dkam/clinch
1
0
Fork 0
Code Issues 2 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Some more tests. Fix invitation link and password reset links. After creating their account and setting a password, the user is logged in
Some checks failed
CI / scan_ruby (push) Has been cancelled
Details
CI / scan_js (push) Has been cancelled
Details
CI / lint (push) Has been cancelled
Details
CI / test (push) Has been cancelled
Details
CI / system-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Dan Milne
2025-10-26 23:09:38 +11:00
parent 8dd3e60071
commit 431e947a4c
4 changed files with 20 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/invitations_controller.rb
View File

@@ -1,4 +1,5 @@
class InvitationsController < ApplicationController
include Authentication
allow_unauthenticated_access
before_action :set_user_by_invitation_token, only: %i[ show update ]
@@ -10,7 +11,8 @@ class InvitationsController < ApplicationController
if @user.update(params.permit(:password, :password_confirmation))
@user.update!(status: :active)
@user.sessions.destroy_all
redirect_to new_session_path, notice: "Your account has been set up successfully. Please sign in."
start_new_session_for @user
redirect_to root_path, notice: "Your account has been set up successfully. Welcome!"
else
redirect_to invite_path(params[:token]), alert: "Passwords did not match."
end
@@ -19,7 +21,7 @@ class InvitationsController < ApplicationController
private
def set_user_by_invitation_token
@user = User.find_by_invitation_login_token!(params[:token])
@user = User.find_by_token_for(:invitation_login, params[:token])
# Check if user is still pending invitation
unless @user.pending_invitation?

2
app/controllers/passwords_controller.rb
View File

@@ -28,7 +28,7 @@ class PasswordsController < ApplicationController
private
def set_user_by_token
@user = User.find_by_password_reset_token!(params[:token])
@user = User.find_by_token_for(:password_reset, params[:token])
rescue ActiveSupport::MessageVerifier::InvalidSignature
redirect_to new_password_path, alert: "Password reset link is invalid or has expired."
end

4
app/models/user.rb
View File

@@ -11,9 +11,11 @@ class User < ApplicationRecord
generates_token_for :invitation_login, expires_in: 24.hours do
updated_at
end
generates_token_for :password_reset, expires_in: 1.hour do
generates_token_for :password_reset, expires_in: 1.hour do
updated_at
end
generates_token_for :magic_login, expires_in: 15.minutes do
last_sign_in_at
end