7ca55c44e0
Having exceptions is better than having silent bugs.
There are a few methods I've kept the same way they were.
The `RelatedContentScore#score_with_opposite` method is a bit peculiar:
it creates scores for both itself and the opposite related content,
which means the opposite related content will try to create the same
scores as well.
We've already got a test to check `Budget::Ballot#add_investment` when
creating a line fails ("Edge case voting a non-elegible investment").
Finally, the method `User#send_oauth_confirmation_instructions` doesn't
update the record when the email address isn't already present, leading
to the test "Try to register with the email of an already existing user,
when an unconfirmed email was provided by oauth" fo fail if we raise an
exception for an invalid user. That's because updating a user's email
doesn't update the database automatically, but instead a confirmation
email is sent.
There are also a few false positives for classes which don't have bang
methods (like the GraphQL classes) or destroying attachments.
For these reasons, I'm adding the rule with a "Refactor" severity,
meaning it's a rule we can break if necessary.
60 lines
2.2 KiB
Ruby
60 lines
2.2 KiB
Ruby
class Users::ConfirmationsController < Devise::ConfirmationsController
|
|
|
|
# new action, PATCH does not exist in the default Devise::ConfirmationsController
|
|
# PATCH /resource/confirmation
|
|
def update
|
|
self.resource = resource_class.find_by(confirmation_token: params[:confirmation_token])
|
|
|
|
if resource.encrypted_password.blank?
|
|
resource.assign_attributes(resource_params)
|
|
|
|
if resource.valid? # password is set correctly
|
|
resource.save!
|
|
set_official_position if resource.has_official_email?
|
|
resource.confirm
|
|
set_flash_message(:notice, :confirmed) if is_flashing_format?
|
|
sign_in_and_redirect(resource_name, resource)
|
|
else
|
|
render :show
|
|
end
|
|
else
|
|
resource.errors.add(:email, :password_already_set)
|
|
respond_with_navigational(resource.errors, status: :unprocessable_entity) { render :new }
|
|
end
|
|
end
|
|
|
|
# GET /resource/confirmation?confirmation_token=abcdef
|
|
def show
|
|
# In the default implementation, this already confirms the resource:
|
|
# self.resource = self.resource = resource_class.confirm_by_token(params[:confirmation_token])
|
|
self.resource = resource_class.find_by!(confirmation_token: params[:confirmation_token])
|
|
|
|
yield resource if block_given?
|
|
|
|
# New condition added to if: when no password was given, display the "show" view (which uses "update" above)
|
|
if resource.encrypted_password.blank?
|
|
respond_with_navigational(resource) { render :show }
|
|
elsif resource.errors.empty?
|
|
set_official_position if resource.has_official_email?
|
|
resource.confirm # Last change: confirm happens here for people with passwords instead of af the top of the show action
|
|
set_flash_message(:notice, :confirmed) if is_flashing_format?
|
|
respond_with_navigational(resource) { redirect_to after_confirmation_path_for(resource_name, resource) }
|
|
else
|
|
respond_with_navigational(resource.errors, status: :unprocessable_entity) { render :new }
|
|
end
|
|
end
|
|
|
|
protected
|
|
|
|
def resource_params
|
|
params.require(resource_name).permit(:password, :password_confirmation, :email)
|
|
end
|
|
|
|
private
|
|
|
|
def set_official_position
|
|
resource.add_official_position! (Setting["official_level_1_name"]), 1
|
|
end
|
|
|
|
end
|