diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 46daba2d..2e361097 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class UsersController < ApplicationController - load_and_authorize_resource :user, only: %i[index edit update destroy resend_reset_password] + load_and_authorize_resource :user, only: %i[index edit update destroy] before_action :build_user, only: %i[new create] authorize_resource :user, only: %i[new create] @@ -71,13 +71,6 @@ class UsersController < ApplicationController redirect_back fallback_location: settings_users_path, notice: I18n.t('user_has_been_removed') end - def resend_reset_password - current_user.send_reset_password_instructions - - redirect_back fallback_location: settings_users_path, - notice: I18n.t('you_will_receive_an_email_with_password_reset_instructions_in_a_few_minutes') - end - private def role_valid?(role) diff --git a/app/controllers/users_send_reset_password_controller.rb b/app/controllers/users_send_reset_password_controller.rb new file mode 100644 index 00000000..e75695af --- /dev/null +++ b/app/controllers/users_send_reset_password_controller.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +class UsersSendResetPasswordController < ApplicationController + load_and_authorize_resource :user + + LIMIT_DURATION = 10.minutes + + def update + authorize!(:manage, @user) + + if @user.reset_password_sent_at && @user.reset_password_sent_at > LIMIT_DURATION.ago + redirect_back fallback_location: settings_users_path, notice: I18n.t('email_has_been_sent_already') + else + @user.send_reset_password_instructions + + redirect_back fallback_location: settings_users_path, + notice: I18n.t('you_will_receive_an_email_with_password_reset_instructions_in_a_few_minutes') + end + end +end diff --git a/app/javascript/application.js b/app/javascript/application.js index 0352f3f9..7b51186d 100644 --- a/app/javascript/application.js +++ b/app/javascript/application.js @@ -39,7 +39,6 @@ import RequiredCheckboxGroup from './elements/required_checkbox_group' import PageContainer from './elements/page_container' import EmailEditor from './elements/email_editor' import MountOnClick from './elements/mount_on_click' -import VisibleOnInput from './elements/visible_on_input' import * as TurboInstantClick from './lib/turbo_instant_click' @@ -114,7 +113,6 @@ safeRegisterElement('required-checkbox-group', RequiredCheckboxGroup) safeRegisterElement('page-container', PageContainer) safeRegisterElement('email-editor', EmailEditor) safeRegisterElement('mount-on-click', MountOnClick) -safeRegisterElement('visible-on-input', VisibleOnInput) safeRegisterElement('template-builder', class extends HTMLElement { connectedCallback () { diff --git a/app/javascript/elements/visible_on_input.js b/app/javascript/elements/visible_on_input.js deleted file mode 100644 index 37292173..00000000 --- a/app/javascript/elements/visible_on_input.js +++ /dev/null @@ -1,14 +0,0 @@ -export default class extends HTMLElement { - connectedCallback () { - this.input = document.getElementById(this.dataset.inputId) - - this.input.addEventListener('input', () => { - if (this.input.value.trim().length > 0) { - this.classList.remove('hidden') - } else { - this.classList.add('hidden') - this.querySelectorAll('input').forEach(input => { input.value = '' }) - } - }) - } -} diff --git a/app/views/profile/index.html.erb b/app/views/profile/index.html.erb index 90a2475a..38461675 100644 --- a/app/views/profile/index.html.erb +++ b/app/views/profile/index.html.erb @@ -54,12 +54,10 @@

<%= t('change_password') %>

- <%= form_for current_user, url: update_password_settings_profile_index_path, method: :patch, html: { autocomplete: 'off', class: 'space-y-4' } do |f| %> -
- <%= f.label :password, t('new_password'), class: 'label' %> - <%= f.password_field :password, autocomplete: 'off', class: 'base-input' %> -
- + <%= form_for current_user, url: update_password_settings_profile_index_path, method: :patch, html: { autocomplete: 'off' } do |f| %> + <%= f.label :password, t('new_password'), class: 'label' %> + <%= f.password_field :password, autocomplete: 'off', class: 'base-input peer w-full', required: true %> +
<%= f.label :password_confirmation, t('confirm_password'), class: 'label' %> <%= f.password_field :password_confirmation, autocomplete: 'off', class: 'base-input' %> @@ -67,16 +65,18 @@
<%= f.label :current_password, t('current_password'), class: 'label' %> <%= f.password_field :current_password, autocomplete: 'current-password', class: 'base-input' %> - - <%= t('dont_remember_your_current_password_click_here_to_reset_it_html', link: new_user_password_url) %> - + <% if Accounts.can_send_emails?(current_account) %> + + <%= t('dont_remember_your_current_password_click_here_to_reset_it_html', link: new_user_password_url) %> + + <% end %>
<%= f.button button_title(title: t('update'), disabled_with: t('updating')), class: 'base-button' %>
- +
<% end %> - <%= button_to nil, resend_reset_password_users_path, id: 'resend_password_button', class: 'hidden', data: { turbo_confirm: t('are_you_sure_') } %> + <%= button_to nil, user_send_reset_password_path(current_user), id: 'resend_password_button', method: :put, class: 'hidden', data: { turbo_confirm: t('are_you_sure_') } %>

<%= t('two_factor_authentication') %>

diff --git a/config/routes.rb b/config/routes.rb index ecf1c3ed..1947b4b4 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -66,7 +66,7 @@ Rails.application.routes.draw do resource :newsletter, only: %i[show update] resources :enquiries, only: %i[create] resources :users, only: %i[new create edit update destroy] do - post :resend_reset_password, on: :collection + resource :send_reset_password, only: %i[update], controller: 'users_send_reset_password' end resource :user_signature, only: %i[edit update destroy] resource :user_initials, only: %i[edit update destroy]