notices, password recovery corner cases and UI changes

2021-03-21 12:41:21 +01:00 · 2021-03-21 12:41:21 +01:00 · a69df8e658
commit a69df8e658
parent dace874f4f
14 changed files with 49 additions and 38 deletions
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -12,7 +12,7 @@ class SessionsController < ApplicationController

  def delete
    session.delete(:user_id)
-    redirect_to '/welcome'
+    redirect_to '/welcome', notice: 'Logged out properly'
  end

  def welcome
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -6,12 +6,13 @@ class UsersController < ApplicationController
  def create
    @user = User.create(params.require(:user).permit(:email, :password))
    session[:user_id] = @user.id
-    redirect_to '/welcome'
+    redirect_to '/welcome', notice: 'Account has been created'
  end

  def password_recovery_request
    @user = User.where(email: params['email']).first
    UserMailer.with(user: @user).password_recovery.deliver_now
+    redirect_to '/welcome', notice: "Recovery email sent to #{params['email']}"
  end

  def password_recovery_request_form
@ -24,13 +25,17 @@ class UsersController < ApplicationController

  def recover_password
    user = User.find(params[:user_id])
-    if user.authenticate_recovery_password(params[:recovery_password])
+    if user.recovery_password_digest && user.authenticate_recovery_password(params[:recovery_password])
      user.password = params[:password]
      user.password_confirmation = params[:password_confirmation]
-      user.recovery_password_digest = nil
      if user.save
-        redirect_to '/welcome'
+        user.update(recovery_password: nil)
+        redirect_to '/welcome', notice: 'Password changed'
+      else
+        redirect_to '/welcome', notice: 'Passwords don\'t match'
      end
+    else
+      redirect_to '/welcome', notice: 'Recovery link expired or unvalid'
    end
  end
 end
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@ -2,7 +2,7 @@
 <html>
  <head>
    <title>Book store</title>
-    <meta name="viewport" content="width=device-width,initial-scale=1">
+    <meta name='viewport' content='width=device-width,initial-scale=1'>
    <%= csrf_meta_tags %>
    <%= csp_meta_tag %>

@ -11,6 +11,12 @@
  </head>

  <body>
+    <%= link_to 'Home', '/welcome', method: :get%>
+    <% flash.each do |type, msg| %>
+      <div class='card-panel teal lighten-5'>
+        <%= msg %>
+      </div>
+    <% end %>
    <%= yield %>
  </body>
 </html>
--- a/app/views/sessions/create.html.erb
+++ b/app/views/sessions/create.html.erb
@ -1,2 +0,0 @@
-<h3>Sessions#create</h3>
-<p>Find me in app/views/sessions/create.html.erb</p>
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@ -1,9 +1,9 @@
-<h3>Login</h3>
+<h4>Login</h4>
  <%= form_tag '/login' do %>
  <%= label_tag :email%>
  <%= text_field_tag :email %>
  <%= label_tag :password%>
  <%= password_field_tag :password%>
-  <%= submit_tag "Login"%>
+  <%= submit_tag "Login", class: 'btn' %>
 <%end%>
-<%= button_to "Password recovery", '/password_recovery_request', method: :get%>
+<%= link_to "Password recovery", '/password_recovery_request', method: :get%>
--- a/app/views/sessions/welcome.html.erb
+++ b/app/views/sessions/welcome.html.erb
@ -1,8 +1,8 @@
-<h3>Welcome</h3>
+<h4>Welcome</h4>
 <% if logged_in? %>
  You are Logged In, <%= current_user.email %>
  <%= button_to "Logout", '/logout', method: :get%>
-<%else%>
-  <%= button_to "Login", '/login', method: :get%>
-  <%= button_to "Sign Up", '/users/new', method: :get%>
-<%end%>
+<% else %>
+  <%= button_to "Login", '/login', method: :get, class: 'btn'%>
+  <%= button_to "Sign Up", '/users/new', method: :get, class: 'btn'%>
+<% end %>
--- a/app/views/users/create.html.erb
+++ b/app/views/users/create.html.erb
@ -1,2 +0,0 @@
-<h3>Users#create</h3>
-<p>Find me in app/views/users/create.html.erb</p>
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
@ -1,8 +1,8 @@
-<h3>Sign Up</h3>
+<h4>Sign Up</h4>
 <%= form_for @user do |f|%>
-  <%= f.label :email%><br>
-  <%= f.text_field :email%><br>
-  <%= f.label :password%><br>
-  <%= f.password_field :password%><br>
-  <%= f.submit %>
+  <%= f.label :email%>
+  <%= f.text_field :email%>
+  <%= f.label :password%>
+  <%= f.password_field :password%>
+  <%= f.submit 'Sign up', class: 'btn' %>
 <%end%>
--- a/app/views/users/password_recovery_request.erb
+++ b/app/views/users/password_recovery_request.erb
@ -1 +0,0 @@
-Recovery email sent.
--- a/app/views/users/password_recovery_request_form.erb
+++ b/app/views/users/password_recovery_request_form.erb
@ -1,4 +1,7 @@
-<%= form_with url: "/password_recovery_request", method: :post do |form| %>
-  <%= form.text_field :email %>
-  <%= form.submit "Send email" %>
+<h4>Password recovery</h4>
+Provide an email to password recovery
+<%= form_with url: "/password_recovery_request", method: :post do |f| %>
+  <%= f.label :email%><br>
+  <%= f.text_field :email %>
+  <%= f.submit 'Send email', class: 'btn' %>
 <% end %>
--- a/app/views/users/recover_password_form.html.erb
+++ b/app/views/users/recover_password_form.html.erb
@ -1,9 +1,11 @@
-Recover password
+<h4>Provide new password</h4>

-<%= form_with url: "/recover_password", method: :post do |form| %>
-  <%= form.password_field :password %>
-  <%= form.password_field :password_confirmation %>
-  <%= form.hidden_field :recovery_password, :value => @recovery_password %>
-  <%= form.hidden_field :user_id, :value => @user_id %>
-  <%= form.submit "Change password" %>
+<%= form_with url: '/recover_password', method: :post do |f| %>
+  <%= f.label :password%>
+  <%= f.password_field :password %>
+  <%= f.label :password_confirmation%>
+  <%= f.password_field :password_confirmation %>
+  <%= f.hidden_field :recovery_password, :value => @recovery_password %>
+  <%= f.hidden_field :user_id, :value => @user_id %>
+  <%= f.submit 'Change password', class: 'btn' %>
 <% end %>
--- a/public/404.html
+++ b/public/404.html
@ -58,7 +58,7 @@
  <!-- This file lives in public/404.html -->
  <div class="dialog">
    <div>
-      <h3>The page you were looking for doesn't exist.</h3>
+      <h4>The page you were looking for doesn't exist.</h4>
      <p>You may have mistyped the address or the page may have moved.</p>
    </div>
    <p>If you are the application owner check the logs for more information.</p>
--- a/public/422.html
+++ b/public/422.html
@ -58,7 +58,7 @@
  <!-- This file lives in public/422.html -->
  <div class="dialog">
    <div>
-      <h3>The change you wanted was rejected.</h3>
+      <h4>The change you wanted was rejected.</h4>
      <p>Maybe you tried to change something you didn't have access to.</p>
    </div>
    <p>If you are the application owner check the logs for more information.</p>
--- a/public/500.html
+++ b/public/500.html
@ -58,7 +58,7 @@
  <!-- This file lives in public/500.html -->
  <div class="dialog">
    <div>
-      <h3>We're sorry, but something went wrong.</h3>
+      <h4>We're sorry, but something went wrong.</h4>
    </div>
    <p>If you are the application owner check the logs for more information.</p>
  </div>