found it

loftwah · Aug 24, 2024 · 3a74681 · 3a74681
1 parent 43ba1e0
commit 3a74681
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 23 deletions.
diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
@@ -34,21 +34,27 @@ def edit
   def update
     @user = current_user
     @user.tags = JSON.parse(@user.tags) if @user.tags.is_a?(String)
-
-    if params[:user][:password].present? || params[:user][:password_confirmation].present?
+
+    # Check if password or email is being updated
+    is_password_change = params[:user][:password].present? || params[:user][:password_confirmation].present?
+    is_email_change = params[:user][:email].present? && params[:user][:email] != @user.email
+
+    if is_password_change || is_email_change
+      # Require current password for sensitive changes
       successfully_updated = @user.update_with_password(account_update_params)
     else
+      # Do not require current password for non-sensitive changes
       params[:user].delete(:current_password)
-      successfully_updated = @user.update_without_password(account_update_params.except(:current_password))
+      successfully_updated = @user.update_without_password(account_update_params)
     end
-
+  
     if successfully_updated
       bypass_sign_in(@user) # Sign in the user bypassing validation
       redirect_to edit_user_registration_path, notice: 'Profile updated successfully'
     else
       render :edit
     end
-  end
+  end  
 
   protected
 
@@ -64,12 +70,8 @@ def sign_up_params
   end
 
   def account_update_params
-    params.require(:user).permit(:email, :password, :password_confirmation, :current_password,
-                                 :username, :full_name, :avatar, :banner, :description, :tags,
-                                 :public_analytics).tap do |user_params|
-      if user_params[:tags].present?
-        user_params[:tags] = user_params[:tags].split(',').map(&:strip).to_json
-      end
+    params.require(:user).permit(:email, :password, :password_confirmation, :current_password, :username, :full_name, :tags, :avatar, :banner, :description, :public_analytics).tap do |user_params|
+      user_params[:tags] = user_params[:tags].split(',').map(&:strip).to_json if user_params[:tags].present?
     end
   end
 end
diff --git a/config/routes.rb b/config/routes.rb
@@ -1,16 +1,10 @@
 Rails.application.routes.draw do
   get 'analytics/index'
-  if Rails.env.production?
-    devise_for :users, skip: [:registrations]
-    as :user do
-      get 'users/edit' => 'devise/registrations#edit', as: 'edit_user_registration'
-      put 'users' => 'devise/registrations#update', as: 'user_registration'
-    end
-  else
-    devise_for :users, controllers: {
-      registrations: 'users/registrations'
-    }
-  end
+
+  # Use the custom registrations controller in all environments
+  devise_for :users, controllers: {
+    registrations: 'users/registrations'
+  }
 
   resources :links do
     member do
@@ -29,4 +23,4 @@
   resources :links, only: [:index, :show, :new, :create, :edit, :update, :destroy]
   resources :achievements, only: [:index, :show, :new, :create, :edit, :update, :destroy]
   get '/:username', to: 'links#user_links', as: 'user_links'
-end
+end