Passwordless temporary login #1984
Merged
+74
−4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
reviewpad
bot
added
medium
reviewpad
bot
added
small
20wildmanj
reviewed
Oct 25, 2023
20wildmanj
reviewed
Oct 25, 2023
20wildmanj
requested changes
Oct 25, 2023
There was a problem hiding this comment.
Honestly, this flow is kind of confusing. Right now, with these changes, when an admin clicks "reset password," they are logged out of autolab, when they are resetting another user's password!
Then, they are then redirected to the page to create a new password, for that user, without any indication / display indicating that they are on the reset password page for that user, which is also very confusing.
Can you change the functionality of the action so that instead of logging out the current admin and also redirecting them to the user's reset password page, it will provide some sort of feedback (e.g. a flash), and a way for them to get the link / token for the user to reset their password?
WalkthroughWalkthroughThe changes involve expanding user password management in a Ruby on Rails application. New controller actions for changing and updating user passwords have been added, along with corresponding views and email notifications. Administrators now have the ability to reset passwords and notify users via email. The user model has been refactored for OAuth methods, and new routes have been introduced to support these features. Instructors also gained the ability to reset student passwords. Changes
TipsChat with CodeRabbit Bot (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review Status
Actionable comments generated: 5
Configuration used: CodeRabbit UI
Files selected for processing (3)
- app/controllers/users_controller.rb (1 hunks)
- app/mailers/password_mailer.rb (1 hunks)
- app/views/password_mailer/admin_password_reset.html.erb (1 hunks)
Additional comments: 1
app/controllers/users_controller.rb (1)
- 370-372: The
new_user_paramsmethod is used to whitelist parameters for creating a new user. Ensure that all parameters that are allowed are intended to be changeable by the user and that no sensitive parameters are exposed.
There was a problem hiding this comment.
Review Status
Actionable comments generated: 1
Configuration used: CodeRabbit UI
Files selected for processing (2)
- app/views/password_mailer/admin_password_reset.html.erb (1 hunks)
- app/views/users/update_password_for_user.html.erb (1 hunks)
Files skipped from review due to trivial changes (1)
- app/views/password_mailer/admin_password_reset.html.erb
20wildmanj
reviewed
Nov 26, 2023
|
Can you also add some documentation on what admins can do to reset passwords? Maybe put in under "Admin Features" or something similar |
|
Added documentation. |
20wildmanj
requested changes
Dec 1, 2023
KesterTan
force-pushed
the
login_passwordless
branch
from
ade3768 to
6ac6924
Compare
NicholasMy
pushed a commit
to UB-CSE-IT/Autolab
that referenced
this pull request
Jan 5, 2024
* Passwordless temporary login created * Login using devise * User is not signed in before changing password * Removing unneeded files * Removing changes to user.rb * Removing unneeded files * Resetting password does not log you out * Added mailer * Added/removed newlines * Changed naming * Added checks for nil user or params * Error handling for passwords * Removed email after password reset * Added documentation * Updated documentation * Moved documentation to features * Renamed to admin-features * Added link in mkdocs.yml (cherry picked from commit 6bb6747)
michellexliu
added a commit
that referenced
this pull request
Feb 4, 2024
* Lint views/submissions (#1969) * Begin linting views/submissions * finish linting views/submissions * address issues in code_viewer * Prevent spoofing the author of an annotation (#1985) * Prevent spoofing the author of an annotation (cherry picked from commit d2ab510) * Remove submitted_by from createAnnotation * Update link to docs in PR template (#1991) Fix link to docs * Hide irrelevant cud fields for students (#1988) * Show edit CUD button for students * Hide irrelevant CUD fields from students * Lint views/autograders, fix help-block gap from input (#1963) * lint views/autograders, fix help block gap from input * update form path * Lint views/announcements and Touch-up UI (#1957) * lint views/announcements and touch-up UI * address nits * Add erblint to overcommit and github actions (#1994) * update erb-lint config, overcommit config to enable erb-lint as a pre-commit hook, run erblint --lint-all * update github actions to run erb-lint during linting phase * update pull request template to include erblint check * Display Grace Day usage on submission history table, improve management of assessment penalty settings (#1990) * Display of grace days used * Fix calculation of effective_late_penalty and effective_version_penalty * Show course default values when applicable * Show warning messages when late submissions allowed but config does not make sense * Fix tests * Update wording * Improve formatting * Revert changes to effective penalties * Simplify check * Add toggles * Update wording on courseFields * Fix version threshold logic * Correctly set version threshold to blank when using course default * Clear / default values when checkbox clicked * Remove bottom padding * Improve UI when checkboxes selected * Address AI nits * Handle malformed scoreboard results from autograder, fix error handling for scoreboards (#1982) * begin fixing broken redirects * add code to check that entries are arrays, return flash error if not valid entry * fix spacing * address nit * Add logging * Click into submissions from gradebook score (#1998) * Clickable gradebook scores * Only scores have links --------- Co-authored-by: kestertan <[email protected]> * Switch mossnet clean to use rails root instead of tilde expansion (#1997) use Rails root join function instead of ~/ to make sure moss clean script works across systems * Merge pull request from GHSA-h8wq-ghfq-5hfx * fixes * Add validation for handout, writeup, and handin_directory * Avoid use of and * Check that handout/writeup exists before checking path (#2001) Move present? check to front * Adds warning when assessment.rb file upload isn't a .rb file (#1999) * preliminary working version * only validates .rb files --------- Co-authored-by: Damian Ho <[email protected]> * Refactor Assessment name rules, remove config file requirement (#1987) * begin refactoring naming rules for assessments * continue working on file acceptance * add testing * fix autograde * work on backwards compatibility / revertibility * keep working on implementing revertability * Fix some code creating assessmentConfigFile before assessment id created * Add documentation to naming rules * add line about assessment name uniqueness * update error messages * fix tests * add error handling code to redirect user in case assessment config file can't be loaded, run robocop * address AI code review * remove redundant flash * Fix text * Fix reload assessment config button text * Add more error handling, revamp regex string to better reflect valid ruby module names, add better sanitization for display name -> name conversion, fix docs to reflect actually valid assessment names. * fix test * Address nits * Fix issue where assessment could affect another assessment's config file if they both had names that mapped to pre-PR config file name * Delete config/oauth_config.yml * Delete diff.patch * Delete assessment.patch * remove unnecessary files * more removals * Suppress confirmation dialog on edit assessment page when no changes made (#2004) * Extract logic, call functions directly * Remove extraneous space * Remove another extraneous space * Display submission version in gradebook (#2005) * First Commit: version info is on gradebook as new columns * Second commit: only add a ver column after each assignment * Delete database.docker.yml * Delete schema.rb * Deleted debug code * change gitignore to original version * Address nits * Fix tooltips * Simplify version logic * Stop overwriting headerCssClass * Fix tooltip for not_yet_submitted * Handle nil aud * Add version to gradebook CSV export * Render tooltips onMouseEnter too * Simplify version header * Simplify logic * Increase gradebook width --------- Co-authored-by: SimonMen65 <[email protected]> Co-authored-by: Simon Men <[email protected]> * Don't clear assessment penalty fields on initial load (#2006) * Don't clear on initial load * Remove extraneous spaces * No line breaks when generating base64 strings (#2008) * fix bug for long strings * Update base64.js using new TextEncoder * Show all courses for MOSS (#2015) * Show all courses, restore filter * Address AI nits * Fix use of autocomplete attribute * Add newline * Simplify toggleOptions implementation * Fix style of isArchive checkboxes * Correct use of javascript_include_tag * Fix failing test * Update styling of warning * Extract dropdown logic, use OR for filtering * Add newline * Add spacing between dropdowns * Use find instead of children, check for selector existence * Removed name from assessment yml (#1993) * Removed name from assessment yml * Modified test after removing name from assessment yml * Removed unnecessary test for wrong assessment name * Removed yml name check in assessments_controller --------- Co-authored-by: Nicholas Clark <[email protected]> * Account for hooks in viewFeedback instead of feedback output (#2003) * preliminary working version * resolve merge conflicts * use submission.scores instead of feedback array * don't show non autograded scores in autograded scores tab * rabbit ai suggestions * more rabbit.ai nits * make finishedAutograding not an instance variable * Remove element overlapping scrollbar hitbox (#2009) * Remove element overlapping scrollbar hitbox * Move style to annotation.scss --------- Co-authored-by: Damian Ho <[email protected]> * Attachment categories (#1983) * Add category_name field and update course attachment UI * Improve styling of list items * Remove anchor link for unreleased badge, simplify delete button logic * Hide assessment attachments from course landing page * Add release_at field, remove released field * Fix tests * Add fixtures * Simplify variable names * Remove bullet points * Group buttons together * Make font-family consistent * Hide category for assessment attachments * Add cancel button, remove delete button, improve styling * Improve migration to be backwards compatible / reversible * Use update instead of update_attribute * Display when attachment will be released * Update tests * Simplify code * Use Time instead of DateTime * Add download icon for students * Vertically align icons * Hide assessment attachments from course attachment index * Add vertical space above release date * Passwordless temporary login (#1984) * Passwordless temporary login created * Login using devise * User is not signed in before changing password * Removing unneeded files * Removing changes to user.rb * Removing unneeded files * Resetting password does not log you out * Added mailer * Added/removed newlines * Changed naming * Added checks for nil user or params * Error handling for passwords * Removed email after password reset * Added documentation * Updated documentation * Moved documentation to features * Renamed to admin-features * Added link in mkdocs.yml * Visual cue for assessments (#2016) * Add dates to assessment card * Add CSS formatting for date * Fix margin and card sizes to be more pretty * Show all students on gradesheet (#2019) * add course members with blank info if no submissions found * add email for no submission users * update bg color * Move submission version logic to be handled by AUD (#2024) * Move submission version logic to be handled by AUD * update migration variable naming * fix unit tests, version number for new auds * fix coderabbit issues * add version number to schema * change schema timestamp * Use ActiveStorage for attachments, add attachment size limit (#2023) * 1810 Use ActiveStorage for attachments * 1864 Add backwards compatibility to ActiveStorage Attachments * 1872 Add size limit to attachments * Set mime_type * Remove require * redirect to index on error * Rails 6.1.7.6 Migration (#2037) * Initial update to 6.1.7.6 * Lock fomantic-ui-sass to 2.8.8.1 * Update schema.rb * Avoid locking setup-ruby version * Include net-http in Gemfile to avoid errors * Run rubocop * Lock uri to 0.10.0 * Fix lint issue * Fix course_number values for roster export * Use flash for drop warning * Properly display submission errors * Only show invalid assessment warning to instructors * Ensure gradebook search bar renders correctly for CAs * Filter by lecture too when CA views section * Only show missing submissions from section if CA filters by section * Update tests * Better handling for submission errors * More specific error handling for save_entries * Better error display for statistics page * Return 404 for popover on non-existent submission * load Archive in files that use its methods * Update Ruby to 3.2.2, Misc fixes (#2040) * Update Ruby to 3.2.2 - update Capybara config so that it works with new ruby version and so that js can be enabled again on selenium test - update releaseSectionGrades redirect to go to viewGradesheet for CA's section - add some more status text / more informative flash when instructor drops student - redact tango key in getjob * Address nits, update bundler / github integration * add arm64-darwin-23 to platforms * fix users nit * Bump uri from 0.10.0 to 0.10.3 (#2039) Bumps [uri](https://github.com/ruby/uri) from 0.10.0 to 0.10.3. - [Release notes](https://github.com/ruby/uri/releases) - [Commits](ruby/uri@v0.10.0...v0.10.3) --- updated-dependencies: - dependency-name: uri dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update old migrations for Ruby 3 (#2044) Use splat on old migrations * Remove grading deadline (#2014) * Initial removal of grading_deadline * Add brackets around arguments to grading_complete? * Consistency fixes * Migration to remove grading deadline * Add guards to migration * Rename grading_complete? to grades_released? * Address issues from v2.8.0 testing, misc fixes/changes (#2038) * Fix command for promoting a user to admin * Extract aria/collapsible code, switch to path helpers * Automatically open first accordion * Fix docs for Tango info endpoint * Create user directory on autograde_done * Coalesce accordions, simplify js, remove admin options * Update doorkeeper translations * Remove extraneous quotes * Remove redundant / useless assessment nil check * Fix error display when calling downloadAll on invalid assessment * Simplify failure redirect logic for downloadAll * Deduplicate logic for autograde feedback path and handin file path * Remove unused ass_dir variable * Remove redundant gitignores * Uncoalesce accordions * Fix redirects for invalid assessment Previously, calling downloadAll with an invalid assessment led to infinite redirects * Update the API to allow retrieving group members (#1956) * Add a param to the index groups api to retriee group members * Add api show endpoint for groups * Update docs * Update api docs for groups#show * Compact group members api response * Move fetching group json to a private method * Remove empty line --------- Co-authored-by: Damian Ho <[email protected]> * Update index and show docs for Groups API (#2045) Update index and show docs * Main Table UI Changes (#1886) * Start Manage Submissions * Center checkbox in manage submission table (#1868) fix checkbox issue * Main Table UI * Updates with selecting students and buttons * Add Score Popup Icon * Icon spacing and codebase style --------- Co-authored-by: Michelle Liu <[email protected]> * Add sorting icons to new manage submissions (#1890) * change icon to swap_vert, hide for file and actions headers * change icon on diff sort * Adds Score Details (#1893) * Adds score details without styling * address general styling for score details * refactor code * address pr issues * bring back css * bring back div * add back class names * add back icons * addressed nits * address nits --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Joey Wildman <[email protected]> Co-authored-by: Nicholas Myers <[email protected]> Co-authored-by: Damian Ho <[email protected]> Co-authored-by: Kester <[email protected]> Co-authored-by: kestertan <[email protected]> Co-authored-by: SimonMen65 <[email protected]> Co-authored-by: Simon Men <[email protected]> Co-authored-by: Ugo <[email protected]> Co-authored-by: Nicholas AJ Clark <[email protected]> Co-authored-by: Nicholas Clark <[email protected]> Co-authored-by: lykimchee <[email protected]> Co-authored-by: Joanna Ge <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Umar Alkafaween <[email protected]> Co-authored-by: Victor Huang <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This change allows an admin to set a user's password without needing the user's current password.
The admin can also send the link to the user, the user can then use that link to reset his/her password without current password.
Description
reset_passwordto theUsersControllerthat resets a user's password and redirects to the password reset page.Usermodel file from 100755 to 100644.reset_passwordaction in the user resource.How Has This Been Tested?
Types of changes
Checklist:
overcommit --install && overcommit --signto use pre-commit hook for linting