Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable Updating of User Emails #917

Merged
merged 4 commits into from
Oct 24, 2024
Merged

Disable Updating of User Emails #917

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9ded631
Disable email in forms & remove from update_params
aaronskiba Sep 23, 2024
2486220
Update layout of "Edit Profile" contents
aaronskiba Sep 25, 2024
96a2af0
Update CHANGELOG.md
aaronskiba Oct 23, 2024
dabf2f0
Merge branch 'integration' into aaron/issues/916
aaronskiba Oct 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

## [Unreleased]

### Changed

- Disable Updating of User Emails [#917](https://github.com/portagenetwork/roadmap/pull/917)

### Fixed

- Fix User Lookup Via SSO Email: Make Query Case-Insensitive [#924](https://github.com/portagenetwork/roadmap/pull/924)
Expand Down
56 changes: 8 additions & 48 deletions app/controllers/registrations_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ def update
if params[:skip_personal_details] == 'true'
do_update_password(current_user, update_params)
else
do_update(needs_password?(current_user))
do_update
end
else
render(file: File.join(Rails.root, 'public/403.html'), status: 403, layout: false)
Expand All @@ -154,27 +154,15 @@ def update

private

# check if we need password to update user data
# ie if password or email was changed
# extend this as needed
def needs_password?(user)
user.email != update_params[:email] || update_params[:password].present?
end
lagoan marked this conversation as resolved.
Show resolved Hide resolved

# rubocop:disable Metrics/AbcSize, Metrics/MethodLength
# rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
# rubocop:disable Style/OptionalBooleanParameter
def do_update(require_password = true, confirm = false)
def do_update(confirm = false)
restrict_orgs = Rails.configuration.x.application.restrict_orgs
mandatory_params = true
# added to by below, overwritten otherwise
message = _('Save Unsuccessful. ')
# ensure that the required fields are present

if update_params[:email].blank?
message += _('Please enter an email address. ')
mandatory_params &&= false
end
if update_params[:firstname].blank?
message += _('Please enter a First name. ')
mandatory_params &&= false
Expand All @@ -194,39 +182,11 @@ def do_update(require_password = true, confirm = false)
attrs = update_params
attrs = handle_org(attrs: attrs)

# user is changing email or password
if require_password
# if user is changing email
if current_user.email == attrs[:email]
# remove the current_password because its not actuallyt part of the User record
attrs.delete(:current_password)

# This case is never reached since this method when called with
# require_password = true is because the email changed.
# The case for password changed goes to do_update_password instead
successfully_updated = current_user.update_without_password(attrs)
elsif attrs[:password].blank?
# password needs to be present
message = _('Please enter your password to change email address.')
successfully_updated = false
elsif current_user.valid_password?(attrs[:current_password])
successfully_updated = current_user.update_with_password(attrs)
# rubocop:disable Metrics/BlockNesting
lagoan marked this conversation as resolved.
Show resolved Hide resolved
unless successfully_updated
message = _("Save unsuccessful. \
That email address is already registered. \
You must enter a unique email address.")
end
# rubocop:enable Metrics/BlockNesting
else
message = _('Invalid password')
end
else
# password not required
# remove the current_password because its not actuallyt part of the User record
attrs.delete(:current_password)
successfully_updated = current_user.update_without_password(attrs)
end
# password not required
# remove the current_password because its not actuallyt part of the User record
attrs.delete(:current_password)
successfully_updated = current_user.update_without_password(attrs)

else
successfully_updated = false
end
Expand Down Expand Up @@ -296,7 +256,7 @@ def sign_up_params
end

def update_params
params.require(:user).permit(:email, :firstname, :org_id, :language_id,
params.require(:user).permit(:firstname, :org_id, :language_id,
:current_password, :password, :password_confirmation,
:surname, :department_id, :org_id,
:org_name, :org_crosswalk)
Expand Down
3 changes: 1 addition & 2 deletions app/controllers/super_admin/users_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,8 +119,7 @@ def archive
private

def user_params
params.require(:user).permit(:email,
:firstname,
params.require(:user).permit(:firstname,
:surname,
:org_id, :org_name, :org_crosswalk,
:department_id,
Expand Down
14 changes: 7 additions & 7 deletions app/views/devise/registrations/_personal_details.html.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
<%= form_for(resource, namespace: current_user.id, as: resource_name, url: registration_path(resource_name), html: {method: :put, id: 'personal_details_registration_form' }) do |f| %>
<p class="form-control-static">
<%= sanitize _("Please note that your email address is used as your username. If you change this, remember to use your new email address on sign in.") %>
</p>

<p class="form-control-static"><%= _('You can edit any of the details below.') %></p>
<%= hidden_field_tag :unlink_flag, "false", id: 'unlink_flag' %>

<div class="form-group col-xs-8">
<%= f.label(:email, _('Email'), class: 'control-label') %>
<%= f.email_field(:email, class: "form-control", "aria-required": true, value: @user.email) %>
<%= f.email_field(:email, class: "form-control", "aria-required": true, value: @user.email, "disabled": true) %>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like how we are still showing the information here.

<%= hidden_field_tag :original_email, @user.email %>
</div>

<div class="form-group col-xs-12">
<p class="form-control-static"><%= _('You can edit any of the details below.') %></p>
</div>
lagoan marked this conversation as resolved.
Show resolved Hide resolved

<%= hidden_field_tag :unlink_flag, "false", id: 'unlink_flag' %>

<div class="form-group col-xs-8">
<%= f.label(:firstname, _('First name'), class: 'control-label') %>
<%= f.text_field(:firstname, class: "form-control", "aria-required": true, value: @user.firstname) %>
Expand Down
2 changes: 1 addition & 1 deletion app/views/super_admin/users/edit.html.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
<%= form_for(@user, namespace: :superadmin, as: :user, url: super_admin_user_path(@user), html: {method: :put, id: 'super_admin_user_edit' }) do |f| %>
<div class="form-group col-xs-12">
<%= f.label(:email, _('Email'), class: 'control-label') %>
<%= f.email_field(:email, class: "form-control", "aria-required": true) %>
<%= f.email_field(:email, class: "form-control", "aria-required": true, "disabled": true) %>
</div>

<div class="form-group col-xs-12">
Expand Down
Loading