Enable setting password for subscribers

rossta · rossta · commit 5a3eaa0c4b54 · 2024-06-30T18:12:28.000-04:00
diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
@@ -37,12 +37,13 @@ def update
 
     user = current_user
 
-    if !user.authenticate(params[:user][:password_challenge])
+    if user.password_digest_was.present? && !user.authenticate(params[:user][:password_challenge])
       flash.now[:error] = "Incorrect password"
       return render Users::Registrations::EditView.new(user: user), status: :unprocessable_entity
     end
 
     if !user.update(update_user_params)
+      flash.now[:error] = user.errors.full_messages.to_sentence
       return render Users::Registrations::EditView.new(user: user), status: :unprocessable_entity
     end
 
diff --git a/spec/requests/users/registrations_spec.rb b/spec/requests/users/registrations_spec.rb
@@ -173,5 +173,27 @@
       expect(flash.now[:error]).to eq("Incorrect password")
       expect(response).to have_http_status(:unprocessable_entity)
     end
+
+    it "allows for subscriber setting password first time" do
+      user = FactoryBot.create(:user, :confirmed, :subscriber)
+      login_user(user)
+
+      put users_registration_path,
+        params: {user: {password: "password", password_confirmation: "password"}}
+
+      expect(response).to redirect_to(users_dashboard_path)
+      expect(flash[:notice]).to eq("Account updated")
+    end
+
+    it "disallows for subscriber setting password first time without password confirmation" do
+      user = FactoryBot.create(:user, :confirmed, :subscriber)
+      login_user(user)
+
+      put users_registration_path,
+        params: {user: {password: "password", password_confirmation: "wrongpassword"}}
+
+      expect(flash.now[:error]).to eq("Password confirmation doesn't match Password")
+      expect(response).to have_http_status(:unprocessable_entity)
+    end
   end
 end
