Refactor user registration flow in FirstRunsController to remove transaction block and streamline resource saving process. Update form helper in new.html.erb to use form_with for better compatibility. Remove unused boot_code attribute from User model.

LukasMalyszko · LukasMalyszko · commit a4e55278b23f · 2026-02-04T10:20:57.000+01:00
diff --git a/app/controllers/users/first_runs_controller.rb b/app/controllers/users/first_runs_controller.rb
@@ -20,48 +20,24 @@ def create
     resource.skip_confirmation_notification! if resource.respond_to?(:skip_confirmation_notification!)
     resource.skip_confirmation! if resource.respond_to?(:skip_confirmation!)
 
-    result = User.transaction do
-      # Re-check within a transaction to avoid race conditions with prevent_repeats
-      if User.exists?
-        redirect_to root_url
-        :redirected
-      end
-      if resource.save
-        # Ensure user is confirmed (reload to get fresh state)
-        resource.reload
-        resource.confirm if resource.respond_to?(:confirm) && !resource.confirmed?
-        # Sign up the user (which includes signing them in)
-        sign_up(resource_name, resource)
-        redirect_to after_sign_up_path_for(resource), notice: _("Administrator account created successfully!")
-        # Clear the boot code after the entire success flow completes
-        FirstRunBootCode.clear!
-      else
-        clean_up_passwords resource
-        set_minimum_password_length
-        respond_with resource
-        :invalid
-      end
+    if resource.save
+      # Ensure user is confirmed (reload to get fresh state)
+      resource.reload
+      resource.confirm if resource.respond_to?(:confirm) && !resource.confirmed?
+      # Sign up the user (which includes signing them in)
+      sign_up(resource_name, resource)
+      redirect_to after_sign_up_path_for(resource), notice: _("Administrator account created successfully!")
+      # Clear the boot code after the entire success flow completes
+      FirstRunBootCode.clear!
+    else
+      clean_up_passwords resource
+      set_minimum_password_length
+      respond_with resource
     end
-
-    nil if result == :redirected
   end
 
   protected
 
-  # Override to permit boot_code parameter
-  def configure_permitted_parameters
-    super
-    devise_parameter_sanitizer.permit(:sign_up, keys: [:boot_code])
-  end
-
-  # Override to exclude boot_code from params passed to User model
-  def sign_up_params
-    params = super
-    return params unless params
-
-    params.except(:boot_code)
-  end
-
   def build_resource(hash = {})
     super
 
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -3,8 +3,6 @@
 class User < ApplicationRecord
   include Pwpush::TokenAuthentication
 
-  attr_accessor :boot_code
-
   # Include default devise modules. Others available are:
   # :timeoutable and :omniauthable
   devise :database_authenticatable, :registerable,
diff --git a/app/views/users/first_runs/new.html.erb b/app/views/users/first_runs/new.html.erb
@@ -1,7 +1,7 @@
 <% title(_('First Run Setup')) %>
 <h2 class='my-3'><%= _('First Run Setup') %></h2>
 
-<%= form_for(resource, as: resource_name, url: first_run_path) do |f| %>
+<%= form_with(model: resource, as: resource_name, url: first_run_path) do |f| %>
   <%= render "devise/shared/error_messages", resource: resource %>
 
   <% if FirstRunBootCode.needed? %>
