Merge pull request #112 from tms-phillips/bug/issue-108

Bug/issue 108

Author: weex

app/assets/stylesheets/login.scss

@@ -1,7 +1,8 @@
 .page-sessions.action-new,
 .page-sessions.action-create,
 .page-passwords.action-new,
-.page-passwords.action-edit {
+.page-passwords.action-edit,
+.page-confirmations.action-new {
   padding-top: 25px;
 
   .logos-asterisk {

app/controllers/confirmations_controller.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class ConfirmationsController < Devise::ConfirmationsController
+  before_action :require_unconfirmed!
+
+  def new
+    super
+
+    resource.email = current_user.unconfirmed_email || current_user.email if user_signed_in?
+  end
+
+  private
+
+  def require_unconfirmed!
+    if user_signed_in? && current_user.confirmed? && current_user.unconfirmed_email.blank?
+      redirect_to getting_started_path
+    end
+  end
+
+  def after_confirmation_path_for(_resource_name, resource)
+    sign_in(resource)
+    getting_started_path
+  end
+
+  def after_resending_confirmation_instructions_path_for(_resource_name)
+    login_path
+  end
+
+end

app/controllers/people_controller.rb

@@ -15,8 +15,7 @@ class PeopleController < ApplicationController
   respond_to :json, :only => [:index, :show]
 
   rescue_from ActiveRecord::RecordNotFound do
-    render :file => Rails.root.join('public', '404').to_s,
-           :format => :html, :layout => false, :status => 404
+    head :not_found
   end
 
   rescue_from Diaspora::AccountClosed do

app/controllers/registrations_controller.rb

@@ -6,33 +6,53 @@
 
 class RegistrationsController < Devise::RegistrationsController
   before_action :check_registrations_open_or_valid_invite!, except: :registrations_closed
-
+  before_action :configure_sign_up_params, only: [:create]
   layout -> { request.format == :mobile ? "application" : "with_header_with_footer" }
 
   def create
-    @user = User.build(user_params)
-
-    if @user.sign_up
-      flash[:notice] = t("registrations.create.success")
-      @user.process_invite_acceptence(invite) if invite.present?
-      @user.seed_aspects
-      @user.send_welcome_message
-      WelcomeMailer.send_welcome_email(@user).deliver_now
-      sign_in_and_redirect(:user, @user)
-      logger.info "event=registration status=successful user=#{@user.diaspora_handle}"
-    else
-      @user.errors.delete(:person)
-
-      flash.now[:error] = @user.errors.full_messages.join(" - ")
-      logger.info "event=registration status=failure errors='#{@user.errors.full_messages.join(', ')}'"
-      render action: "new"
+    build_resource(sign_up_params)
+    raise unless resource.check_and_verify_captcha?
+    super
+    if resource.persisted?
+      resource.process_invite_acceptence(invite) if invite.present?
+      resource.seed_aspects
     end
+  rescue
+    resource.errors.delete(:person)
+    flash.now[:error] = resource.errors.full_messages.join(" - ")
+    logger.info "event=registration status=failure errors='#{resource.errors.full_messages.join(', ')}'"
+    render action: "new"
   end
 
   def registrations_closed
     render "registrations/registrations_closed"
   end
 
+  protected
+
+  def build_resource(hash = nil)
+    super(hash)
+    return if hash.nil? # return for 'new'
+    resource.language = hash[:language]
+    resource.language ||= I18n.locale.to_s
+    resource.color_theme = hash[:color_theme]
+    resource.color_theme ||= AppConfig.settings.default_color_theme
+    resource.set_person(Person.new((hash[:person] || {}).except(:id)))
+    resource.generate_keys
+    resource.valid?
+    errors = resource.errors
+    errors.delete :person
+    return if errors.size > 0
+  end
+
+  def configure_sign_up_params
+    devise_parameter_sanitizer.permit(:sign_up, keys: [:username, :email, :getting_started, :password, :password_confirmation, :language, :disable_mail, :show_community_spotlight_in_stream, :auto_follow_back, :auto_follow_back_aspect_id, :remember_me, :captcha, :captcha_key])
+  end
+
+  def after_inactive_sign_up_path_for(_resource)
+    login_path
+  end
+
   private
 
   def check_registrations_open_or_valid_invite!
@@ -48,11 +68,4 @@ def invite
 
   helper_method :invite
 
-  def user_params
-    params.require(:user).permit(
-      :username, :email, :getting_started, :password, :password_confirmation, :language, :disable_mail,
-      :show_community_spotlight_in_stream, :auto_follow_back, :auto_follow_back_aspect_id,
-      :remember_me, :captcha, :captcha_key
-    )
-  end
 end

app/helpers/sessions_helper.rb

@@ -18,6 +18,10 @@ def display_password_reset_link?
     AppConfig.mail.enable? && devise_mapping.recoverable? && controller_name != "passwords"
   end
 
+  def display_confirmation_link?
+    devise_mapping.confirmable? && controller_name != "confirmations"
+  end
+
   def flash_class(name)
     {notice: "success", alert: "danger", error: "danger"}[name.to_sym]
   end

app/models/user.rb

@@ -28,7 +28,7 @@ class User < ApplicationRecord
          otp_backup_code_length:     16,
          otp_number_of_backup_codes: 10
 
-  devise :registerable,
+  devise :registerable, :confirmable,
          :recoverable, :rememberable, :trackable, :validatable,
          :lockable, :lastseenable, :lock_strategy => :none, :unlock_strategy => :none
 
@@ -117,6 +117,7 @@ def unread_message_count
   def process_invite_acceptence(invite)
     self.invited_by = invite.user
     invite.use! unless AppConfig.settings.enable_registrations?
+    save
   end
 
   def invitation_code
@@ -550,6 +551,10 @@ def closed_account?
     person.closed_account
   end
 
+  def postpone_email_change?
+     false
+  end
+
   def clear_account!
     clearable_fields.each do |field|
       self[field] = nil
@@ -579,6 +584,10 @@ def sign_up
     end
   end
 
+  def check_and_verify_captcha?
+    AppConfig.settings.captcha.enable? ? valid_with_captcha? : true
+  end
+
   def flag_for_removal(remove_after)
     # flag inactive user for future removal
     if AppConfig.settings.maintenance.remove_old_users.enable?
@@ -599,13 +608,20 @@ def remember_me
     true
   end
 
+  protected
+
+  def after_confirmation
+    self.send_welcome_message
+    WelcomeMailer.send_welcome_email(self).deliver_now
+  end
+
   private
 
   def clearable_fields
     attributes.keys - %w(id username encrypted_password created_at updated_at locked_at
                          serialized_private_key getting_started
                          disable_mail show_community_spotlight_in_stream
                          strip_exif email remove_after export exporting
-                         exported_photos_file exporting_photos)
+                         exported_photos_file exporting_photos confirmed_at)
   end
 end

app/views/confirmations/_form.haml

@@ -0,0 +1,26 @@
+= form_for resource, as:           resource_name,
+                     url:          confirmation_path(resource_name),
+                     html:         {method: :post, class: "block-form"},
+                     autocomplete: "off" do |f|
+  %fieldset
+    - if mobile
+      %legend
+        = image_tag("branding/logos/header-logo2x.png", height: 40, width: 40)
+        = AppConfig.settings.pod_name
+
+    - if mobile
+      = f.label :email, t("registrations.new.email"), class: "control-label", id: "emailLabel"
+    - else
+      = f.label :email, t("registrations.new.email"), class: "sr-only control-label", id: "emailLabel"
+      %i.entypo-mail
+    = f.email_field :email,
+                    autofocus:   true,
+                    class:       "input-block-level form-control",
+                    data:        {content: t("users.edit.your_email_private")},
+                    placeholder: t("registrations.new.email"),
+                    required:    true,
+                    title:       t("registrations.new.enter_email"),
+                    aria:        {labelledby: "emailLabel"}
+
+
+  = f.submit t("devise.confirmations.new.resend_confirmation"), class: "btn btn-large btn-block btn-primary"

app/views/confirmations/new.haml

@@ -0,0 +1,17 @@
+- content_for :page_title do
+  = AppConfig.settings.pod_name + " - " + t('devise.confirmations.new.resend_confirmation')
+
+.container#login
+  .text-center
+    .logos-asterisk
+    %h1
+      = AppConfig.settings.pod_name
+
+  = render partial: "form", locals: {mobile: false}
+
+  .text-center
+    - if display_password_reset_link?
+      = link_to t('devise.shared.links.forgot_your_password'), new_password_path(resource_name), id: "forgot_password_link"
+      %br
+    - if display_registration_link?
+      = link_to t('devise.shared.links.sign_up'), new_registration_path(resource_name)

app/views/confirmations/new.mobile.haml

@@ -0,0 +1,20 @@
+.stream#main-stream
+  - flash.each do |name, msg|
+    .expose#flash-container
+      .flash-message{class: "message alert alert-#{flash_class name}", role: "alert"}
+        = msg
+
+  .login-form
+    .login-container
+      = render partial: "form", locals: {mobile: true}
+
+%footer.footer
+  %ul
+    - if display_password_reset_link?
+      %li
+        = link_to t("devise.shared.links.forgot_your_password"),
+          new_password_path(resource_name),
+          id: "forgot_password_link"
+    - if display_registration_link?
+      %li= link_to t("devise.shared.links.sign_up"), new_registration_path(resource_name)
+    %li= link_to t("layouts.application.switch_to_standard_mode"), toggle_mobile_path

app/views/sessions/new.html.haml

@@ -10,6 +10,11 @@
   = render partial: "form", locals: {mobile: false}
 
   .text-center
+    - if display_confirmation_link?
+      = link_to t('devise.shared.links.receive_confirmation'), new_confirmation_path(resource_name)
+      %br
+      OR
+      %br
     - if display_password_reset_link?
       = link_to t('devise.shared.links.forgot_your_password'), new_password_path(resource_name), id: "forgot_password_link"
       %br

app/views/sessions/new.mobile.haml

@@ -14,6 +14,9 @@
 
 %footer.footer
   %ul
+    - if display_confirmation_link?
+      %li= link_to t('devise.shared.links.receive_confirmation'), new_confirmation_path(resource_name)
+      OR
     - if display_password_reset_link?
       %li
         = link_to t("devise.shared.links.forgot_your_password"),

config/routes.rb

@@ -125,10 +125,12 @@
     get :recovery_codes
   end
 
-  devise_for :users, controllers: {sessions: :sessions}, skip: :registration
+  devise_for :users, controllers: { sessions:      :sessions,
+                                    registrations: :registrations,
+                                    confirmations: :confirmations }
   devise_scope :user do
-    get "/users/sign_up" => "registrations#new",    :as => :new_user_registration
-    post "/users"        => "registrations#create", :as => :user_registration
+    get "/users/sign_up" => "registrations#new"
+    get "/users/sign_in" => "sessions#new"
     get "/registrations_closed" => "registrations#registrations_closed", :as => :registrations_closed
   end
 

db/migrate/20211231083325_add_confirmable_to_users.rb

@@ -0,0 +1,15 @@
+class AddConfirmableToUsers < ActiveRecord::Migration[5.2]
+
+   def up
+    add_column :users, :confirmation_token, :string
+    add_column :users, :confirmed_at, :datetime
+    add_column :users, :confirmation_sent_at, :datetime
+    add_index :users, :confirmation_token, unique: true
+    execute("UPDATE users SET confirmed_at = NOW()")
+  end
+
+  def down
+    remove_columns :users, :confirmation_token, :confirmed_at, :confirmation_sent_at
+  end
+
+end

features/desktop/getting_started.feature

@@ -5,6 +5,9 @@ Feature: new user registration
     When I go to the new user registration page
     And I fill in the new user form
     And I submit the form
+    And confirm the user "ohai"
+    Then I should be on the new user session page
+    When I sign in manually as "ohai" with password "secret"
     Then I should be on the getting started page
     Then I should see the 'getting started' contents
 

features/desktop/invitations.feature

@@ -10,6 +10,9 @@ Feature: Invitations
     And I am on my acceptance form page
     And I fill in the new user form
     And I press "Create account"
+    And confirm the user "ohai"
+    Then I should be on the new user session page
+    When I sign in manually as "ohai" with password "secret"
     Then I should be on the getting started page
     And I should see "Well, hello there!"
     When I fill in the following:
@@ -23,6 +26,9 @@ Feature: Invitations
     And I am on my acceptance form page
     And I fill in the new user form
     And I press "Create account"
+    And confirm the user "ohai"
+    Then I should be on the new user session page
+    When I sign in manually as "ohai" with password "secret"
     Then I should be on the getting started page
     And I should see "Well, hello there!"
     And I should be able to friend "[email protected]"

features/desktop/registrations.feature

@@ -8,6 +8,9 @@ Feature: New user registration
     Given I am on the new user registration page
     When I fill in the new user form
     And I press "Create account"
+    And confirm the user "ohai"
+    Then I should be on the new user session page
+    When I sign in manually as "ohai" with password "secret"
     Then I should be on the getting started page
     And I should see the 'getting started' contents
 
@@ -21,4 +24,4 @@ Feature: New user registration
     When I fill in the new user form
     Given the registrations are closed
     When I press "Create account"
-    Then I should see "Open signups are closed at this time"
+    Then I should see "Open signups are closed at this time"

features/mobile/getting_started.feature

@@ -6,6 +6,9 @@ Feature: editing the getting started in the mobile view
     When I follow "Create account" within ".navbar"
     And I fill in the new user form
     And I submit the form
+    And confirm the user "ohai"
+    Then I should be on the new user session page
+    And I sign in manually as "ohai" with password "secret" on the mobile website
     Then I should be on the getting started page
     Then I should see the 'getting started' contents
 

features/mobile/invitations.feature

@@ -10,6 +10,9 @@ Feature: Invitations
     And I am on my acceptance form page
     When I fill in the new user form
     And I press "Create account"
+    And confirm the user "ohai"
+    Then I should be on the new user session page
+    And I sign in manually as "ohai" with password "secret" on the mobile website
     Then I should see the "welcome to diaspora" message
     And I should be able to friend "[email protected]"
     When I select "Family" from "user_aspects" within "#hello-there"