Sign upLogin

amatriain/feedbunch

View on GitHub
Star
FeedBunch-app/app/controllers/feedbunch_auth/registrations_controller.rb

Summary

Maintainability
A
0 mins
Test Coverage
# frozen_string_literal: true

##
# Customized version of Devise::RegistrationsController.
#
# - New registrations are accepted only if signups are enabled in the application.
# - Before accepting an account deletion (RegistrationsController#destroy method), it
# validates that the user-submitted password is correct. Only if the password is correct
# RegistrationsController#destroy is invoked to actually delete the account.

class FeedbunchAuth::RegistrationsController < Devise::RegistrationsController

  before_action :authenticate_user!, except: [:create]

  respond_to :html

  ##
  # Create a new user registration.
  # Signups must be enabled in the application config, otherwise the user is redirected
  # to the landing page instead.
  def create
    if Feedbunch::Application.config.signups_enabled
      super
    else
      Rails.logger.warn "Creation of new user attempted, but signups are disabled"
      redirect_to root_path
    end
  end

  ##
  # Delete a user's profile.
  # A password parameter must be submitted. The method validates that the submitted password
  # is actually the user's password, otherwise an error is returned.
  def destroy
    Rails.logger.warn "User #{current_user.id} - #{current_user.email} has requested account deletion"
    password = profiles_controller_destroy_params[:password]
    if current_user.valid_password? password
      Rails.logger.warn "User #{current_user.id} - #{current_user.email} provided correct password for account deletion"
      current_user.delete_profile
      sign_out
      flash[:notice] = t 'devise.registrations.destroyed'
      redirect_to root_path
    else
      Rails.logger.error "User #{current_user.id} - #{current_user.email} provided wrong password for account deletion"
      flash[:alert] = t 'errors.messages.invalid_password'
      redirect_to edit_user_registration_path
    end
  end

  protected

  ##
  # Redirect user to a static page after signup

  def after_inactive_sign_up_path_for(resource)
    signup_success_path
  end

  def profiles_controller_destroy_params
    params.require(:delete_user_registration).permit(:password)
  end
end