Skip to content

🔴 Fix/user authentication enforcement #143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

🔴 Fix/user authentication enforcement #143

wants to merge 12 commits into from

Conversation

@brunotho
Copy link
Collaborator

@brunotho brunotho commented Aug 30, 2025
edited by emmvs
Loading

BEFORE REVIEW:
to do:
- fully remove password requirements for User.update

Ready for review

This PR:

  • fixes the previously spotty Devise user authentication
  • moves authenticate_user! to ApplicationController and exempts the public PagesController
  • removes Devise validatable from User model and adds custom email validation (custom password validation was already written). This was done to remove the doubled error message a user would get when attempting to submit an invalid password.
  • removes the new password / password confirmation form fields being required for any change to User
  • removes current password being required for updates to User aside from password itself
  • makes visual display of a field being required in sign-up form match the underlying validations
  • adds a authorization guard to Users#show to permit only friends to view a users profile

#141 #147

@brunotho brunotho self-assigned this Aug 31, 2025
@brunotho brunotho changed the title Fix user authentication enforcement Fix/user authentication enforcement Aug 31, 2025
@brunotho brunotho requested a review from emmvs September 8, 2025 07:53
@brunotho brunotho mentioned this pull request Sep 17, 2025
Merged
@brunotho brunotho force-pushed the fix/devise-authentication branch from 58c10a0 to e45d813 Compare October 23, 2025 23:19
@emmvs
Copy link
Owner

emmvs commented Oct 25, 2025

Hmm, it looks like I cannot view profiles of my friends anymore either 🤔 Could you check if it's the same for you?

@emmvs emmvs changed the title Fix/user authentication enforcement 🔴 Fix/user authentication enforcement Oct 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@emmvs emmvs Awaiting requested review from emmvs

At least 1 approving review is required to merge this pull request.

Assignees

@brunotho brunotho

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@brunotho @emmvs