From 30c30c696a0c80bff5d85e487f2a91313ca0d9f3 Mon Sep 17 00:00:00 2001 From: mgabdev <> Date: Wed, 28 Aug 2019 16:13:56 -0400 Subject: [PATCH] Added password reset via admin panel --- app/controllers/admin/accounts_controller.rb | 27 +++++++++++++++++++- app/views/admin/accounts/edit.html.haml | 12 +++++++++ app/views/admin/accounts/show.html.haml | 3 +++ config/locales/en.yml | 4 +++ config/routes.rb | 2 +- 5 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 app/views/admin/accounts/edit.html.haml diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb index 0fa6d072..9e17d789 100644 --- a/app/controllers/admin/accounts_controller.rb +++ b/app/controllers/admin/accounts_controller.rb @@ -2,7 +2,7 @@ module Admin class AccountsController < BaseController - before_action :set_account, only: [:show, :subscribe, :unsubscribe, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize, :approve, :reject, :verify, :unverify, :add_donor_badge, :remove_donor_badge, :add_investor_badge, :remove_investor_badge, :edit_pro, :save_pro] + before_action :set_account, only: [:show, :subscribe, :unsubscribe, :redownload, :remove_avatar, :remove_header, :enable, :unsilence, :unsuspend, :memorialize, :approve, :reject, :verify, :unverify, :add_donor_badge, :remove_donor_badge, :add_investor_badge, :remove_investor_badge, :edit_pro, :save_pro, :edit, :update] before_action :require_remote_account!, only: [:subscribe, :unsubscribe, :redownload] before_action :require_local_account!, only: [:enable, :memorialize, :approve, :reject] @@ -173,6 +173,22 @@ module Admin redirect_to edit_pro_admin_account_path(@account.id) end + def edit + redirect_to admin_account_path(@account.id) unless @account.local? + @user = @account.user + end + + def update + redirect_to admin_account_path(@account.id) unless @account.local? + @user = @account.user + if @user.update(credentials_params) + redirect_to admin_account_path(@account.id), notice: I18n.t('generic.changes_saved_msg') + else + render action: :edit + end + end + + private def set_account @@ -211,5 +227,14 @@ module Admin def pro_params params.require(:account).permit(:is_pro, :pro_expires_at) end + + def credentials_params + new_params = params.require(:user).permit(:email, :password, :password_confirmation) + if new_params[:password].blank? && new_params[:password_confirmation].blank? + new_params.delete(:password) + new_params.delete(:password_confirmation) + end + new_params + end end end diff --git a/app/views/admin/accounts/edit.html.haml b/app/views/admin/accounts/edit.html.haml new file mode 100644 index 00000000..faaf050f --- /dev/null +++ b/app/views/admin/accounts/edit.html.haml @@ -0,0 +1,12 @@ +- content_for :page_title do + = t('admin.accounts.change_password.title', username: @account.acct) + += simple_form_for(@user, url: admin_account_path(@account.id), html: { method: :put }) do |f| + = render 'shared/error_messages', object: @user + + = f.input :email, placeholder: t('simple_form.labels.defaults.email'), input_html: { 'aria-label' => t('simple_form.labels.defaults.email') } + = f.input :password, autocomplete: "off", placeholder: t('simple_form.labels.defaults.new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.new_password') } + = f.input :password_confirmation, autocomplete: "off", placeholder: t('simple_form.labels.defaults.confirm_new_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_new_password') } + + .actions + = f.button :button, t('admin.accounts.set_new_password'), type: :submit \ No newline at end of file diff --git a/app/views/admin/accounts/show.html.haml b/app/views/admin/accounts/show.html.haml index 41228e39..daaf286b 100644 --- a/app/views/admin/accounts/show.html.haml +++ b/app/views/admin/accounts/show.html.haml @@ -221,6 +221,9 @@ - elsif !@account.local? || @account.user_approved? = link_to t('admin.accounts.perform_full_suspension'), new_admin_account_action_path(@account.id, type: 'suspend'), class: 'button button--destructive' if can?(:suspend, @account) + - if @account.local? + = link_to t('admin.accounts.change_password.button'), edit_admin_account_path(@account.id), class: 'button' + - unless @account.local? - if DomainBlock.where(domain: @account.domain).exists? = link_to t('admin.domain_blocks.undo'), admin_instance_path(@account.domain), class: 'button' diff --git a/config/locales/en.yml b/config/locales/en.yml index 41c657a4..033a952f 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -92,6 +92,10 @@ en: new_email: New email submit: Change email title: Change email for %{username} + change_password: + button: Change Password + title: Change password for %{username} + set_new_password: Update confirm: Confirm confirmed: Confirmed confirming: Confirming diff --git a/config/routes.rb b/config/routes.rb index 27ca11dc..4c296825 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -182,7 +182,7 @@ Rails.application.routes.draw do resources :report_notes, only: [:create, :destroy] - resources :accounts, only: [:index, :show] do + resources :accounts, only: [:index, :show, :edit, :update] do member do post :subscribe post :unsubscribe