
    end
  end
  resource :board, only: [:edit, :update]
 end
--- a/db/migrate/20220625203020_create_users.rb
+++ b/db/migrate/20220625203020_create_users.rb
@ -0,0 +1,15 @@
 class CreateUsers < ActiveRecord::Migration[7.0]
  def change
    create_table :users, id: :uuid do |t|
      t.timestamps null: false
      t.string :email, null: false
      t.string :encrypted_password, limit: 128, null: false
      t.string :confirmation_token, limit: 128
      t.string :remember_token, limit: 128, null: false
    end
    add_index :users, :email
    add_index :users, :confirmation_token, unique: true
    add_index :users, :remember_token, unique: true
  end
 end
--- a/db/migrate/20220625210821_add_active_to_user.rb
+++ b/db/migrate/20220625210821_add_active_to_user.rb
@ -0,0 +1,7 @@
 class AddActiveToUser < ActiveRecord::Migration[7.0]
  def change
    change_table :users do |t|
      t.boolean :active, null: false, default: true
    end
  end
 end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[7.0].define(version: 2022_06_25_181824) do
+ActiveRecord::Schema[7.0].define(version: 2022_06_25_210821) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "pgcrypto"
  enable_extension "plpgsql"
@ -56,6 +56,19 @@ ActiveRecord::Schema[7.0].define(version: 2022_06_25_181824) do
    t.index ["member_id"], name: "index_notifications_on_member_id"
  end
  create_table "users", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.string "email", null: false
    t.string "encrypted_password", limit: 128, null: false
    t.string "confirmation_token", limit: 128
    t.string "remember_token", limit: 128, null: false
    t.boolean "active", default: true, null: false
    t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
    t.index ["email"], name: "index_users_on_email"
    t.index ["remember_token"], name: "index_users_on_remember_token", unique: true
  end
  add_foreign_key "contributions", "members"
  add_foreign_key "notifications", "members"
 end