Take advantage of password challenge feature

rossta · rossta · commit 0b48dfb4e1d4 · 2024-06-15T17:58:05.000-04:00
The password challenge feature was recently added to go with has_secure_password rails/rails#43688
diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
@@ -29,11 +29,11 @@ def edit
   end
 
   def update
-    update_user_params = params.require(:user).permit(:current_password, :password, :password_confirmation, email_exchanges_attributes: [:email])
+    update_user_params = params.require(:user).permit(:password_challenge, :password, :password_confirmation, email_exchanges_attributes: [:email])
 
     @user = current_user
 
-    if !@user.authenticate(params[:user][:current_password])
+    if !@user.authenticate(params[:user][:password_challenge])
       flash.now[:error] = "Incorrect password"
       return render Users::Registrations::EditView.new(user: @user), status: :unprocessable_entity
     end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -13,8 +13,6 @@ class User < ApplicationRecord
   generates_token_for :confirmation, expires_in: 6.hours
   generates_token_for :password_reset, expires_in: 10.minutes
 
-  attribute :current_password
-
   def confirmable_email
     if pending_email_exchange.present?
       pending_email_exchange.email
diff --git a/app/views/users/registrations/edit_view.rb b/app/views/users/registrations/edit_view.rb
@@ -45,8 +45,8 @@ def view_template
             required: false
         end
         fieldset do
-          layout.form_label form, :current_password, "Current password to confirm changes"
-          layout.form_field form, :password_field, :current_password,
+          layout.form_label form, :password_challenge, "Current password to confirm changes"
+          layout.form_field form, :password_field, :password_challenge,
             type: "password",
             autocomplete: "current-password",
             required: false
diff --git a/spec/requests/users/registrations_spec.rb b/spec/requests/users/registrations_spec.rb
@@ -121,7 +121,7 @@
       login_user(user)
 
       put users_registration_path,
-        params: {user: {current_password: "password", password: "newpassword", password_confirmation: "newpassword"}}
+        params: {user: {password_challenge: "password", password: "newpassword", password_confirmation: "newpassword"}}
 
       expect(response).to redirect_to(users_dashboard_path)
       expect(flash[:notice]).to eq("Account updated")
@@ -136,7 +136,7 @@
 
       expect {
         put users_registration_path,
-          params: {user: {current_password: "password", email_exchanges_attributes: [{email: new_email}]}}
+          params: {user: {password_challenge: "password", email_exchanges_attributes: [{email: new_email}]}}
       }.to change(user.email_exchanges, :count).by(1)
 
       expect(response).to redirect_to(users_dashboard_path)
