need current_passwd to update passwd in extranet

c94664f1 · Sébastien Gaya · 3c868dc8 · c94664f1 · c94664f1
Unverified Commit c94664f1 authored 1 year ago by Sébastien Gaya
--- a/app/controllers/extranet/account_controller.rb
+++ b/app/controllers/extranet/account_controller.rb
@@ -11,28 +11,39 @@ class Extranet::AccountController < Extranet::ApplicationController
  end

  def update
-    manage_password
-    current_user.update user_params
-    redirect_to account_path, notice: t('extranet.account.updated')
+    if update_user(current_user, user_params)
+      bypass_sign_in current_user, scope: :user if sign_in_after_change_password?
+      redirect_to account_path, notice: t('extranet.account.updated')
+    else
+      breadcrumb
+      add_breadcrumb t('extranet.account.edit')
+      render :edit
+    end
  end

  protected

-  def manage_password
-    # to prevent cognitive complexity (the bottom block should be in an if condition where password present)
-    # Password not provided when user from sso
-    params[:user][:password] ||= ''
-
-    if params[:user][:password].blank?
-      params[:user].delete(:password)
+  def update_user(user, params)
+    if params[:password].blank?
+      params.delete(:current_password)
+      user.update_without_password(params)
    else
-      current_user.reset_password(params[:user][:password], params[:user][:password])
+      user.update_with_password(params)
    end
  end

  def user_params
    params.require(:user)
-          .permit(:first_name, :last_name, :email, :mobile_phone, :language_id, :password, :picture, :picture_infos, :picture_delete)
+          .permit(
+            :first_name, :last_name, :email, :mobile_phone, :language_id,
+            :current_password, :password, :password_confirmation,
+            :picture, :picture_infos, :picture_delete
+          )
+  end
+
+  def sign_in_after_change_password?
+    return true if user_params[:password].blank?
+    Devise.sign_in_after_change_password
  end

  def breadcrumb

--- a/app/views/extranet/account/edit.html.erb
+++ b/app/views/extranet/account/edit.html.erb
@@ -22,9 +22,23 @@
    <div class="col-lg-6">
      <%= f.input :email %>
      <%= f.input :mobile_phone %>
+    </div>
+  </div>
+
+  <h3 class="mt-5 mb-4"><%= t("devise.passwords.edit.new") %></h3>
+
+  <div class="row">
+    <div class="col-lg-6">
+      <%= f.input :current_password,
+                  as: :password,
+                  input_html: { autocomplete: "current-password" } %>
+    </div>
+  </div>
+
+  <div class="row">
+    <div class="col-lg-6">
      <%= f.input :password,
                  as: :password_with_hints,
-                  hint: t('admin.password_hint'),
                  allow_password_uncloaking: true,
                  validators: {
                    length: Devise.password_length.first,
@@ -33,9 +47,19 @@
                    numeric_char: true,
                    special_char: Rails.application.config.allowed_special_chars
                  },
+                  label: t('devise.passwords.edit.new_password'),
+                  required: false,
+                  input_html: { autocomplete: "new-password" } %>
+    </div>
+    <div class="col-lg-6">
+      <%= f.input :password_confirmation,
+                  as: :password_with_sync,
+                  allow_password_uncloaking: true,
+                  compare_with_field: :password,
                  input_html: { autocomplete: "new-password" } %>
    </div>
  </div>
+
  <%= submit f %>

  <% if current_user.visitor? %>