WIP try to get password reset working via devise

.rubocop.yml

@@ -45,6 +45,10 @@ Naming/FileName:
 Naming/MethodParameterName:
   Enabled: false
 
+# Not compatible with strong_migrations
+Rails/BulkChangeTable:
+  Enabled: false
+
 Rails/CreateTableWithTimestamps:
   Enabled: false
 

app/controllers/passwords_controller.rb

@@ -1,4 +1,4 @@
-class PasswordsController < ApplicationController
+class PasswordsController < Devise::PasswordsController
   include SessionMethods
 
   layout "site"
@@ -13,6 +13,8 @@ class PasswordsController < ApplicationController
 
   def new
     @title = t ".title"
+
+    super
   end
 
   def edit
@@ -32,26 +34,6 @@ def edit
     end
   end
 
-  def create
-    user = User.visible.find_by(:email => params[:email])
-
-    if user.nil?
-      users = User.visible.where("LOWER(email) = LOWER(?)", params[:email])
-
-      user = users.first if users.count == 1
-    end
-
-    if user
-      token = user.tokens.create
-      UserMailer.lost_password(user, token).deliver_later
-      flash[:notice] = t ".notice email on way"
-      redirect_to login_path
-    else
-      flash.now[:error] = t ".notice email cannot find"
-      render :new
-    end
-  end
-
   def update
     if params[:token]
       token = UserToken.find_by(:token => params[:token])
@@ -82,4 +64,8 @@ def update
       head :bad_request
     end
   end
+
+  def new_session_path(_)
+    new_user_session_path
+  end
 end

app/models/user.rb

@@ -2,50 +2,55 @@
 #
 # Table name: users
 #
-#  email               :string           not null
-#  id                  :bigint(8)        not null, primary key
-#  pass_crypt          :string           not null
-#  creation_time       :datetime         not null
-#  display_name        :string           default(""), not null
-#  data_public         :boolean          default(FALSE), not null
-#  description         :text             default(""), not null
-#  home_lat            :float
-#  home_lon            :float
-#  home_zoom           :integer          default(3)
-#  pass_salt           :string
-#  email_valid         :boolean          default(FALSE), not null
-#  new_email           :string
-#  creation_ip         :string
-#  languages           :string
-#  status              :enum             default("pending"), not null
-#  terms_agreed        :datetime
-#  consider_pd         :boolean          default(FALSE), not null
-#  auth_uid            :string
-#  preferred_editor    :string
-#  terms_seen          :boolean          default(FALSE), not null
-#  description_format  :enum             default("markdown"), not null
-#  changesets_count    :integer          default(0), not null
-#  traces_count        :integer          default(0), not null
-#  diary_entries_count :integer          default(0), not null
-#  image_use_gravatar  :boolean          default(FALSE), not null
-#  auth_provider       :string
-#  home_tile           :bigint(8)
-#  tou_agreed          :datetime
+#  email                  :string           not null
+#  id                     :bigint(8)        not null, primary key
+#  pass_crypt             :string           not null
+#  creation_time          :datetime         not null
+#  display_name           :string           default(""), not null
+#  data_public            :boolean          default(FALSE), not null
+#  description            :text             default(""), not null
+#  home_lat               :float
+#  home_lon               :float
+#  home_zoom              :integer          default(3)
+#  pass_salt              :string
+#  email_valid            :boolean          default(FALSE), not null
+#  new_email              :string
+#  creation_ip            :string
+#  languages              :string
+#  status                 :enum             default("pending"), not null
+#  terms_agreed           :datetime
+#  consider_pd            :boolean          default(FALSE), not null
+#  auth_uid               :string
+#  preferred_editor       :string
+#  terms_seen             :boolean          default(FALSE), not null
+#  description_format     :enum             default("markdown"), not null
+#  changesets_count       :integer          default(0), not null
+#  traces_count           :integer          default(0), not null
+#  diary_entries_count    :integer          default(0), not null
+#  image_use_gravatar     :boolean          default(FALSE), not null
+#  auth_provider          :string
+#  home_tile              :bigint(8)
+#  tou_agreed             :datetime
+#  reset_password_token   :string
+#  reset_password_sent_at :datetime
 #
 # Indexes
 #
-#  users_auth_idx                    (auth_provider,auth_uid) UNIQUE
-#  users_display_name_canonical_idx  (lower(NORMALIZE(display_name, NFKC)))
-#  users_display_name_idx            (display_name) UNIQUE
-#  users_email_idx                   (email) UNIQUE
-#  users_email_lower_idx             (lower((email)::text))
-#  users_home_idx                    (home_tile)
+#  index_users_on_reset_password_token  (reset_password_token) UNIQUE
+#  users_auth_idx                       (auth_provider,auth_uid) UNIQUE
+#  users_display_name_canonical_idx     (lower(NORMALIZE(display_name, NFKC)))
+#  users_display_name_idx               (display_name) UNIQUE
+#  users_email_idx                      (email) UNIQUE
+#  users_email_lower_idx                (lower((email)::text))
+#  users_home_idx                       (home_tile)
 #
 
 class User < ApplicationRecord
   require "digest"
   include AASM
 
+  devise :recoverable
+
   has_many :traces, -> { where(:visible => true) }
   has_many :diary_entries, -> { order(:created_at => :desc) }, :inverse_of => :user
   has_many :diary_comments, -> { order(:created_at => :desc) }, :inverse_of => :user

app/views/passwords/new.html.erb

@@ -4,7 +4,8 @@
 
 <p><%= t ".help_text" %></p>
 
-<%= bootstrap_form_tag do |f| %>
+<%= bootstrap_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
+  <%= render "devise/shared/error_messages", :resource => resource %>
   <%= f.text_field :email, :label => t(".email address") %>
   <%= f.primary t(".new password button") %>
 <% end %>

app/views/sessions/new.html.erb

@@ -13,7 +13,7 @@
     <%= hidden_field_tag("referer", h(params[:referer]), :autocomplete => "off") %>
 
     <%= f.text_field :username, :label => t(".email or username"), :tabindex => 1, :value => params[:username] %>
-    <%= f.password_field :password, :label => t(".password"), :tabindex => 2, :value => "", :help => link_to(t(".lost password link"), user_forgot_password_path) %>
+    <%= f.password_field :password, :label => t(".password"), :tabindex => 2, :value => "", :help => link_to(t(".lost password link"), new_user_password_path) %>
     <%= f.form_group do %>
       <%= f.check_box :remember_me, { :label => t(".remember"), :tabindex => 3, :checked => (params[:remember_me] == "yes") }, "yes" %>
     <% end %>

config/initializers/devise.rb

@@ -30,7 +30,7 @@
   # config.mailer = 'Devise::Mailer'
 
   # Configure the parent class responsible to send e-mails.
-  # config.parent_mailer = 'ActionMailer::Base'
+  config.parent_mailer = "ApplicationMailer"
 
   # ==> ORM configuration
   # Load and configure the ORM. Supports :active_record (default) and

config/routes.rb

@@ -159,7 +159,7 @@
   get "/history/feed" => "changesets#feed", :defaults => { :format => :atom }
   get "/history/comments/feed" => "changeset_comments#index", :as => :changesets_comments_feed, :defaults => { :format => "rss" }
   get "/export" => "site#export"
-  get "/login" => "sessions#new"
+  get "/login" => "sessions#new", :as => :new_user_session
   post "/login" => "sessions#create"
   match "/logout" => "sessions#destroy", :via => [:get, :post]
   get "/offline" => "site#offline"
@@ -175,12 +175,9 @@
   match "/user/confirm" => "confirmations#confirm", :via => [:get, :post]
   match "/user/confirm-email" => "confirmations#confirm_email", :via => [:get, :post]
   post "/user/go_public" => "users#go_public"
-  scope :user, :as => "user" do
-    get "forgot-password" => "passwords#new"
-    post "forgot-password" => "passwords#create"
-    get "reset-password" => "passwords#edit"
-    post "reset-password" => "passwords#update"
-  end
+
+  devise_for :users, :only => :passwords, :controllers => { :passwords => "passwords" }
+
   get "/user/suspended" => "users#suspended"
 
   get "/index.html", :to => redirect(:path => "/")

db/migrate/20231213113946_add_devise_passwords_to_users.rb

@@ -0,0 +1,6 @@
+class AddDevisePasswordsToUsers < ActiveRecord::Migration[7.1]
+  def change
+    add_column :users, :reset_password_token, :string
+    add_column :users, :reset_password_sent_at, :datetime
+  end
+end

db/migrate/20231213135917_add_index_to_users_reset_password_token.rb

@@ -0,0 +1,7 @@
+class AddIndexToUsersResetPasswordToken < ActiveRecord::Migration[7.1]
+  disable_ddl_transaction!
+
+  def change
+    add_index :users, :reset_password_token, :unique => true, :algorithm => :concurrently
+  end
+end

db/structure.sql

@@ -1597,7 +1597,9 @@ CREATE TABLE public.users (
     image_use_gravatar boolean DEFAULT false NOT NULL,
     auth_provider character varying,
     home_tile bigint,
-    tou_agreed timestamp without time zone
+    tou_agreed timestamp without time zone,
+    reset_password_token character varying,
+    reset_password_sent_at timestamp(6) without time zone
 );
 
 
@@ -3583,6 +3585,8 @@ INSERT INTO "schema_migrations" (version) VALUES
 ('21'),
 ('20240117185445'),
 ('20231213182102'),
+('20231213135917'),
+('20231213113946'),
 ('20231206141457'),
 ('20231117170422'),
 ('20231101222146'),