diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
new file mode 100644
index 0000000..2197e01
--- /dev/null
+++ b/app/controllers/passwords_controller.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+class PasswordsController < ApplicationController
+ def edit
+ @user = Current.user
+ end
+
+ def update
+ if Current.user.update!(password_params)
+ redirect_to Current.user, notice: t(".success")
+ else
+ flash.now[:alert] = t(".error")
+ render :edit, status: :unprocessable_entity
+ end
+ end
+
+ private
+
+ def password_params
+ params.require(:user).permit(
+ :password_challenge,
+ :password,
+ :password_confirmation,
+ )
+ end
+end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 95d6a5f..1298ece 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -55,9 +55,6 @@ class UsersController < ApplicationController
def existing_user_params
params.require(:user).permit(
- :password,
- :password_confirmation,
- :password_challenge,
:first_name,
:last_name,
:profile,
diff --git a/app/views/passwords/edit.html.erb b/app/views/passwords/edit.html.erb
new file mode 100644
index 0000000..68027c0
--- /dev/null
+++ b/app/views/passwords/edit.html.erb
@@ -0,0 +1,21 @@
+<%= content_for :title, t(".change_password") %>
+
+
<%= t(".change_password") %>
+
+
+ <%= form_with model: @user, url: user_password_path(@user), method: :patch do |f| %>
+ <%= f.label :password_challenge, t(".current_password") %>
+ <%= f.password_field :password_challenge %>
+ <%= display_form_errors(@user, :password_challenge) %>
+
+ <%= f.label :password %>
+ <%= f.password_field :password %>
+ <%= display_form_errors(@user, :password) %>
+
+ <%= f.label :password_confirmation %>
+ <%= f.password_field :password_confirmation %>
+ <%= display_form_errors(@user, :password_confirmation) %>
+
+ <%= f.submit t(".update_password") %>
+ <% end %>
+
diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb
index d001b30..fb0e3cf 100644
--- a/app/views/users/_form.html.erb
+++ b/app/views/users/_form.html.erb
@@ -18,25 +18,19 @@
<%= f.text_field :email, required: true, disabled: user.persisted? %>
<%= display_form_errors(user, :email) %>
-
+ <% end %>
diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
index dce3cfd..c018090 100644
--- a/app/views/users/edit.html.erb
+++ b/app/views/users/edit.html.erb
@@ -4,3 +4,7 @@
<%= render partial: "users/form",
locals: { user: @user, button_text: t(".update_profile") } %>
+
+
+ <%= link_to t(".update_password"), edit_user_password_path(Current.user) %>
+
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 87f966a..567f0a0 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -71,6 +71,15 @@ en:
invalid_token: That token seems to have expired, please try resettting your password again.
success: Your password has been reset, you may now log in.
error: Failed to reset password. Please try again or contact us for help.
+ passwords:
+ edit:
+ change_password: Change your password
+ current_password: Current password
+ update_password: Update password
+ update:
+ success: Your password has been updated
+ error: Failed to update password
+
sessions:
create:
success: "Hello, %{name}!"
@@ -156,10 +165,12 @@ en:
edit:
edit_profile: Edit profile
update_profile: Update profile
+ update_password: Change your password
form:
password: Password
password_hint: To keep your existing password, leave the below fields blank
current_password: Current password
+ update_password: Change your password
update:
success: Your profile has been updated
error: Failed to update profile
@@ -183,4 +194,3 @@ en:
If you did not request a password reset, please ignore this email.
Otherwise, please visit the link below to reset your password.
-
diff --git a/config/routes.rb b/config/routes.rb
index a21bb2f..6a04b64 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -8,7 +8,9 @@ Rails.application.routes.draw do
get "login" => "sessions#new", as: :login
delete "logout" => "sessions#destroy", as: :logout
- resources :users, only: [ :new, :create, :show, :edit, :update ]
+ resources :users, only: [ :new, :create, :show, :edit, :update ] do
+ resource :password, only: [ :edit, :update ]
+ end
resources :account_verifications, only: [ :show ]
resources :password_resets, only: [ :new, :create, :edit, :update ]
resources :sessions, only: [ :new, :create, :destroy ]
diff --git a/test/controllers/password_controller_test.rb b/test/controllers/password_controller_test.rb
new file mode 100644
index 0000000..ffb3e37
--- /dev/null
+++ b/test/controllers/password_controller_test.rb
@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+class PasswordsControllerTest < ActionDispatch::IntegrationTest
+ test "should get edit" do
+ user = users(:trevor)
+ sign_in user
+ get edit_user_password_path(user)
+ assert_response :success
+ end
+
+ test "should update password" do
+ user = users(:trevor)
+ sign_in user
+ patch user_password_path(user), params: { user: { password: "new_password", password_confirmation: "new_password" } }
+ assert_redirected_to user_path(user)
+ assert user.reload.authenticate("new_password")
+ end
+end
diff --git a/todo.md b/todo.md
index 5648ce7..2a30609 100644
--- a/todo.md
+++ b/todo.md
@@ -1,10 +1,9 @@
- avatars
- delete avatar
- default avatars
-- discrete password page
- shared/private notes
-- notifications
- Add characters to users/tables
- Character sheets/prototypes
+- notifications
- chat
- maps