Modifies devise so that unconfirmed users w/o password can set it when confirming their account

app/controllers/management/users_controller.rb

@@ -0,0 +1,25 @@
+class Management::UsersController < Management::BaseController
+  def new
+    @user = User.new(user_params)
+  end
+
+  def create
+    @user = User.new(user_params)
+    @user.skip_password_validation = true
+    @user.terms_of_service = '1'
+    @user.residence_verified_at = Time.now
+    @user.verified_at = Time.now
+
+    if @user.save then
+      render :show
+    else
+      render :new
+    end
+  end
+
+  private
+
+    def user_params
+      params.require(:user).permit(:document_type, :document_number, :username, :email)
+    end
+end

app/controllers/users/confirmations_controller.rb

@@ -0,0 +1,45 @@
+class Users::ConfirmationsController < Devise::ConfirmationsController
+
+  # PATCH /resource/confirmation
+  def update
+    self.resource = resource_class.find_by_confirmation_token(params[:confirmation_token])
+
+    if resource.encrypted_password.blank?
+      resource.assign_attributes(resource_params)
+
+      if resource.valid? # password is set correctly
+        resource.save
+        resource.confirm
+        set_flash_message(:notice, :confirmed) if is_flashing_format?
+        sign_in_and_redirect(resource_name, resource)
+      else
+        render :show
+      end
+    else
+      resource.errors.add(:email, :password_already_set)
+      respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
+    end
+  end
+
+  # GET /resource/confirmation?confirmation_token=abcdef
+  def show
+    self.resource = resource_class.find_by_confirmation_token(params[:confirmation_token])
+
+    if resource.encrypted_password.blank?
+      respond_with_navigational(resource){ render :show }
+    elsif resource.errors.empty?
+      resource.confirm
+      set_flash_message(:notice, :confirmed) if is_flashing_format?
+      respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
+    else
+      respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
+    end
+  end
+
+  protected
+
+    def resource_params
+      params.require(resource_name).permit(:password, :password_confirmation)
+    end
+
+end

app/views/devise/confirmations/new.html.erb

@@ -1,16 +1,23 @@
-<% provide :title do %><%= t("devise_views.confirmations.title") %><% end %>
-<h1 class="text-center"><%= t("devise_views.confirmations.title") %></h1>
+<% provide :title do %><%= t("devise_views.confirmations.new.title") %><% end %>
+<h1 class="text-center"><%= t("devise_views.confirmations.new.title") %></h1>
 
 <%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
   <%= render 'shared/errors', resource: resource %>
 
   <div class="row">
     <div class="small-12 columns">
-      <%= f.email_field :email, autofocus: true, placeholder: t("devise_views.confirmations.email_label"), value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
+      <%= f.email_field :email, autofocus: true, placeholder: t("devise_views.confirmations.new.email_label"), value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
     </div>
 
+    <% if @requires_password %>
+        <p><%= f.password_field :password %></p>
+        <p><%= f.password_field :password_confirmation %></p>
+    <% end %>
+
+    <%= hidden_field_tag :confirmation_token,@confirmation_token %>
+
     <div class="small-12 columns">
-      <%= f.submit(t("devise_views.confirmations.submit"), class: "button radius expand") %>
+      <%= f.submit(t("devise_views.confirmations.new.submit"), class: "button radius expand") %>
     </div>
   </div>
 <% end %>

app/views/devise/confirmations/show.html.erb

@@ -0,0 +1,34 @@
+<% provide :title do %><%= t("devise_views.confirmations.show.title") %><% end %>
+<h1 class="text-center"><%= t("devise_views.confirmations.show.title") %></h1>
+
+<p><%= t('devise_views.confirmations.show.instructions_html', email: resource.email) %></p>
+
+<%= form_for(resource,
+             as: resource_name,
+             url: update_user_confirmation_path,
+             html: { method: :patch }) do |f| %>
+
+  <p><%= t('devise_views.confirmations.show.please_set_password') %></p>
+
+  <%= render 'shared/errors', resource: resource %>
+
+  <div class="row">
+    <div class="small-12 columns">
+      <%= f.password_field :password,
+        autofocus: true,
+        label: t('devise_views.confirmations.show.new_password_label') %>
+    </div>
+    <div class="small-12 columns">
+      <%= f.password_field :password_confirmation,
+        label: t('devise_views.confirmations.show.new_password_confirmation_label') %>
+    </div>
+  </div>
+
+  <%= hidden_field_tag :confirmation_token, params[:confirmation_token] %>
+
+  <div class="small-12 columns">
+    <%= f.submit(t("devise_views.confirmations.show.submit"), class: "button radius expand") %>
+  </div>
+<% end %>
+
+<%= render "devise/shared/links" %>

config/locales/activerecord.en.yml

@@ -1,5 +1,11 @@
 en:
   activerecord:
+    errors:
+      models:
+        user:
+          attributes:
+            email:
+              password_already_set: "This user already has a password"
     models:
       activity: Activity
       comment: Comment

config/locales/activerecord.es.yml

@@ -1,5 +1,11 @@
 es:
   activerecord:
+    errors:
+      models:
+        user:
+          attributes:
+            email:
+              password_already_set: "Este usuario ya tiene una clave asociada"
     models:
       activity:
         one: actividad

config/locales/devise_views.en.yml

@@ -1,9 +1,17 @@
 en:
   devise_views:
     confirmations:
-      title: "Resend confirmation instructions"
-      email_label: Email
-      submit: "Resend confirmation"
+      new:
+        title: "Resend confirmation instructions"
+        email_label: Email
+        submit: "Resend confirmation"
+      show:
+        title: "Confirm my account"
+        instructions_html: "Confirming the account with email %{email}"
+        please_set_password: "Please choose your new pasword (it will allow you to login with the email above)"
+        new_password_label: "New access password"
+        new_password_confirmation_label: "Repeat access password"
+        submit: "Confirm"
     mailer:
       confirmation_instructions:
         title: "Welcome to open government portal"

config/locales/devise_views.es.yml

@@ -1,9 +1,17 @@
 es:
   devise_views:
     confirmations:
-      title: "Reenviar instrucciones de confirmación"
-      email_label: Email
-      submit: "Reenviar instrucciones"
+      new:
+        title: "Reenviar instrucciones de confirmación"
+        email_label: Email
+        submit: "Reenviar instrucciones"
+      show:
+        title: "Confirmar mi cuenta"
+        instructions_html: "Vamos a proceder a confirmar la cuenta con el email <b>%{email}</b>"
+        please_set_password: "Por favor introduce una nueva clave de acceso para su cuenta (te permitirá hacer login con el email de más arriba)"
+        new_password_label: "Nueva clave de acceso"
+        new_password_confirmation_label: "Repite la clave de nuevo"
+        submit: "Confirmar"
     mailer:
       confirmation_instructions:
         title: "Te damos la bienvenida al Portal de Gobierno Abierto del Ayuntamiento de Madrid"

config/routes.rb

@@ -1,7 +1,13 @@
 Rails.application.routes.draw do
+
+  as :user do
+      match '/user/confirmation' => 'users/confirmations#update', :via => :patch, :as => :update_user_confirmation
+  end
+
   devise_for :users, controllers: {
                        registrations: 'users/registrations',
                        sessions: 'users/sessions',
+                       confirmations: 'users/confirmations',
                        omniauth_callbacks: 'users/omniauth_callbacks'
                      }
   devise_for :organizations, class_name: 'User',