Add account creation

app/controllers/authentication_controller.rb

@@ -11,11 +11,14 @@ class AuthenticationController < ApplicationController
     else
       u = User.find_by(email: params[:session][:email])
 
-      if u && u.authenticate(params[:session][:password])
+      if u && u.confirmed && u.authenticate(params[:session][:password])
         log_in(u, params[:session][:remember_me].to_i)
 
         flash[:success] = "Hello, #{u.person.full_name}!"
         redirect_to root_path
+      elsif u and not u.confirmed
+        flash[:warning] = "Your account has not been activated yet, please confirm using the email you have received."
+        redirect_to action: 'login_form'
       else
         flash[:danger] = "Invalid username/password combination!"
         redirect_to action: 'login_form'
@@ -41,7 +44,32 @@ class AuthenticationController < ApplicationController
   end
 
   def create_password
-    flash[:danger] = "Not yet implemented."
+    person = Person.find_by(email: params[:user][:email])
+
+    if not person
+      flash[:warning] = "That email address is unknown!"
+      redirect_to action: 'create_password_form'
+      return
+    end
+
+    user = User.find_by(person: person)
+    if user and user.confirmed
+      flash[:warning] = "Your account has already been activated, please use the login form if you have forgotten your password."
+      redirect_to action: 'login'
+      return
+    end
+
+    if not user
+      user = User.new
+      user.person = person
+      user.email = person.email
+      user.password = user.password_confirmation = SecureRandom::urlsafe_base64 32
+      user.confirmed = false
+      user.save!
+    end
+
+    AuthenticationMailer::password_confirm_email(user).deliver_now
+    flash[:success] = "An email has been sent, check your inbox!"
     redirect_to action: 'login'
   end
 
@@ -63,7 +91,7 @@ class AuthenticationController < ApplicationController
 
   def reset_password_form
     token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:password_reset])
-    if not password_reset_token_valid? token
+    if not token_valid? token
       return
     end
     render layout: 'void'
@@ -71,7 +99,7 @@ class AuthenticationController < ApplicationController
 
   def reset_password
     token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:password_reset])
-    if not password_reset_token_valid? token
+    if not token_valid? token
       return
     end
 
@@ -92,12 +120,36 @@ class AuthenticationController < ApplicationController
     redirect_to action: 'login'
   end
 
+  def confirm_account_form
+    token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:account_confirmation])
+    return unless token_valid? token
+
+    @user = token.user
+    render layout: 'void'
+  end
+
+  def confirm_account
+    token = Token.find_by(token: params[:token], tokentype: Token::TYPES[:account_confirmation])
+    return unless token_valid? token
+
+    user = token.user
+    user.password = params[:account_confirmation][:password]
+    user.password_confirmation = params[:account_confirmation][:password_confirmation]
+    user.confirmed = true
+    user.save!
+
+    token.destroy!
+
+    flash[:success] = "Your account has been confirmed, you may now log in."
+    redirect_to action: 'login'
+  end
+
   private
   def session_params
     params.require(:session).permit(:email, :password, :remember_me)
   end
 
-  def password_reset_token_valid?(token)
+  def token_valid?(token)
     if token.nil?
       flash[:warning] = "No valid token specified!"
       redirect_to action: 'login'

app/mailers/authentication_mailer.rb

@@ -10,4 +10,16 @@ class AuthenticationMailer < ApplicationMailer
 
     mail(to: @user.email, subject: "Reset your Aardbei-password")
   end
+
+  def password_confirm_email(user)
+    token = Token.new
+    token.user = user
+    token.tokentype = Token::TYPES[:account_confirmation]
+    token.save!
+
+    @token = token
+    @user = user
+
+    mail(to: @user.email, subject: "Confirm your Aardbei-account")
+  end
 end

app/models/activity.rb

@@ -87,8 +87,8 @@ class Activity < ApplicationRecord
   # Determine whether the passed Person may change this activity.
   def may_change?(person)
     person.is_admin ||
-    self.is_organizer(person) ||
-    self.group.is_leader(person)
+    self.is_organizer?(person) ||
+    self.group.is_leader?(person)
   end
 
   # Create Participants for all People that

app/models/user.rb

@@ -5,6 +5,10 @@ class User < ApplicationRecord
   #   @return [String]
   #     the user's email address. Should be the same as the associated Person's
   #     email address.
+  #
+  # @!attribute confirmed
+  #   @return [Boolean]
+  #     whether or not this account has been activated yet.
 
   has_secure_password
   belongs_to :person

app/views/authentication/confirm_account_form.html.haml

@@ -0,0 +1,18 @@
+- content_for :title do
+  Confirm account
+.container
+  = render 'shared/alerts'
+  = form_for :account_confirmation, url: {action: 'confirm_account', token: params[:token]}, html: { class: 'central-form'} do |f|
+    %h2.central-form-header.text-center
+      Confirm account
+
+    = f.password_field :password, placeholder: "New password", class: 'form-control input-top'
+    = f.password_field :password_confirmation, placeholder: "Confirm new password", class: 'form-control input-bottom'
+    = f.submit "Confirm account", class: 'btn btn-primary btn-lg btn-block'
+
+  .central-form
+    %ul.hdis
+      %li
+        = link_to "Login",          {action: 'login',           controller: 'authentication'}, {class: 'btn btn-secondary'}
+      %li
+        = link_to "Create account", {action: 'create_password', controller: 'authentication'}, {class: 'btn btn-secondary'}

app/views/authentication_mailer/password_confirm_email.text.erb

@@ -0,0 +1,9 @@
+Hello <%= @user.person.first_name %>,
+
+Please confirm your account for Aardbei by clicking on the following link:
+
+<%= confirm_url(token: @token.token) %>
+
+This link will expire <%= @token.expires %>.
+
+Aardbei

config/routes.rb

@@ -9,6 +9,9 @@ Rails.application.routes.draw do
   get  'register', to: 'authentication#create_password_form'
   post 'register', to: 'authentication#create_password'
 
+  get  'confirm', to: 'authentication#confirm_account_form'
+  post 'confirm', to: 'authentication#confirm_account'
+
   get  'forgot', to: 'authentication#forgotten_password_form'
   post 'forgot', to: 'authentication#forgotten_password'
 

db/migrate/20170222104408_add_confirmed_to_user.rb

@@ -0,0 +1,5 @@
+class AddConfirmedToUser < ActiveRecord::Migration[5.0]
+  def change
+    add_column :users, :confirmed, :boolean
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170210180426) do
+ActiveRecord::Schema.define(version: 20170222104408) do
 
   create_table "activities", force: :cascade do |t|
     t.string   "public_name"
@@ -94,6 +94,7 @@ ActiveRecord::Schema.define(version: 20170210180426) do
     t.integer  "person_id"
     t.datetime "created_at",      null: false
     t.datetime "updated_at",      null: false
+    t.boolean  "confirmed"
     t.index ["email"], name: "index_users_on_email", unique: true
     t.index ["person_id"], name: "index_users_on_person_id", unique: true
   end