Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reorder controller methods to enhance developer experience and improve readability #90

Closed
wants to merge 2 commits into from
Closed

Reorder controller methods to enhance developer experience and improve readability #90

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
800b2b6
Reorder controller methods to enhance developer experience and improv…
pinzonjulian Sep 13, 2022
dc5918f
Reorder paragraph where actions are mentioned
pinzonjulian Sep 13, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 21 additions & 21 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,10 @@ rails g controller Users
# app/controllers/users_controller.rb
class UsersController < ApplicationController

def new
@user = User.new
end

def create
@user = User.new(user_params)
if @user.save
Expand All @@ -185,10 +189,6 @@ class UsersController < ApplicationController
end
end

def new
@user = User.new
end

private

def user_params
Expand Down Expand Up @@ -254,6 +254,10 @@ rails g controller Confirmations
# app/controllers/confirmations_controller.rb
class ConfirmationsController < ApplicationController

def new
@user = User.new
end

def create
@user = User.find_by(email: params[:user][:email].downcase)

Expand All @@ -275,10 +279,6 @@ class ConfirmationsController < ApplicationController
end
end

def new
@user = User.new
end

end
```

Expand Down Expand Up @@ -509,6 +509,9 @@ rails g controller Sessions
class SessionsController < ApplicationController
before_action :redirect_if_authenticated, only: [:create, :new]

def new
end

def create
@user = User.find_by(email: params[:user][:email].downcase)
if @user
Expand All @@ -532,9 +535,6 @@ class SessionsController < ApplicationController
redirect_to root_path, notice: "Signed out."
end

def new
end

end
```

Expand Down Expand Up @@ -676,6 +676,9 @@ rails g controller Passwords
# app/controllers/passwords_controller.rb
class PasswordsController < ApplicationController
before_action :redirect_if_authenticated

def new
end

def create
@user = User.find_by(email: params[:user][:email].downcase)
Expand All @@ -700,9 +703,6 @@ class PasswordsController < ApplicationController
end
end

def new
end

def update
@user = User.find_signed(params[:password_reset_token], purpose: :reset_password)
if @user
Expand Down Expand Up @@ -730,11 +730,11 @@ end

> **What's Going On Here?**
>
> - The `new` action simply renders a form for the user to put their email address in to receive the password reset email.
> - The `create` action will send an email to the user containing a link that will allow them to reset the password. The link will contain their `password_reset_token` which is unique and expires. Note that we call `downcase` on the email to account for case sensitivity when searching.
> - You'll remember that the `password_reset_token` is a [signed_id](https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html#method-i-signed_id), and is set to expire in 10 minutes. You'll also note that we need to pass the method `purpose: :reset_password` to be consistent with the purpose that was set in the `generate_password_reset_token` method.
> - Note that we return `Invalid or expired token.` if the user is not found. This makes it difficult for a bad actor to use the reset form to see which email accounts exist on the application.
> - The `edit` action simply renders the form for the user to update their password. It attempts to find a user by their `password_reset_token`. You can think of the `password_reset_token` as a way to identify the user much like how we normally identify records by their ID. However, the `password_reset_token` is randomly generated and will expire so it's more secure.
> - The `new` action simply renders a form for the user to put their email address in to receive the password reset email.
> - The `update` also ensures the user is identified by their `password_reset_token`. It's not enough to just do this on the `edit` action since a bad actor could make a `PUT` request to the server and bypass the form.
> - If the user exists and is confirmed we update their password to the one they will set in the form. Otherwise, we handle each failure case differently.

Expand Down Expand Up @@ -920,12 +920,6 @@ class UsersController < ApplicationController
...
end

def destroy
current_user.destroy
reset_session
redirect_to root_path, notice: "Your account has been deleted."
end

def edit
@user = current_user
end
Expand All @@ -949,6 +943,12 @@ class UsersController < ApplicationController
end
end

def destroy
current_user.destroy
reset_session
redirect_to root_path, notice: "Your account has been deleted."
end

private

def create_user_params
Expand Down
8 changes: 4 additions & 4 deletions app/controllers/confirmations_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
class ConfirmationsController < ApplicationController
before_action :redirect_if_authenticated, only: [:create, :new]

def new
@user = User.new
end

def create
@user = User.find_by(email: params[:user][:email].downcase)

Expand All @@ -25,8 +29,4 @@ def edit
redirect_to new_confirmation_path, alert: "Invalid token."
end
end

def new
@user = User.new
end
end
6 changes: 3 additions & 3 deletions app/controllers/passwords_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
class PasswordsController < ApplicationController
before_action :redirect_if_authenticated

def new
end

def create
@user = User.find_by(email: params[:user][:email].downcase)
if @user.present?
Expand All @@ -24,9 +27,6 @@ def edit
end
end

def new
end

def update
@user = User.find_signed(params[:password_reset_token], purpose: :reset_password)
if @user
Expand Down
6 changes: 3 additions & 3 deletions app/controllers/sessions_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ class SessionsController < ApplicationController
before_action :redirect_if_authenticated, only: [:create, :new]
before_action :authenticate_user!, only: [:destroy]

def new
end

def create
@user = User.authenticate_by(email: params[:user][:email].downcase, password: params[:user][:password])
if @user
Expand All @@ -24,7 +27,4 @@ def destroy
logout
redirect_to root_path, notice: "Signed out."
end

def new
end
end
20 changes: 10 additions & 10 deletions app/controllers/users_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ class UsersController < ApplicationController
before_action :authenticate_user!, only: [:edit, :destroy, :update]
before_action :redirect_if_authenticated, only: [:create, :new]

def new
@user = User.new
end

def create
@user = User.new(create_user_params)
if @user.save
Expand All @@ -12,21 +16,11 @@ def create
end
end

def destroy
current_user.destroy
reset_session
redirect_to root_path, notice: "Your account has been deleted."
end

def edit
@user = current_user
@active_sessions = @user.active_sessions.order(created_at: :desc)
end

def new
@user = User.new
end

def update
@user = current_user
@active_sessions = @user.active_sessions.order(created_at: :desc)
Expand All @@ -47,6 +41,12 @@ def update
end
end

def destroy
current_user.destroy
reset_session
redirect_to root_path, notice: "Your account has been deleted."
end

private

def create_user_params
Expand Down