bookstore/app/controllers/users_controller.rb

# frozen_string_literal: true

# Users controller
class UsersController < ApplicationController
  before_action :ensure_admin, only: %i[destroy block]

  def index
    @users = User.all
  end

  def new
    @user = User.new
  end

  def create
    @user = User.create(params.require(:user).permit(:email, :password))
    if @user.invalid?
      redirect_to '/welcome', notice: notices_from_errors(@user)
    else
      session[:user_id] = @user.id
      redirect_to '/welcome', notice: 'Account has been created'
    end
  end

  def password_recovery_request
    @user = User.where(email: params['email']).first
    recovery_password = ('a'..'z').to_a.sample(8).join
    @user.recovery_password = recovery_password
    @user.save
    UserMailer.with(user: @user, recovery_password: recovery_password).password_recovery.deliver_now
    redirect_to '/welcome', notice: "Recovery email sent to #{params['email']}"
  end

  def password_recovery_request_form; end

  def recover_password_form
    @recovery_password = params[:recovery_password]
    @user_id = params[:id]
  end

  def recover_password
    @user = User.find(params[:user_id])
    if recovery_password_proper?
      set_new_password
    else
      redirect_to '/welcome', notice: 'Recovery link expired or invalid'
    end
  end

  def destroy
    User.destroy(params[:id])
    redirect_to '/users'
  end

  def block
    User.find(params[:id]).update(status: :blocked)
    redirect_to '/users'
  end

  private

  def recovery_password_proper?
    @user.recovery_password_digest &&
      @user.authenticate_recovery_password(params[:recovery_password])
  end

  def set_new_password
    @user.password = params[:password]
    @user.password_confirmation = params[:password_confirmation]
    if @user.save
      @user.update(recovery_password: nil)
      redirect_to '/welcome', notice: 'Password changed'
    else
      redirect_to '/welcome', notice: 'Passwords don\'t match'
    end
  end
end
rubocop corrections 2021-03-22 03:16:29 +01:00			`# frozen_string_literal: true`

			`# Users controller`
user and session generated 2021-03-20 14:23:06 +01:00			`class UsersController < ApplicationController`
rubocop corrections 2021-03-22 03:16:29 +01:00			`before_action :ensure_admin, only: %i[destroy block]`
edit authors, delete users, UI changes 2021-03-21 22:31:58 +01:00
			`def index`
			`@users = User.all`
			`end`

user and session generated 2021-03-20 14:23:06 +01:00			`def new`
session creation 2021-03-20 20:02:37 +01:00			`@user = User.new`
user and session generated 2021-03-20 14:23:06 +01:00			`end`

			`def create`
rename username to email 2021-03-20 22:37:38 +01:00			`@user = User.create(params.require(:user).permit(:email, :password))`
user validation 2021-03-21 17:02:04 +01:00			`if @user.invalid?`
			`redirect_to '/welcome', notice: notices_from_errors(@user)`
			`else`
			`session[:user_id] = @user.id`
			`redirect_to '/welcome', notice: 'Account has been created'`
			`end`
user and session generated 2021-03-20 14:23:06 +01:00			`end`
password recovery wip 2021-03-21 10:36:09 +01:00
password recovery renaming 2021-03-21 11:26:08 +01:00			`def password_recovery_request`
password recovery wip 2021-03-21 10:36:09 +01:00			`@user = User.where(email: params['email']).first`
rubocop corrections 2021-03-22 03:16:29 +01:00			`recovery_password = ('a'..'z').to_a.sample(8).join`
password recovery refactoring and tests 2021-03-21 14:44:59 +01:00			`@user.recovery_password = recovery_password`
			`@user.save`
			`UserMailer.with(user: @user, recovery_password: recovery_password).password_recovery.deliver_now`
notices, password recovery corner cases and UI changes 2021-03-21 12:41:21 +01:00			`redirect_to '/welcome', notice: "Recovery email sent to #{params['email']}"`
password recovery wip 2021-03-21 10:36:09 +01:00			`end`

rubocop corrections 2021-03-22 03:16:29 +01:00			`def password_recovery_request_form; end`
password recovery wip 2021-03-21 10:36:09 +01:00
password recovery renaming 2021-03-21 11:26:08 +01:00			`def recover_password_form`
UI and naming changes 2021-03-21 11:40:53 +01:00			`@recovery_password = params[:recovery_password]`
password recovery wip 2021-03-21 10:36:09 +01:00			`@user_id = params[:id]`
			`end`

			`def recover_password`
refactoring and rubocop changes 2021-03-22 04:38:35 +01:00			`@user = User.find(params[:user_id])`
			`if recovery_password_proper?`
			`set_new_password`
notices, password recovery corner cases and UI changes 2021-03-21 12:41:21 +01:00			`else`
password recovery refactoring and tests 2021-03-21 14:44:59 +01:00			`redirect_to '/welcome', notice: 'Recovery link expired or invalid'`
password recovery wip 2021-03-21 10:36:09 +01:00			`end`
			`end`
edit authors, delete users, UI changes 2021-03-21 22:31:58 +01:00
			`def destroy`
			`User.destroy(params[:id])`
			`redirect_to '/users'`
			`end`
user blocking 2021-03-21 23:43:09 +01:00
			`def block`
			`User.find(params[:id]).update(status: :blocked)`
			`redirect_to '/users'`
			`end`
refactoring and rubocop changes 2021-03-22 04:38:35 +01:00
			`private`

			`def recovery_password_proper?`
			`@user.recovery_password_digest &&`
			`@user.authenticate_recovery_password(params[:recovery_password])`
			`end`

			`def set_new_password`
			`@user.password = params[:password]`
			`@user.password_confirmation = params[:password_confirmation]`
			`if @user.save`
			`@user.update(recovery_password: nil)`
			`redirect_to '/welcome', notice: 'Password changed'`
			`else`
			`redirect_to '/welcome', notice: 'Passwords don\'t match'`
			`end`
			`end`
user and session generated 2021-03-20 14:23:06 +01:00			`end`