From a69df8e6588919a0a220b60eb214842c0b3feaf5 Mon Sep 17 00:00:00 2001
From: Karol Selak <karol.selak@gmail.com>
Date: Sun, 21 Mar 2021 12:41:21 +0100
Subject: [PATCH] notices, password recovery corner cases and UI changes

---
 app/controllers/sessions_controller.rb           |  2 +-
 app/controllers/users_controller.rb              | 13 +++++++++----
 app/views/layouts/application.html.erb           |  8 +++++++-
 app/views/sessions/create.html.erb               |  2 --
 app/views/sessions/new.html.erb                  |  6 +++---
 app/views/sessions/welcome.html.erb              | 10 +++++-----
 app/views/users/create.html.erb                  |  2 --
 app/views/users/new.html.erb                     | 12 ++++++------
 app/views/users/password_recovery_request.erb    |  1 -
 .../users/password_recovery_request_form.erb     |  9 ++++++---
 app/views/users/recover_password_form.html.erb   | 16 +++++++++-------
 public/404.html                                  |  2 +-
 public/422.html                                  |  2 +-
 public/500.html                                  |  2 +-
 14 files changed, 49 insertions(+), 38 deletions(-)
 delete mode 100644 app/views/sessions/create.html.erb
 delete mode 100644 app/views/users/create.html.erb
 delete mode 100644 app/views/users/password_recovery_request.erb

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index b2ff728..ac1e0c8 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -12,7 +12,7 @@ class SessionsController < ApplicationController
 
   def delete
     session.delete(:user_id)
-    redirect_to '/welcome'
+    redirect_to '/welcome', notice: 'Logged out properly'
   end
 
   def welcome
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 386c43b..d0c62bf 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -6,12 +6,13 @@ class UsersController < ApplicationController
   def create
     @user = User.create(params.require(:user).permit(:email, :password))
     session[:user_id] = @user.id
-    redirect_to '/welcome'
+    redirect_to '/welcome', notice: 'Account has been created'
   end
 
   def password_recovery_request
     @user = User.where(email: params['email']).first
     UserMailer.with(user: @user).password_recovery.deliver_now
+    redirect_to '/welcome', notice: "Recovery email sent to #{params['email']}"
   end
 
   def password_recovery_request_form
@@ -24,13 +25,17 @@ class UsersController < ApplicationController
 
   def recover_password
     user = User.find(params[:user_id])
-    if user.authenticate_recovery_password(params[:recovery_password])
+    if user.recovery_password_digest && user.authenticate_recovery_password(params[:recovery_password])
       user.password = params[:password]
       user.password_confirmation = params[:password_confirmation]
-      user.recovery_password_digest = nil
       if user.save
-        redirect_to '/welcome'
+        user.update(recovery_password: nil)
+        redirect_to '/welcome', notice: 'Password changed'
+      else
+        redirect_to '/welcome', notice: 'Passwords don\'t match'
       end
+    else
+      redirect_to '/welcome', notice: 'Recovery link expired or unvalid'
     end
   end
 end
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 7ca2457..e3cec58 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -2,7 +2,7 @@
 <html>
   <head>
     <title>Book store</title>
-    <meta name="viewport" content="width=device-width,initial-scale=1">
+    <meta name='viewport' content='width=device-width,initial-scale=1'>
     <%= csrf_meta_tags %>
     <%= csp_meta_tag %>
 
@@ -11,6 +11,12 @@
   </head>
 
   <body>
+    <%= link_to 'Home', '/welcome', method: :get%>
+    <% flash.each do |type, msg| %>
+      <div class='card-panel teal lighten-5'>
+        <%= msg %>
+      </div>
+    <% end %>
     <%= yield %>
   </body>
 </html>
diff --git a/app/views/sessions/create.html.erb b/app/views/sessions/create.html.erb
deleted file mode 100644
index a7ac851..0000000
--- a/app/views/sessions/create.html.erb
+++ /dev/null
@@ -1,2 +0,0 @@
-<h3>Sessions#create</h3>
-<p>Find me in app/views/sessions/create.html.erb</p>
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index 4556936..23315d8 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -1,9 +1,9 @@
-<h3>Login</h3>
+<h4>Login</h4>
   <%= form_tag '/login' do %>
   <%= label_tag :email%>
   <%= text_field_tag :email %>
   <%= label_tag :password%>
   <%= password_field_tag :password%>
-  <%= submit_tag "Login"%>
+  <%= submit_tag "Login", class: 'btn' %>
 <%end%>
-<%= button_to "Password recovery", '/password_recovery_request', method: :get%>
\ No newline at end of file
+<%= link_to "Password recovery", '/password_recovery_request', method: :get%>
\ No newline at end of file
diff --git a/app/views/sessions/welcome.html.erb b/app/views/sessions/welcome.html.erb
index e04edd2..2f18736 100644
--- a/app/views/sessions/welcome.html.erb
+++ b/app/views/sessions/welcome.html.erb
@@ -1,8 +1,8 @@
-<h3>Welcome</h3>
+<h4>Welcome</h4>
 <% if logged_in? %>
   You are Logged In, <%= current_user.email %>
   <%= button_to "Logout", '/logout', method: :get%>
-<%else%>
-  <%= button_to "Login", '/login', method: :get%>
-  <%= button_to "Sign Up", '/users/new', method: :get%>
-<%end%>
+<% else %>
+  <%= button_to "Login", '/login', method: :get, class: 'btn'%>
+  <%= button_to "Sign Up", '/users/new', method: :get, class: 'btn'%>
+<% end %>
diff --git a/app/views/users/create.html.erb b/app/views/users/create.html.erb
deleted file mode 100644
index a4a1b5f..0000000
--- a/app/views/users/create.html.erb
+++ /dev/null
@@ -1,2 +0,0 @@
-<h3>Users#create</h3>
-<p>Find me in app/views/users/create.html.erb</p>
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
index 8413e2e..d81b5bf 100644
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
@@ -1,8 +1,8 @@
-<h3>Sign Up</h3>
+<h4>Sign Up</h4>
 <%= form_for @user do |f|%>
-  <%= f.label :email%><br>
-  <%= f.text_field :email%><br>
-  <%= f.label :password%><br>
-  <%= f.password_field :password%><br>
-  <%= f.submit %>
+  <%= f.label :email%>
+  <%= f.text_field :email%>
+  <%= f.label :password%>
+  <%= f.password_field :password%>
+  <%= f.submit 'Sign up', class: 'btn' %>
 <%end%>
\ No newline at end of file
diff --git a/app/views/users/password_recovery_request.erb b/app/views/users/password_recovery_request.erb
deleted file mode 100644
index 18e5a7b..0000000
--- a/app/views/users/password_recovery_request.erb
+++ /dev/null
@@ -1 +0,0 @@
-Recovery email sent.
\ No newline at end of file
diff --git a/app/views/users/password_recovery_request_form.erb b/app/views/users/password_recovery_request_form.erb
index 2e22108..66a90a4 100644
--- a/app/views/users/password_recovery_request_form.erb
+++ b/app/views/users/password_recovery_request_form.erb
@@ -1,4 +1,7 @@
-<%= form_with url: "/password_recovery_request", method: :post do |form| %>
-  <%= form.text_field :email %>
-  <%= form.submit "Send email" %>
+<h4>Password recovery</h4>
+Provide an email to password recovery
+<%= form_with url: "/password_recovery_request", method: :post do |f| %>
+  <%= f.label :email%><br>
+  <%= f.text_field :email %>
+  <%= f.submit 'Send email', class: 'btn' %>
 <% end %>
\ No newline at end of file
diff --git a/app/views/users/recover_password_form.html.erb b/app/views/users/recover_password_form.html.erb
index a0d833f..91f0d43 100644
--- a/app/views/users/recover_password_form.html.erb
+++ b/app/views/users/recover_password_form.html.erb
@@ -1,9 +1,11 @@
-Recover password
+<h4>Provide new password</h4>
 
-<%= form_with url: "/recover_password", method: :post do |form| %>
-  <%= form.password_field :password %>
-  <%= form.password_field :password_confirmation %>
-  <%= form.hidden_field :recovery_password, :value => @recovery_password %>
-  <%= form.hidden_field :user_id, :value => @user_id %>
-  <%= form.submit "Change password" %>
+<%= form_with url: '/recover_password', method: :post do |f| %>
+  <%= f.label :password%>
+  <%= f.password_field :password %>
+  <%= f.label :password_confirmation%>
+  <%= f.password_field :password_confirmation %>
+  <%= f.hidden_field :recovery_password, :value => @recovery_password %>
+  <%= f.hidden_field :user_id, :value => @user_id %>
+  <%= f.submit 'Change password', class: 'btn' %>
 <% end %>
\ No newline at end of file
diff --git a/public/404.html b/public/404.html
index c0db723..3e2d224 100644
--- a/public/404.html
+++ b/public/404.html
@@ -58,7 +58,7 @@
   <!-- This file lives in public/404.html -->
   <div class="dialog">
     <div>
-      <h3>The page you were looking for doesn't exist.</h3>
+      <h4>The page you were looking for doesn't exist.</h4>
       <p>You may have mistyped the address or the page may have moved.</p>
     </div>
     <p>If you are the application owner check the logs for more information.</p>
diff --git a/public/422.html b/public/422.html
index 5c98efa..badeeb8 100644
--- a/public/422.html
+++ b/public/422.html
@@ -58,7 +58,7 @@
   <!-- This file lives in public/422.html -->
   <div class="dialog">
     <div>
-      <h3>The change you wanted was rejected.</h3>
+      <h4>The change you wanted was rejected.</h4>
       <p>Maybe you tried to change something you didn't have access to.</p>
     </div>
     <p>If you are the application owner check the logs for more information.</p>
diff --git a/public/500.html b/public/500.html
index 54da439..1fd70e3 100644
--- a/public/500.html
+++ b/public/500.html
@@ -58,7 +58,7 @@
   <!-- This file lives in public/500.html -->
   <div class="dialog">
     <div>
-      <h3>We're sorry, but something went wrong.</h3>
+      <h4>We're sorry, but something went wrong.</h4>
     </div>
     <p>If you are the application owner check the logs for more information.</p>
   </div>