# frozen_string_literal: true # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later class Users::RegistrationsController < Devise::RegistrationsController respond_to :html, :json def new super end # this endpoint only creates donor users def create params[:user][:referer] = session[:referer_id] user = User.register_donor!(params[:user]) if user.save sign_in user render json: user else render json: user.errors.full_messages, status: :unprocessable_entity clean_up_passwords(user) end end # If a user registered via OAuth, allow them to set their password and email # without confirming their current password. # Otherwise, they need to confirm their current password. # See: https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password def update # User either registered with Oauth and hasn't set a password or has entered a valid password if current_user.pending_password || current_user.valid_password?(params[:user][:current_password]) # If the user updates their password, they are no longer flagged as 'pending_password' if current_user.pending_password && params[:user][:password] && params[:user][:password_confirmation] params[:user][:pending_password] = false end success = current_user.update_attributes(params[:user]) errs = current_user.errors.full_messages else success = false errs = { password: :incorrect } end if success if params[:user][:email].present? flash[:notice] = 'We need to confirm your new email address. Check your inbox for a confirmation link.' else flash[:notice] = 'Account updated!' end sign_in(current_user, bypass: true) render json: current_user else render json: { errors: errs }, status: :unprocessable_entity end end end