diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 79eafe0..d0019ce 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -37,20 +37,24 @@ class UsersController < ApplicationController
end
def update
- @user = User.find(params[:id]) # Assumes @user is already set from a before_action callback, so this line could be redundant if such a callback exists.
+ @user = User.find(params[:id]) # If @user is set in a before_action, this line can be removed.
+
+ # Handling password change: if password fields are blank, they are removed from user_params to prevent updating the password to nil.
+ cleaned_params = user_params
+ if cleaned_params[:password].blank?
+ cleaned_params.delete(:password)
+ cleaned_params.delete(:password_confirmation)
+ end
+
+ if @user.update(cleaned_params.except(:roles))
+ # Update roles
+ update_user_roles(@user, params[:user][:roles] || [])
- if @user.update(user_params.except(:roles))
# Check and update the access revoked status and end date
if params[:user][:access_revoked] == "1"
- # This assumes that you always want to update the latest access period.
- # Consider the logic if multiple access periods can exist and which one should be updated.
- last_access_period = @user.access_periods.order(:created_at).last
- last_access_period.update(end_date: Date.today) unless last_access_period.end_date.present?
+ current_period = @user.access_periods.order(:created_at).last
+ current_period.update(end_date: Date.today) unless current_period.end_date.present?
end
-
- # Update user roles if they are part of the form submission
- update_user_roles(@user, user_params[:roles])
- handle_access_revocation
redirect_to users_path, notice: 'User was successfully updated.'
else
diff --git a/app/models/user.rb b/app/models/user.rb
index 7c87fb4..0233705 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -5,6 +5,7 @@ class User < ApplicationRecord
accepts_nested_attributes_for :access_periods, allow_destroy: true
after_create :assign_default_role
+ validate :password_complexity
# Validation for date fields
validate :end_date_after_start_date, if: -> { access_revoked && access_end_date.present? }
@@ -20,6 +21,11 @@ class User < ApplicationRecord
self.add_role(:user) unless self.has_any_role?
end
+ def password_complexity
+ return if password.blank? || password =~ /(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}/
+ errors.add :password, 'Complexity requirement not met. Length should be 8 characters and include: 1 uppercase, 1 lowercase, and 1 digit'
+ end
+
def end_date_after_start_date
if access_start_date.present?
errors.add(:access_end_date, 'must be provided when access is revoked') unless access_end_date.present?
diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb
index cd95c0f..0ff427d 100644
--- a/app/views/users/_form.html.erb
+++ b/app/views/users/_form.html.erb
@@ -14,12 +14,12 @@
<%# User attributes fields %>
- <%= form.label :first_name, class: 'form-label' %>
+ <%= form.label :first_name, 'First Name', class: 'form-label' %>
<%= form.text_field :first_name, id: :user_first_name, class: 'form-control' %>
- <%= form.label :last_name, class: 'form-label' %>
+ <%= form.label :last_name, 'Last Name', class: 'form-label' %>
<%= form.text_field :last_name, id: :user_last_name, class: 'form-control' %>
@@ -28,6 +28,17 @@
<%= form.email_field :email, id: :user_email, class: 'form-control' %>
+
+ <%= form.label :new_password, 'New Password', class: 'form-label' %>
+ <%= form.password_field :password, id: :user_password, class: 'form-control', autocomplete: "new-password" %>
+
+
+
+ <%= form.label :password_confirmation, 'Password Confirmation', class: 'form-label' %>
+ <%= form.password_field :password_confirmation, id: "user_password_confirmation", class: 'form-control', autocomplete: "new-password" %>
+
+
+
<%= form.label :phone, class: 'form-label' %>
<%= form.telephone_field :phone, id: :user_phone, class: 'form-control' %>