Upgrade to devise-password 1.0

This makes the necesary changes to support the breaking changes.
DFE-Digital · Sep 18, 2023 · 99a3185 · 99a3185
1 parent 136d126
commit 99a3185
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 23 deletions.
diff --git a/app/controllers/teachers/magic_links_controller.rb b/app/controllers/teachers/magic_links_controller.rb
@@ -1,14 +1,8 @@
 # frozen_string_literal: true
 
-class Teachers::MagicLinksController < DeviseController
+class Teachers::MagicLinksController < Devise::MagicLinksController
   include TeacherCurrentNamespace
 
-  prepend_before_action :require_no_authentication, only: :show
-  prepend_before_action :allow_params_authentication!, only: :show
-  prepend_before_action(only: [:show]) do
-    request.env["devise.skip_timeout"] = true
-  end
-
   def show
     @resource = warden.authenticate!(auth_options)
     redirect_to new_teacher_session_path if @resource.nil?
@@ -22,17 +16,6 @@ def create
 
   protected
 
-  def auth_options
-    mapping = Devise.mappings[resource_name]
-    { scope: resource_name, recall: "#{mapping.controllers[:sessions]}#new" }
-  end
-
-  def translation_scope
-    "devise.sessions"
-  end
-
-  private
-
   def after_sign_in_path_for(resource)
     stored_location_for(resource) || teacher_interface_root_path
   end

diff --git a/app/models/teacher.rb b/app/models/teacher.rb
@@ -39,8 +39,7 @@ def application_form
   end
 
   def send_magic_link(*)
-    token = Devise::Passwordless::LoginToken.encode(self)
-    send_devise_notification(:magic_link, token, {})
+    send_devise_notification(:magic_link, encode_passwordless_token, {})
   end
 
   def send_devise_notification(notification, *args)

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -365,6 +365,9 @@
   # each time you sign in, all existing magic links will be considered invalid.
   # config.passwordless_expire_old_tokens_on_sign_in = true
 
+  # Which algorithm to use for tokenizing magic links. See README for descriptions
+  config.passwordless_tokenizer = "MessageEncryptorTokenizer"
+
   config.omniauth :azure_activedirectory_v2,
                   client_id: ENV["MICROSOFT_OAUTH_CLIENT_ID"],
                   client_secret: ENV["MICROSOFT_OAUTH_CLIENT_SECRET"],

diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml
@@ -60,6 +60,7 @@ en:
     passwordless:
       not_found_in_database: "Could not find a user for that email address"
       magic_link_sent: "A login link has been sent to your email address. Please follow the link to log in to your account."
+      magic_link_sent_paranoid: "If your account exists, you will receive an email with a login link. Please follow the link to log in to your account."
   errors:
     messages:
       already_confirmed: "was already confirmed, please try signing in"

diff --git a/config/routes.rb b/config/routes.rb
@@ -369,6 +369,7 @@
   devise_for :teachers,
              path: "/teacher",
              controllers: {
+               magic_links: "teachers/magic_links",
                registrations: "teachers/registrations",
                sessions: "teachers/sessions",
              }
@@ -377,9 +378,6 @@
     get "/teacher/sign_in_or_sign_up",
         to: "teachers/sessions#new_or_create",
         as: "create_or_new_teacher_session"
-    get "/teacher/magic_link",
-        to: "teachers/magic_links#show",
-        as: "teacher_magic_link"
     post "/teacher/magic_link", to: "teachers/magic_links#create"
 
     get "/teacher/check_email",