New user Registration, Confirmation and session management workflow

app/controllers/gobierto_admin/users_controller.rb

@@ -53,6 +53,8 @@ def ignored_user_attributes
  last_sign_in_at
  source_site_id
  census_verified
+ year_of_birth
+ gender
  )
  end
  end

app/controllers/user/confirmation_requests_controller.rb

@@ -0,0 +1,27 @@
+class User::ConfirmationRequestsController < User::BaseController
+ before_action :require_no_authentication
+
+ def new
+ @user_confirmation_request_form = User::ConfirmationRequestForm.new
+ end
+
+ def create
+ @user_confirmation_request_form = User::ConfirmationRequestForm.new(
+ user_confirmation_request_params.merge(site: current_site)
+ )
+
+ if @user_confirmation_request_form.save
+ flash.now[:notice] = "Please check your inbox to get instructions."
+ else
+ flash.now[:alert] = "The email address specified doesn't seem to be valid."
+ end
+
+ render :new
+ end
+
+ private
+
+ def user_confirmation_request_params
+ params.require(:user_confirmation_request).permit(:email)
+ end
+end

app/controllers/user/confirmations_controller.rb

@@ -2,48 +2,56 @@ class User::ConfirmationsController < User::BaseController
  before_action :require_no_authentication
 
  def new
- @user_confirmation_form = User::ConfirmationForm.new
+ @user_confirmation_form = User::ConfirmationForm.new(
+ confirmation_token: params[:confirmation_token]
+ )
+ @user_genders = get_user_genders
+ @user_years_of_birth = get_user_years_of_birth
+
+ unless @user_confirmation_form.user
+ redirect_to root_path, alert: t(".error")
+ end
  end
 
  def create
  @user_confirmation_form = User::ConfirmationForm.new(
- user_confirmation_params.merge(site: current_site)
+ user_confirmation_params
  )
 
  if @user_confirmation_form.save
- flash.now[:notice] = "Please check your inbox to get instructions."
- else
- flash.now[:alert] = "The email address specified doesn't seem to be valid."
- end
+ user = @user_confirmation_form.user
 
- render :new
- end
-
- def show
- # TODO. Consider extracting this logic into a service object.
- #
- user = User.find_by_confirmation_token(params[:confirmation_token])
-
- if user
- user.confirm!
  user.update_session_data(remote_ip)
- deliver_welcome_email
  sign_in_user(user.id)
 
- redirect_to(after_sign_in_path, notice: "Signed in successfully.")
+ redirect_to after_sign_in_path, notice: t(".success")
  else
- flash.now[:alert] = "This URL doesn't seem to be valid."
- redirect_to root_path
+ @user_genders = get_user_genders
+ @user_years_of_birth = get_user_years_of_birth
+
+ flash.now[:alert] = t(".error")
+ render :new
  end
  end
 
  private
 
  def user_confirmation_params
- params.require(:user_confirmation).permit(:email)
+ params.require(:user_confirmation).permit(
+ :confirmation_token,
+ :name,
+ :password,
+ :password_confirmation,
+ :year_of_birth,
+ :gender
+ )
+ end
+
+ def get_user_genders
+ User.genders
  end
 
- def deliver_welcome_email
- User::UserMailer.welcome(user, current_site).deliver_later
+ def get_user_years_of_birth
+ (100.years.ago.year..10.years.ago.year).to_a.reverse
  end
 end

app/controllers/user/passwords_controller.rb

@@ -11,12 +11,12 @@ def create
  )
 
  if @user_password_form.save
- flash.now[:notice] = "Please check your inbox to get instructions."
+ flash[:notice] = t(".success")
  else
- flash.now[:alert] = "The email address specified doesn't seem to be valid."
+ flash[:alert] = t(".error")
  end
 
- render :new
+ redirect_to new_user_sessions_path
  end
 
  def edit
@@ -25,8 +25,7 @@ def edit
  if user
  @user_password_form = User::EditPasswordForm.new(user_id: user.id)
  else
- flash.now[:alert] = "This URL doesn't seem to be valid."
- redirect_to user_root_path
+ redirect_to user_root_path, alert: t(".error")
  end
  end
 
@@ -42,9 +41,9 @@ def update
  user.update_session_data(remote_ip)
  sign_in_user(user.id)
 
- redirect_to(after_sign_in_path, notice: "Signed in successfully.")
+ redirect_to after_sign_in_path, notice: t(".success")
  else
- flash[:notice] = "There was a problem changing your password."
+ flash.now[:notice] = t(".error")
  render :edit
  end
  end

app/controllers/user/registrations_controller.rb

@@ -1,31 +1,23 @@
 class User::RegistrationsController < User::BaseController
  before_action :require_no_authentication
 
- def new
- @user_registration_form = User::RegistrationForm.new
- end
-
  def create
  @user_registration_form = User::RegistrationForm.new(
  user_registration_params.merge(site: current_site, creation_ip: remote_ip)
  )
 
  if @user_registration_form.save
- redirect_to root_path, notice: "Please check your inbox for confirmation."
+ flash[:notice] = t(".success")
  else
- flash.now[:alert] = "The data you entered doesn't seem to be valid. Please try again."
- render :new
+ flash[:alert] = t(".error")
  end
+
+ redirect_to new_user_sessions_path
  end
 
  private
 
  def user_registration_params
- params.require(:user_registration).permit(
- :email,
- :name,
- :password,
- :password_confirmation
- )
+ params.require(:user_registration).permit(:email)
  end
 end

app/controllers/user/sessions_controller.rb

@@ -2,29 +2,38 @@ class User::SessionsController < User::BaseController
  before_action :authenticate_user!, only: [:destroy]
  before_action :require_no_authentication, only: [:new, :create]
 
- def new; end
+ def new
+ @user_session_form = User::SessionForm.new
+ @user_registration_form = User::RegistrationForm.new
+ @user_password_form = User::NewPasswordForm.new
+ end
 
  def create
- user = User.confirmed.find_by(email: session_params[:email].downcase)
+ @user_session_form = User::SessionForm.new(user_session_params)
+
+ if @user_session_form.save
+ user = @user_session_form.user
 
- if user.try(:authenticate, session_params[:password])
  user.update_session_data(remote_ip)
  sign_in_user(user.id)
- redirect_to(after_sign_in_path, notice: "Signed in successfully.")
+ redirect_to after_sign_in_path, notice: t(".success")
  else
- flash.now[:alert] = "The data you entered doesn't seem to be valid. Please try again."
+ @user_registration_form = User::RegistrationForm.new
+ @user_password_form = User::NewPasswordForm.new
+
+ flash.now[:alert] = t(".error")
  render :new
  end
  end
 
  def destroy
  sign_out_user
- redirect_to(after_sign_out_path, notice: "Signed out successfully.")
+ redirect_to after_sign_out_path, notice: t(".success")
  end
 
  private
 
- def session_params
- params.require(:session).permit(:email, :password)
+ def user_session_params
+ params.require(:user_session).permit(:email, :password)
  end
 end

app/forms/gobierto_admin/admin_form.rb

@@ -19,7 +19,8 @@ class AdminForm
 
  delegate :persisted?, to: :admin
 
- validates :password, confirmation: true
+ validates :name, :email, presence: true
+ validates :password, presence: true, confirmation: true
 
  def save
  return false unless valid?

app/forms/gobierto_admin/user_form.rb

@@ -12,6 +12,7 @@ class UserForm
  delegate :persisted?, to: :user
 
  validates :user, presence: true
+ validates :name, :email, presence: true
 
  def save
  return false unless valid?

app/forms/user/confirmation_form.rb

@@ -1,29 +1,69 @@
 class User::ConfirmationForm
  include ActiveModel::Model
 
- attr_accessor :email, :site
+ attr_accessor(
+ :confirmation_token,
+ :name,
+ :password,
+ :password_confirmation,
+ :year_of_birth,
+ :gender
+ )
  attr_reader :user
 
- validates :email, :site, :user, presence: true
+ validates :name, :year_of_birth, :gender, presence: true
+ validates :password, presence: true, confirmation: true
+ validates :user, presence: true
 
  def save
- send_confirmation_email if valid?
+ return false unless valid?
+
+ confirm_user if save_user
  end
 
  def user
- @user ||= User.find_by(email: email)
+ @user ||= User.find_by_confirmation_token(confirmation_token)
+ end
+
+ def email
+ @email ||= user.email
  end
 
  private
 
- def send_confirmation_email
- user.regenerate_confirmation_token
- deliver_confirmation_email
+ def save_user
+ @user = user.tap do |user_attributes|
+ user_attributes.name = name
+ user_attributes.password = password
+ user_attributes.year_of_birth = year_of_birth
+ user_attributes.gender = gender
+ end
+
+ if @user.valid?
+ @user.save
+
+ @user
+ else
+ promote_errors(@user.errors)
+
+ false
+ end
+ end
+
+ def confirm_user
+ user.confirm!
+ deliver_welcome_email
  end
 
  protected
 
- def deliver_confirmation_email
- User::UserMailer.confirmation_instructions(user, site).deliver_later
+ def promote_errors(errors_hash)
+ errors_hash.each do |attribute, message|
+ errors.add(attribute, message)
+ end
+ end
+
+ def deliver_welcome_email
+ User::UserMailer.welcome(user, user.source_site).deliver_later
  end
 end

app/forms/user/confirmation_request_form.rb

@@ -0,0 +1,29 @@
+class User::ConfirmationRequestForm
+ include ActiveModel::Model
+
+ attr_accessor :email, :site
+ attr_reader :user
+
+ validates :email, :site, :user, presence: true
+
+ def save
+ send_confirmation_email if valid?
+ end
+
+ def user
+ @user ||= User.find_by(email: email)
+ end
+
+ private
+
+ def send_confirmation_email
+ user.regenerate_confirmation_token
+ deliver_confirmation_email
+ end
+
+ protected
+
+ def deliver_confirmation_email
+ User::UserMailer.confirmation_instructions(user, site).deliver_later
+ end
+end

app/forms/user/registration_form.rb

@@ -3,15 +3,11 @@ class User::RegistrationForm
 
  attr_accessor(
  :email,
- :name,
- :password,
- :password_confirmation,
  :site,
  :creation_ip
  )
 
- validates :email, :name, :password, :site, presence: true
- validates :password, confirmation: true
+ validates :email, :site, presence: true
 
  def save
  return false unless valid?
@@ -27,9 +23,7 @@ def user
 
  def save_user
  @user = user.tap do |user_attributes|
- user_attributes.name = name
  user_attributes.email = email
- user_attributes.password = password
  user_attributes.source_site = site
  user_attributes.creation_ip = creation_ip
  end