Chore: Improve confirmation flow for agents (#3519)

- Agents are redirected to the password reset page which confirms the agent as well as sets a new password.
2021-12-09 11:11:46 +05:30 · 2021-12-09 11:11:46 +05:30 · 1db82f235d
commit 1db82f235d
parent 9306b725d8
3 changed files with 23 additions and 7 deletions
--- a/app/controllers/devise_overrides/confirmations_controller.rb
+++ b/app/controllers/devise_overrides/confirmations_controller.rb
@ -28,10 +28,7 @@ class DeviseOverrides::ConfirmationsController < Devise::ConfirmationsController
  end

  def create_reset_token_link(user)
-    raw, enc = Devise.token_generator.generate(user.class, :reset_password_token)
-    user.reset_password_token   = enc
-    user.reset_password_sent_at = Time.now.utc
-    user.save(validate: false)
-    "/app/auth/password/edit?config=default&redirect_url=&reset_password_token=#{raw}"
+    token = user.send(:set_reset_password_token)
+    "/app/auth/password/edit?config=default&redirect_url=&reset_password_token=#{token}"
  end
 end
--- a/app/views/devise/mailer/confirmation_instructions.html.erb
+++ b/app/views/devise/mailer/confirmation_instructions.html.erb
@ -7,4 +7,8 @@

 <p>You can confirm your account email through the link below:</p>

+<% if account_user&.inviter.present? %>
+<p><%= link_to 'Confirm my account', frontend_url('auth/password/edit', reset_password_token: @resource.send(:set_reset_password_token)) %></p>
+<% else %>
 <p><%= link_to 'Confirm my account', frontend_url('auth/confirmation', confirmation_token: @token) %></p>
+<% end %>
--- a/spec/mailers/confirmation_instructions_spec.rb
+++ b/spec/mailers/confirmation_instructions_spec.rb
@ -5,9 +5,14 @@ require 'rails_helper'
 RSpec.describe 'Confirmation Instructions', type: :mailer do
  describe :notify do
    let(:account) { create(:account) }
-    let(:confirmable_user) { create(:user, inviter: inviter_val, account: account) }
+    let!(:confirmable_user) { create(:user, inviter: inviter_val, account: account) }
    let(:inviter_val) { nil }
-    let(:mail) { Devise::Mailer.confirmation_instructions(confirmable_user, nil, {}) }
+    let(:mail) { Devise::Mailer.confirmation_instructions(confirmable_user.reload, nil, {}) }
+
+    before do
+      # to verify the token in email
+      confirmable_user.send(:generate_confirmation_token)
+    end

    it 'has the correct header data' do
      expect(mail.reply_to).to contain_exactly('accounts@chatwoot.com')
@ -23,6 +28,11 @@ RSpec.describe 'Confirmation Instructions', type: :mailer do
      expect(mail.body).to_not match('has invited you to try out Chatwoot!')
    end

+    it 'sends a confirmation link' do
+      expect(mail.body).to include("app/auth/confirmation?confirmation_token=#{confirmable_user.confirmation_token}")
+      expect(mail.body).not_to include('app/auth/password/edit')
+    end
+
    context 'when there is an inviter' do
      let(:inviter_val) { create(:user, :administrator, skip_confirmation: true, account: account) }

@ -31,6 +41,11 @@ RSpec.describe 'Confirmation Instructions', type: :mailer do
          "#{CGI.escapeHTML(inviter_val.name)}, with #{CGI.escapeHTML(account.name)}, has invited you to try out Chatwoot!"
        )
      end
+
+      it 'sends a password reset link' do
+        expect(mail.body).to include('app/auth/password/edit?reset_password_token')
+        expect(mail.body).not_to include('app/auth/confirmation')
+      end
    end
  end
 end