Block unverified users

app/controllers/sessions_controller.rb

@@ -11,10 +11,13 @@ class SessionsController < ApplicationController
       username: params[:username],
       password: params[:password],
     )
-    if Current.user
+    if Current.user && Current.user.verified?
       session[:user_id] = Current.user.id
       flash[:notice] = t(".success", name: Current.user.first_name)
       redirect_to :root
+    elsif !Current.user.verified?
+      flash[:alert] = t(".not_verified")
+      render :new, status: :unprocessable_entity
     else
       flash[:alert] = t(".error")
       render :new, status: :unprocessable_entity

app/models/character_sheet_feature.rb

@@ -40,7 +40,7 @@ class CharacterSheetFeature < ApplicationRecord
       return if order_index.present?
 
       if character_sheet_section.character_sheet_features.any?
-        self.order_index = character_sheet_section.character_sheet_features.order_index(:order_index).last.order_index + 1
+        self.order_index = character_sheet_section.character_sheet_features.order(:order_index).last.order_index + 1
       else
         self.order_index = 1
       end

config/locales/en.yml

@@ -137,6 +137,7 @@ en:
     create:
       success: "Hello, %{name}!"
       error: "Could not sign in. Please check your username and password."
+      not_verified: Please check your email to verify your account and log in.
     new:
       log_in: Log in
       forgot_password: Forgotten your password?

test/system/sessions_test.rb

@@ -14,4 +14,13 @@ class SignUpsTest < ApplicationSystemTestCase
     click_on I18n.t("sessions.destroy.log_out")
     assert_text I18n.t("sessions.destroy.success")
   end
+
+  test "unverified users cannot log in" do
+    visit new_session_url
+    fill_in attr_name(User, :username), with: users(:unverified).username
+    fill_in attr_name(User, :password), with: "password"
+    click_button I18n.t("sessions.new.log_in")
+
+    assert_text I18n.t("sessions.create.not_verified")
+  end
 end