78c6395e5f
We were getting a 500 Internal Server Error because `find_by` returned `nil`, but the code assumed it returned an object responding to `encrypted_password`. In this case, maybe some other status code (like 400 or 401) might be more appropriate, but I've kept 404 because it was easier to implement and I wasn't sure which one was better. Also note ideally we would test the controller using: expect(response).to have_http_status(:not_found) However, we would need to configure the test to show exceptions and not to consider all requests local. I haven't been able to do so for controller tests, and doing so for feature/request specs seems to require changes in the test environment configuration which would affect other tests.
60 lines
2.2 KiB
Ruby
60 lines
2.2 KiB
Ruby
class Users::ConfirmationsController < Devise::ConfirmationsController
|
|
|
|
# new action, PATCH does not exist in the default Devise::ConfirmationsController
|
|
# PATCH /resource/confirmation
|
|
def update
|
|
self.resource = resource_class.find_by(confirmation_token: params[:confirmation_token])
|
|
|
|
if resource.encrypted_password.blank?
|
|
resource.assign_attributes(resource_params)
|
|
|
|
if resource.valid? # password is set correctly
|
|
resource.save
|
|
set_official_position if resource.has_official_email?
|
|
resource.confirm
|
|
set_flash_message(:notice, :confirmed) if is_flashing_format?
|
|
sign_in_and_redirect(resource_name, resource)
|
|
else
|
|
render :show
|
|
end
|
|
else
|
|
resource.errors.add(:email, :password_already_set)
|
|
respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
|
|
end
|
|
end
|
|
|
|
# GET /resource/confirmation?confirmation_token=abcdef
|
|
def show
|
|
# In the default implementation, this already confirms the resource:
|
|
# self.resource = self.resource = resource_class.confirm_by_token(params[:confirmation_token])
|
|
self.resource = resource_class.find_by!(confirmation_token: params[:confirmation_token])
|
|
|
|
yield resource if block_given?
|
|
|
|
# New condition added to if: when no password was given, display the "show" view (which uses "update" above)
|
|
if resource.encrypted_password.blank?
|
|
respond_with_navigational(resource){ render :show }
|
|
elsif resource.errors.empty?
|
|
set_official_position if resource.has_official_email?
|
|
resource.confirm # Last change: confirm happens here for people with passwords instead of af the top of the show action
|
|
set_flash_message(:notice, :confirmed) if is_flashing_format?
|
|
respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
|
|
else
|
|
respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
|
|
end
|
|
end
|
|
|
|
protected
|
|
|
|
def resource_params
|
|
params.require(resource_name).permit(:password, :password_confirmation, :email)
|
|
end
|
|
|
|
private
|
|
|
|
def set_official_position
|
|
resource.add_official_position! (Setting["official_level_1_name"]), 1
|
|
end
|
|
|
|
end
|