From bb9c354146c4ffd2f5bbe0efd6c4322f56dd8cb3 Mon Sep 17 00:00:00 2001 From: Ben Date: Fri, 12 Apr 2024 02:55:34 -0500 Subject: [PATCH] Added the ability to change and confirm new passwords for editing a user as an admin --- app/controllers/users_controller.rb | 24 ++++++++++++++---------- app/models/user.rb | 6 ++++++ app/views/users/_form.html.erb | 15 +++++++++++++-- 3 files changed, 33 insertions(+), 12 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 79eafe0..d0019ce 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -37,20 +37,24 @@ class UsersController < ApplicationController end def update - @user = User.find(params[:id]) # Assumes @user is already set from a before_action callback, so this line could be redundant if such a callback exists. + @user = User.find(params[:id]) # If @user is set in a before_action, this line can be removed. + + # Handling password change: if password fields are blank, they are removed from user_params to prevent updating the password to nil. + cleaned_params = user_params + if cleaned_params[:password].blank? + cleaned_params.delete(:password) + cleaned_params.delete(:password_confirmation) + end + + if @user.update(cleaned_params.except(:roles)) + # Update roles + update_user_roles(@user, params[:user][:roles] || []) - if @user.update(user_params.except(:roles)) # Check and update the access revoked status and end date if params[:user][:access_revoked] == "1" - # This assumes that you always want to update the latest access period. - # Consider the logic if multiple access periods can exist and which one should be updated. - last_access_period = @user.access_periods.order(:created_at).last - last_access_period.update(end_date: Date.today) unless last_access_period.end_date.present? + current_period = @user.access_periods.order(:created_at).last + current_period.update(end_date: Date.today) unless current_period.end_date.present? end - - # Update user roles if they are part of the form submission - update_user_roles(@user, user_params[:roles]) - handle_access_revocation redirect_to users_path, notice: 'User was successfully updated.' else diff --git a/app/models/user.rb b/app/models/user.rb index 7c87fb4..0233705 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -5,6 +5,7 @@ class User < ApplicationRecord accepts_nested_attributes_for :access_periods, allow_destroy: true after_create :assign_default_role + validate :password_complexity # Validation for date fields validate :end_date_after_start_date, if: -> { access_revoked && access_end_date.present? } @@ -20,6 +21,11 @@ class User < ApplicationRecord self.add_role(:user) unless self.has_any_role? end + def password_complexity + return if password.blank? || password =~ /(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}/ + errors.add :password, 'Complexity requirement not met. Length should be 8 characters and include: 1 uppercase, 1 lowercase, and 1 digit' + end + def end_date_after_start_date if access_start_date.present? errors.add(:access_end_date, 'must be provided when access is revoked') unless access_end_date.present? diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb index cd95c0f..0ff427d 100644 --- a/app/views/users/_form.html.erb +++ b/app/views/users/_form.html.erb @@ -14,12 +14,12 @@ <%# User attributes fields %>
- <%= form.label :first_name, class: 'form-label' %> + <%= form.label :first_name, 'First Name', class: 'form-label' %> <%= form.text_field :first_name, id: :user_first_name, class: 'form-control' %>
- <%= form.label :last_name, class: 'form-label' %> + <%= form.label :last_name, 'Last Name', class: 'form-label' %> <%= form.text_field :last_name, id: :user_last_name, class: 'form-control' %>
@@ -28,6 +28,17 @@ <%= form.email_field :email, id: :user_email, class: 'form-control' %> +
+ <%= form.label :new_password, 'New Password', class: 'form-label' %> + <%= form.password_field :password, id: :user_password, class: 'form-control', autocomplete: "new-password" %> +
+ +
+ <%= form.label :password_confirmation, 'Password Confirmation', class: 'form-label' %> + <%= form.password_field :password_confirmation, id: "user_password_confirmation", class: 'form-control', autocomplete: "new-password" %> +
+ +
<%= form.label :phone, class: 'form-label' %> <%= form.telephone_field :phone, id: :user_phone, class: 'form-control' %>