From e8da7b31ba7135e96dc32a76ce348668967c26e6 Mon Sep 17 00:00:00 2001 From: Jose Antonio Torres Garibay Date: Wed, 20 Nov 2024 15:26:47 -0600 Subject: [PATCH 1/6] Add 2 weeks expiration for user invitation --- app/views/users/mailer/invitation_instructions.html.erb | 3 --- config/initializers/devise.rb | 2 +- config/locales/devise_invitable.en.yml | 2 +- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/app/views/users/mailer/invitation_instructions.html.erb b/app/views/users/mailer/invitation_instructions.html.erb index ca9501789c..2357d2d549 100644 --- a/app/views/users/mailer/invitation_instructions.html.erb +++ b/app/views/users/mailer/invitation_instructions.html.erb @@ -373,9 +373,6 @@ <% if @resource.invitation_due_at %>

<%= t("devise.mailer.invitation_instructions.accept_until", due_date: l(@resource.invitation_due_at, format: :'devise.mailer.invitation_instructions.accept_until_format')) %>

<% end %> -

For security reasons these invitations expire. This invitation will expire in 8 hours or if a new password reset is triggered.

-

If your invitation has an expired message, go <%= link_to "here", new_user_password_url %> and enter your email address to reset your password.

-

Feel free to ignore this email if you are not interested or if you feel it was sent by mistake.

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 3951cd3f08..f18cde16ff 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -120,7 +120,7 @@ # The period the generated invitation token is valid, after # this period, the invited resource won't be able to accept the invitation. # When invite_for is 0 (the default), the invitation won't expire. - # config.invite_for = 2.weeks + config.invite_for = 2.weeks # Number of invitations users can send. # - If invitation_limit is nil, there is no limit for invitations, users can diff --git a/config/locales/devise_invitable.en.yml b/config/locales/devise_invitable.en.yml index 7d5fc7c09c..22ec7d00a2 100644 --- a/config/locales/devise_invitable.en.yml +++ b/config/locales/devise_invitable.en.yml @@ -21,7 +21,7 @@ en: hello: "Hello %{email}" someone_invited_you: "Someone has invited you to %{url}, you can accept it through the link below." accept: "Accept invitation" - accept_until: "This invitation will be due in %{due_date}." + accept_until: "This invitation will be due in %{due_date} GMT." ignore: "If you don't want to accept the invitation, please ignore this email.
\nYour account won't be created until you access the link above and set your password." time: formats: From d686116ace584628aa7519240795f8623cb3ba9c Mon Sep 17 00:00:00 2001 From: Jose Antonio Torres Garibay Date: Wed, 20 Nov 2024 16:08:16 -0600 Subject: [PATCH 2/6] Update user invite instructions spec for 2 weeks duration --- spec/mailers/custom_devise_mailer_spec.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/spec/mailers/custom_devise_mailer_spec.rb b/spec/mailers/custom_devise_mailer_spec.rb index cf497921c2..c41ff9a29c 100644 --- a/spec/mailers/custom_devise_mailer_spec.rb +++ b/spec/mailers/custom_devise_mailer_spec.rb @@ -32,7 +32,8 @@ end context "when user is invited" do - let(:user) { create(:user) } + let(:invitation_sent_at) { Time.zone.now } + let(:user) { create(:user, invitation_sent_at: invitation_sent_at) } it "invites to user" do expect(mail.subject).to eq("Your Human Essentials App Account Approval") @@ -40,7 +41,7 @@ end it "has invite expiration message" do - expect(mail.html_part.body).to include("For security reasons these invitations expire. This invitation will expire in 8 hours or if a new password reset is triggered.") + expect(mail.html_part.body).to include("This invitation will be due in #{user.invitation_due_at.strftime("%B %d, %Y %I:%M %p")} GMT.") end end end From ad4e38d3cdec11ff0116ba60f8bfb36b9ab33e40 Mon Sep 17 00:00:00 2001 From: Jose Antonio Torres Garibay Date: Wed, 20 Nov 2024 16:13:27 -0600 Subject: [PATCH 3/6] Update email password reset instructions to its actual expiration time that is 6 hours --- app/views/users/mailer/reset_password_instructions.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/users/mailer/reset_password_instructions.html.erb b/app/views/users/mailer/reset_password_instructions.html.erb index 6656a60751..1352deb8fa 100644 --- a/app/views/users/mailer/reset_password_instructions.html.erb +++ b/app/views/users/mailer/reset_password_instructions.html.erb @@ -6,7 +6,7 @@

<%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>

-

For security reasons these invitations expire. This invitation will expire in 8 hours or if a new password reset is triggered.

+

For security reasons these invitations expire. This invitation will expire in 6 hours or if a new password reset is triggered.

If your invitation has an expired message, go <%= link_to "here", new_user_password_url %> and enter your email address to reset your password.

If you didn't request this, please ignore this email.

Your password won't change until you access the link above and create a new one.

From 0015c905a8bb0ad5f49a03aaea2ccc1f955a8b94 Mon Sep 17 00:00:00 2001 From: Jose Antonio Torres Garibay Date: Wed, 20 Nov 2024 16:14:04 -0600 Subject: [PATCH 4/6] Update password expiration spec --- spec/mailers/user_mailer_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/mailers/user_mailer_spec.rb b/spec/mailers/user_mailer_spec.rb index 236ecd1147..a01a01971e 100644 --- a/spec/mailers/user_mailer_spec.rb +++ b/spec/mailers/user_mailer_spec.rb @@ -22,7 +22,7 @@ let(:mail) { ActionMailer::Base.deliveries.last } it "sends an email with instructions" do - expect(mail.body.encoded).to include("For security reasons these invitations expire. This invitation will expire in 8 hours or if a new password reset is triggered.") + expect(mail.body.encoded).to include("For security reasons these invitations expire. This invitation will expire in 6 hours or if a new password reset is triggered.") end end end From c1d322e2d2294d4ed134236df28dbbf625e2cab2 Mon Sep 17 00:00:00 2001 From: Jose Antonio Torres Garibay Date: Tue, 26 Nov 2024 21:15:28 -0600 Subject: [PATCH 5/6] Add reset instructions if invitation has expired --- app/views/users/mailer/invitation_instructions.html.erb | 2 ++ spec/mailers/custom_devise_mailer_spec.rb | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/app/views/users/mailer/invitation_instructions.html.erb b/app/views/users/mailer/invitation_instructions.html.erb index 2357d2d549..af9967748c 100644 --- a/app/views/users/mailer/invitation_instructions.html.erb +++ b/app/views/users/mailer/invitation_instructions.html.erb @@ -373,6 +373,8 @@ <% if @resource.invitation_due_at %>

<%= t("devise.mailer.invitation_instructions.accept_until", due_date: l(@resource.invitation_due_at, format: :'devise.mailer.invitation_instructions.accept_until_format')) %>

<% end %> +

If your invitation has an expired message, go <%= link_to "here", new_user_password_url %> and enter your email address to reset your password.

+

Feel free to ignore this email if you are not interested or if you feel it was sent by mistake.

diff --git a/spec/mailers/custom_devise_mailer_spec.rb b/spec/mailers/custom_devise_mailer_spec.rb index c41ff9a29c..61b0ed9a53 100644 --- a/spec/mailers/custom_devise_mailer_spec.rb +++ b/spec/mailers/custom_devise_mailer_spec.rb @@ -43,6 +43,11 @@ it "has invite expiration message" do expect(mail.html_part.body).to include("This invitation will be due in #{user.invitation_due_at.strftime("%B %d, %Y %I:%M %p")} GMT.") end + + it "has reset instructions" do + expect(mail.html_part.body).to match(%r{

If your invitation has an expired message, go here and enter your email address to reset your password.

}) + expect(mail.html_part.body).to include("Feel free to ignore this email if you are not interested or if you feel it was sent by mistake.") + end end end end From 15395583cf366d319c987911af5bc92445b77f04 Mon Sep 17 00:00:00 2001 From: Jose Antonio Torres Garibay Date: Tue, 26 Nov 2024 21:15:52 -0600 Subject: [PATCH 6/6] Add correct expiration message --- config/locales/devise_invitable.en.yml | 2 +- spec/mailers/custom_devise_mailer_spec.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/locales/devise_invitable.en.yml b/config/locales/devise_invitable.en.yml index 22ec7d00a2..ba47068d82 100644 --- a/config/locales/devise_invitable.en.yml +++ b/config/locales/devise_invitable.en.yml @@ -21,7 +21,7 @@ en: hello: "Hello %{email}" someone_invited_you: "Someone has invited you to %{url}, you can accept it through the link below." accept: "Accept invitation" - accept_until: "This invitation will be due in %{due_date} GMT." + accept_until: "This invitation will expire at %{due_date} GMT or if a new password reset is triggered." ignore: "If you don't want to accept the invitation, please ignore this email.
\nYour account won't be created until you access the link above and set your password." time: formats: diff --git a/spec/mailers/custom_devise_mailer_spec.rb b/spec/mailers/custom_devise_mailer_spec.rb index 61b0ed9a53..a79167e717 100644 --- a/spec/mailers/custom_devise_mailer_spec.rb +++ b/spec/mailers/custom_devise_mailer_spec.rb @@ -40,8 +40,8 @@ expect(mail.html_part.body).to include("Your request has been approved and you're invited to become an user of the Human Essentials inventory management system!") end - it "has invite expiration message" do - expect(mail.html_part.body).to include("This invitation will be due in #{user.invitation_due_at.strftime("%B %d, %Y %I:%M %p")} GMT.") + it "has invite expiration message and reset instructions" do + expect(mail.html_part.body).to include("This invitation will expire at #{user.invitation_due_at.strftime("%B %d, %Y %I:%M %p")} GMT or if a new password reset is triggered.") end it "has reset instructions" do