Allow admins to create users with password and update user password

2026-01-10 17:21:38 -05:00 · 2024-11-12 14:56:48 +01:00 · 2024-11-12 14:56:48 +01:00 · 4048f4dac6
commit 4048f4dac6
parent bae84d19d9
4 changed files with 40 additions and 9 deletions
--- a/app/controllers/settings/users_controller.rb
+++ b/app/controllers/settings/users_controller.rb
@ -25,13 +25,12 @@ class Settings::UsersController < ApplicationController
  def create
    @user = User.new(
      email: user_params[:email],
-      password: 'password',
-      password_confirmation: 'password'
+      password: user_params[:password],
+      password_confirmation: user_params[:password]
    )

    if @user.save
-      redirect_to settings_users_url,
-                  notice: "User was successfully created, email is #{@user.email}, password is \"password\"."
+      redirect_to settings_users_url, notice: 'User was successfully created'
    else
      redirect_to settings_users_url, notice: 'User could not be created.', status: :unprocessable_entity
    end
@ -50,6 +49,6 @@ class Settings::UsersController < ApplicationController
  private

  def user_params
-    params.require(:user).permit(:email)
+    params.require(:user).permit(:email, :password)
  end
 end
--- a/app/views/settings/users/edit.html.erb
+++ b/app/views/settings/users/edit.html.erb
@ -13,6 +13,12 @@
          <% end %>
          <%= f.email_field :email, value: @user.email, class: "input input-bordered" %>
        </div>
+        <div class="form-control">
+          <%= f.label :password do %>
+            Password
+          <% end %>
+          <%= f.password_field :password, autofocus: true, autocomplete: "new-password", class: "input input-bordered" %>
+        </div>
        <div class="form-control mt-5">
          <%= f.submit "Update", class: "btn btn-primary" %>
        </div>
--- a/app/views/settings/users/index.html.erb
+++ b/app/views/settings/users/index.html.erb
@ -46,6 +46,12 @@
        <% end %>
        <%= f.email_field :email, value: '', class: "input input-bordered" %>
      </div>
+      <div class="form-control">
+        <%= f.label :password do %>
+          Password
+        <% end %>
+        <%= f.password_field :password, autofocus: true, autocomplete: "new-password", class: "input input-bordered" %>
+      </div>
      <div class="form-control mt-5">
        <%= f.submit "Create", class: "btn btn-primary" %>
      </div>
--- a/spec/requests/settings/users_spec.rb
+++ b/spec/requests/settings/users_spec.rb
@ -3,7 +3,8 @@
 require 'rails_helper'

 RSpec.describe '/settings/users', type: :request do
-  let(:valid_attributes) { { email: 'user@domain.com' } }
+  let(:valid_attributes) { { email: 'user@domain.com', password: '4815162342' } }
+  let!(:admin) { create(:user, :admin) }

  context 'when user is not authenticated' do
    it 'redirects to sign in page' do
@ -25,8 +26,6 @@ RSpec.describe '/settings/users', type: :request do
    end

    context 'when user is an admin' do
-      let!(:admin) { create(:user, :admin) }
-
      describe 'POST /create' do
        before { sign_in admin }

@ -35,13 +34,16 @@ RSpec.describe '/settings/users', type: :request do
            expect do
              post settings_users_url, params: { user: valid_attributes }
            end.to change(User, :count).by(1)
+
+            expect(User.last.email).to eq(valid_attributes[:email])
+            expect(User.last.valid_password?(valid_attributes[:password])).to be_truthy
          end

          it 'redirects to the created settings_user' do
            post settings_users_url, params: { user: valid_attributes }

            expect(response).to redirect_to(settings_users_url)
-            expect(flash[:notice]).to eq("User was successfully created, email is #{valid_attributes[:email]}, password is \"password\".")
+            expect(flash[:notice]).to eq('User was successfully created')
          end
        end

@ -61,6 +63,24 @@ RSpec.describe '/settings/users', type: :request do
          end
        end
      end
+
+      describe 'PATCH /update' do
+        let(:user) { create(:user) }
+
+        before { sign_in admin }
+
+        context 'with valid parameters' do
+          let(:new_attributes) { { email: FFaker::Internet.email, password: '4815162342' } }
+
+          it 'updates the requested user' do
+            patch settings_user_url(user), params: { user: new_attributes }
+
+            user.reload
+            expect(user.email).to eq(new_attributes[:email])
+            expect(user.valid_password?(new_attributes[:password])).to be_truthy
+          end
+        end
+      end
    end
  end
 end