From 0463e47044a29783bd30891ac0be3ee7aaeefd64 Mon Sep 17 00:00:00 2001
From: Trevor Vallender <trevor@tsvallender.co.uk>
Date: Wed, 19 Jun 2024 16:42:15 +0100
Subject: [PATCH] Block unverified users

---
 app/controllers/sessions_controller.rb | 5 ++++-
 app/models/character_sheet_feature.rb  | 2 +-
 config/locales/en.yml                  | 1 +
 test/system/sessions_test.rb           | 9 +++++++++
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 6aa95d5..fe1aa5c 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -11,10 +11,13 @@ class SessionsController < ApplicationController
       username: params[:username],
       password: params[:password],
     )
-    if Current.user
+    if Current.user && Current.user.verified?
       session[:user_id] = Current.user.id
       flash[:notice] = t(".success", name: Current.user.first_name)
       redirect_to :root
+    elsif !Current.user.verified?
+      flash[:alert] = t(".not_verified")
+      render :new, status: :unprocessable_entity
     else
       flash[:alert] = t(".error")
       render :new, status: :unprocessable_entity
diff --git a/app/models/character_sheet_feature.rb b/app/models/character_sheet_feature.rb
index f30e197..6c89e41 100644
--- a/app/models/character_sheet_feature.rb
+++ b/app/models/character_sheet_feature.rb
@@ -40,7 +40,7 @@ class CharacterSheetFeature < ApplicationRecord
       return if order_index.present?
 
       if character_sheet_section.character_sheet_features.any?
-        self.order_index = character_sheet_section.character_sheet_features.order_index(:order_index).last.order_index + 1
+        self.order_index = character_sheet_section.character_sheet_features.order(:order_index).last.order_index + 1
       else
         self.order_index = 1
       end
diff --git a/config/locales/en.yml b/config/locales/en.yml
index cf1bd2b..869fa5f 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -137,6 +137,7 @@ en:
     create:
       success: "Hello, %{name}!"
       error: "Could not sign in. Please check your username and password."
+      not_verified: Please check your email to verify your account and log in.
     new:
       log_in: Log in
       forgot_password: Forgotten your password?
diff --git a/test/system/sessions_test.rb b/test/system/sessions_test.rb
index 89fa560..813e4d6 100644
--- a/test/system/sessions_test.rb
+++ b/test/system/sessions_test.rb
@@ -14,4 +14,13 @@ class SignUpsTest < ApplicationSystemTestCase
     click_on I18n.t("sessions.destroy.log_out")
     assert_text I18n.t("sessions.destroy.success")
   end
+
+  test "unverified users cannot log in" do
+    visit new_session_url
+    fill_in attr_name(User, :username), with: users(:unverified).username
+    fill_in attr_name(User, :password), with: "password"
+    click_button I18n.t("sessions.new.log_in")
+
+    assert_text I18n.t("sessions.create.not_verified")
+  end
 end