refactor, use invalid class

app/controllers/users_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class UsersController < ApplicationController
-  load_and_authorize_resource :user, only: %i[index edit update destroy resend_reset_password]
+  load_and_authorize_resource :user, only: %i[index edit update destroy]
 
   before_action :build_user, only: %i[new create]
   authorize_resource :user, only: %i[new create]
@@ -71,13 +71,6 @@ class UsersController < ApplicationController
     redirect_back fallback_location: settings_users_path, notice: I18n.t('user_has_been_removed')
   end
 
-  def resend_reset_password
-    current_user.send_reset_password_instructions
-
-    redirect_back fallback_location: settings_users_path,
-                  notice: I18n.t('you_will_receive_an_email_with_password_reset_instructions_in_a_few_minutes')
-  end
-
   private
 
   def role_valid?(role)

app/controllers/users_send_reset_password_controller.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class UsersSendResetPasswordController < ApplicationController
+  load_and_authorize_resource :user
+
+  LIMIT_DURATION = 10.minutes
+
+  def update
+    authorize!(:manage, @user)
+
+    if @user.reset_password_sent_at && @user.reset_password_sent_at > LIMIT_DURATION.ago
+      redirect_back fallback_location: settings_users_path, notice: I18n.t('email_has_been_sent_already')
+    else
+      @user.send_reset_password_instructions
+
+      redirect_back fallback_location: settings_users_path,
+                    notice: I18n.t('you_will_receive_an_email_with_password_reset_instructions_in_a_few_minutes')
+    end
+  end
+end

app/javascript/application.js

@@ -39,7 +39,6 @@ import RequiredCheckboxGroup from './elements/required_checkbox_group'
 import PageContainer from './elements/page_container'
 import EmailEditor from './elements/email_editor'
 import MountOnClick from './elements/mount_on_click'
-import VisibleOnInput from './elements/visible_on_input'
 
 import * as TurboInstantClick from './lib/turbo_instant_click'
 
@@ -114,7 +113,6 @@ safeRegisterElement('required-checkbox-group', RequiredCheckboxGroup)
 safeRegisterElement('page-container', PageContainer)
 safeRegisterElement('email-editor', EmailEditor)
 safeRegisterElement('mount-on-click', MountOnClick)
-safeRegisterElement('visible-on-input', VisibleOnInput)
 
 safeRegisterElement('template-builder', class extends HTMLElement {
   connectedCallback () {

app/javascript/elements/visible_on_input.js

@@ -1,14 +0,0 @@
-export default class extends HTMLElement {
-  connectedCallback () {
-    this.input = document.getElementById(this.dataset.inputId)
-
-    this.input.addEventListener('input', () => {
-      if (this.input.value.trim().length > 0) {
-        this.classList.remove('hidden')
-      } else {
-        this.classList.add('hidden')
-        this.querySelectorAll('input').forEach(input => { input.value = '' })
-      }
-    })
-  }
-}

app/views/profile/index.html.erb

@@ -54,12 +54,10 @@
       <p class="text-2xl font-bold mt-8 mb-4">
         <%= t('change_password') %>
       </p>
-      <%= form_for current_user, url: update_password_settings_profile_index_path, method: :patch, html: { autocomplete: 'off', class: 'space-y-4' } do |f| %>
-        <div class="form-control">
+      <%= form_for current_user, url: update_password_settings_profile_index_path, method: :patch, html: { autocomplete: 'off' } do |f| %>
         <%= f.label :password, t('new_password'), class: 'label' %>
-          <%= f.password_field :password, autocomplete: 'off', class: 'base-input' %>
-        </div>
-        <visible-on-input data-input-id="user_password" class="block space-y-4 <%= 'hidden' if f.object.errors.blank? %>">
+        <%= f.password_field :password, autocomplete: 'off', class: 'base-input peer w-full', required: true %>
+        <div class="peer-invalid:hidden space-y-4 mt-4">
           <div class="form-control">
             <%= f.label :password_confirmation, t('confirm_password'), class: 'label' %>
             <%= f.password_field :password_confirmation, autocomplete: 'off', class: 'base-input' %>
@@ -67,16 +65,18 @@
           <div class="form-control">
             <%= f.label :current_password, t('current_password'), class: 'label' %>
             <%= f.password_field :current_password, autocomplete: 'current-password', class: 'base-input' %>
+            <% if Accounts.can_send_emails?(current_account) %>
               <span class="label-text-alt mt-1">
                 <%= t('dont_remember_your_current_password_click_here_to_reset_it_html', link: new_user_password_url) %>
               </span>
+            <% end %>
           </div>
           <div class="form-control">
             <%= f.button button_title(title: t('update'), disabled_with: t('updating')), class: 'base-button' %>
           </div>
-        </visible-on-input>
+        </div>
       <% end %>
-      <%= button_to nil, resend_reset_password_users_path, id: 'resend_password_button', class: 'hidden', data: { turbo_confirm: t('are_you_sure_') } %>
+      <%= button_to nil, user_send_reset_password_path(current_user), id: 'resend_password_button', method: :put, class: 'hidden', data: { turbo_confirm: t('are_you_sure_') } %>
       <p class="text-2xl font-bold mt-8 mb-4">
         <%= t('two_factor_authentication') %>
       </p>

config/routes.rb

@@ -66,7 +66,7 @@ Rails.application.routes.draw do
   resource :newsletter, only: %i[show update]
   resources :enquiries, only: %i[create]
   resources :users, only: %i[new create edit update destroy] do
-    post :resend_reset_password, on: :collection
+    resource :send_reset_password, only: %i[update], controller: 'users_send_reset_password'
   end
   resource :user_signature, only: %i[edit update destroy]
   resource :user_initials, only: %i[edit update destroy]