From 284204fd7830db4017187e0eea9c67dd53a54eb2 Mon Sep 17 00:00:00 2001
From: Pete Matsyburka <pete@docuseal.com>
Date: Sat, 6 Sep 2025 09:52:35 +0300
Subject: [PATCH] refactor, use invalid class

---
 app/controllers/users_controller.rb           |  9 +-------
 .../users_send_reset_password_controller.rb   | 20 +++++++++++++++++
 app/javascript/application.js                 |  2 --
 app/javascript/elements/visible_on_input.js   | 14 ------------
 app/views/profile/index.html.erb              | 22 +++++++++----------
 config/routes.rb                              |  2 +-
 6 files changed, 33 insertions(+), 36 deletions(-)
 create mode 100644 app/controllers/users_send_reset_password_controller.rb
 delete mode 100644 app/javascript/elements/visible_on_input.js

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 46daba2d..2e361097 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class UsersController < ApplicationController
-  load_and_authorize_resource :user, only: %i[index edit update destroy resend_reset_password]
+  load_and_authorize_resource :user, only: %i[index edit update destroy]
 
   before_action :build_user, only: %i[new create]
   authorize_resource :user, only: %i[new create]
@@ -71,13 +71,6 @@ class UsersController < ApplicationController
     redirect_back fallback_location: settings_users_path, notice: I18n.t('user_has_been_removed')
   end
 
-  def resend_reset_password
-    current_user.send_reset_password_instructions
-
-    redirect_back fallback_location: settings_users_path,
-                  notice: I18n.t('you_will_receive_an_email_with_password_reset_instructions_in_a_few_minutes')
-  end
-
   private
 
   def role_valid?(role)
diff --git a/app/controllers/users_send_reset_password_controller.rb b/app/controllers/users_send_reset_password_controller.rb
new file mode 100644
index 00000000..e75695af
--- /dev/null
+++ b/app/controllers/users_send_reset_password_controller.rb
@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class UsersSendResetPasswordController < ApplicationController
+  load_and_authorize_resource :user
+
+  LIMIT_DURATION = 10.minutes
+
+  def update
+    authorize!(:manage, @user)
+
+    if @user.reset_password_sent_at && @user.reset_password_sent_at > LIMIT_DURATION.ago
+      redirect_back fallback_location: settings_users_path, notice: I18n.t('email_has_been_sent_already')
+    else
+      @user.send_reset_password_instructions
+
+      redirect_back fallback_location: settings_users_path,
+                    notice: I18n.t('you_will_receive_an_email_with_password_reset_instructions_in_a_few_minutes')
+    end
+  end
+end
diff --git a/app/javascript/application.js b/app/javascript/application.js
index 0352f3f9..7b51186d 100644
--- a/app/javascript/application.js
+++ b/app/javascript/application.js
@@ -39,7 +39,6 @@ import RequiredCheckboxGroup from './elements/required_checkbox_group'
 import PageContainer from './elements/page_container'
 import EmailEditor from './elements/email_editor'
 import MountOnClick from './elements/mount_on_click'
-import VisibleOnInput from './elements/visible_on_input'
 
 import * as TurboInstantClick from './lib/turbo_instant_click'
 
@@ -114,7 +113,6 @@ safeRegisterElement('required-checkbox-group', RequiredCheckboxGroup)
 safeRegisterElement('page-container', PageContainer)
 safeRegisterElement('email-editor', EmailEditor)
 safeRegisterElement('mount-on-click', MountOnClick)
-safeRegisterElement('visible-on-input', VisibleOnInput)
 
 safeRegisterElement('template-builder', class extends HTMLElement {
   connectedCallback () {
diff --git a/app/javascript/elements/visible_on_input.js b/app/javascript/elements/visible_on_input.js
deleted file mode 100644
index 37292173..00000000
--- a/app/javascript/elements/visible_on_input.js
+++ /dev/null
@@ -1,14 +0,0 @@
-export default class extends HTMLElement {
-  connectedCallback () {
-    this.input = document.getElementById(this.dataset.inputId)
-
-    this.input.addEventListener('input', () => {
-      if (this.input.value.trim().length > 0) {
-        this.classList.remove('hidden')
-      } else {
-        this.classList.add('hidden')
-        this.querySelectorAll('input').forEach(input => { input.value = '' })
-      }
-    })
-  }
-}
diff --git a/app/views/profile/index.html.erb b/app/views/profile/index.html.erb
index 90a2475a..38461675 100644
--- a/app/views/profile/index.html.erb
+++ b/app/views/profile/index.html.erb
@@ -54,12 +54,10 @@
       <p class="text-2xl font-bold mt-8 mb-4">
         <%= t('change_password') %>
       </p>
-      <%= form_for current_user, url: update_password_settings_profile_index_path, method: :patch, html: { autocomplete: 'off', class: 'space-y-4' } do |f| %>
-        <div class="form-control">
-          <%= f.label :password, t('new_password'), class: 'label' %>
-          <%= f.password_field :password, autocomplete: 'off', class: 'base-input' %>
-        </div>
-        <visible-on-input data-input-id="user_password" class="block space-y-4 <%= 'hidden' if f.object.errors.blank? %>">
+      <%= form_for current_user, url: update_password_settings_profile_index_path, method: :patch, html: { autocomplete: 'off' } do |f| %>
+        <%= f.label :password, t('new_password'), class: 'label' %>
+        <%= f.password_field :password, autocomplete: 'off', class: 'base-input peer w-full', required: true %>
+        <div class="peer-invalid:hidden space-y-4 mt-4">
           <div class="form-control">
             <%= f.label :password_confirmation, t('confirm_password'), class: 'label' %>
             <%= f.password_field :password_confirmation, autocomplete: 'off', class: 'base-input' %>
@@ -67,16 +65,18 @@
           <div class="form-control">
             <%= f.label :current_password, t('current_password'), class: 'label' %>
             <%= f.password_field :current_password, autocomplete: 'current-password', class: 'base-input' %>
-            <span class="label-text-alt mt-1">
-              <%= t('dont_remember_your_current_password_click_here_to_reset_it_html', link: new_user_password_url) %>
-            </span>
+            <% if Accounts.can_send_emails?(current_account) %>
+              <span class="label-text-alt mt-1">
+                <%= t('dont_remember_your_current_password_click_here_to_reset_it_html', link: new_user_password_url) %>
+              </span>
+            <% end %>
           </div>
           <div class="form-control">
             <%= f.button button_title(title: t('update'), disabled_with: t('updating')), class: 'base-button' %>
           </div>
-        </visible-on-input>
+        </div>
       <% end %>
-      <%= button_to nil, resend_reset_password_users_path, id: 'resend_password_button', class: 'hidden', data: { turbo_confirm: t('are_you_sure_') } %>
+      <%= button_to nil, user_send_reset_password_path(current_user), id: 'resend_password_button', method: :put, class: 'hidden', data: { turbo_confirm: t('are_you_sure_') } %>
       <p class="text-2xl font-bold mt-8 mb-4">
         <%= t('two_factor_authentication') %>
       </p>
diff --git a/config/routes.rb b/config/routes.rb
index ecf1c3ed..1947b4b4 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -66,7 +66,7 @@ Rails.application.routes.draw do
   resource :newsletter, only: %i[show update]
   resources :enquiries, only: %i[create]
   resources :users, only: %i[new create edit update destroy] do
-    post :resend_reset_password, on: :collection
+    resource :send_reset_password, only: %i[update], controller: 'users_send_reset_password'
   end
   resource :user_signature, only: %i[edit update destroy]
   resource :user_initials, only: %i[edit update destroy]