Merge pull request #2945 from betagouv/dedicated-confirmation-page

confirmation: add a dedicated page with confirmation instructions

app/assets/images/user/confirmation-email.svg

@@ -0,0 +1 @@
+<svg width="81" height="86" xmlns="http://www.w3.org/2000/svg"><g fill="none" fill-rule="evenodd"><g stroke-linecap="round" stroke-linejoin="round" stroke="#0069CC" stroke-width="2"><path d="M9.203 31.348L1.083 37h-.045L1 77.334C1 81.606 4.538 85 8.865 85h62.92c4.325 0 8.296-3.168 8.296-7.44V37m-.068.125L71 31"/><path d="M2.459 37.212l38.014 25.92 38.014-26.211M3.384 82.25L29.967 56m47.595 26.25L50.979 56"/></g><path d="M40.04 63.132L9.08 41.505V5.307a4 4 0 0 1 4-4H67a4 4 0 0 1 4 4v36.96L40.04 63.132z" stroke="#0069CC" stroke-width="2" fill="#EFF6FF" stroke-linecap="round" stroke-linejoin="round"/><path d="M40.87 45.53c-3.103 0-5.81-.63-8.12-1.89-2.31-1.26-4.09-3.022-5.337-5.285-1.249-2.263-1.873-4.877-1.873-7.84 0-3.197.665-5.973 1.995-8.33s3.156-4.165 5.477-5.425c2.322-1.26 4.953-1.89 7.893-1.89 3.057 0 5.682.59 7.875 1.767 2.193 1.179 3.856 2.76 4.987 4.743 1.132 1.983 1.698 4.165 1.698 6.545 0 2.147-.327 3.955-.98 5.425-.653 1.47-1.528 2.572-2.625 3.307a6.398 6.398 0 0 1-3.64 1.103c-1.26 0-2.263-.268-3.01-.805-.747-.537-1.19-1.283-1.33-2.24h-.07c-1.33 2.03-3.068 3.045-5.215 3.045-1.68 0-3.004-.566-3.973-1.698-.968-1.131-1.452-2.665-1.452-4.602 0-1.657.315-3.18.945-4.568.63-1.388 1.51-2.49 2.642-3.307 1.132-.817 2.421-1.225 3.868-1.225 1.003 0 1.89.227 2.66.682.77.456 1.295 1.068 1.575 1.838h.07l.385-2.17h3.255l-1.575 8.785c-.093.49-.14.992-.14 1.505 0 .747.157 1.29.472 1.627.316.339.811.508 1.488.508.537 0 1.08-.24 1.627-.718.549-.478 1.01-1.254 1.383-2.327s.56-2.462.56-4.165c0-1.937-.432-3.675-1.295-5.215s-2.158-2.765-3.885-3.675c-1.727-.91-3.827-1.365-6.3-1.365-2.31 0-4.38.507-6.213 1.522-1.831 1.016-3.272 2.491-4.322 4.428-1.05 1.937-1.575 4.235-1.575 6.895 0 2.45.484 4.59 1.452 6.422a10.232 10.232 0 0 0 4.165 4.253c1.809 1.003 3.961 1.505 6.458 1.505 1.843 0 3.424-.24 4.742-.718C46.931 41.5 47.917 40.84 48.57 40h4.235c-.957 1.68-2.467 3.022-4.533 4.025-2.065 1.003-4.532 1.505-7.402 1.505zm-1.575-10.395c1.027 0 1.913-.315 2.66-.945.747-.63 1.312-1.447 1.698-2.45a8.813 8.813 0 0 0 .577-3.185c0-1.167-.274-2.053-.822-2.66-.549-.607-1.301-.91-2.258-.91-.98 0-1.826.315-2.537.945-.712.63-1.255 1.44-1.628 2.433a8.624 8.624 0 0 0-.56 3.062c0 1.143.262 2.047.787 2.713.526.665 1.22.997 2.083.997z" fill="#0069CC"/></g></svg>

app/assets/stylesheets/new_design/_colors.scss

@@ -15,4 +15,5 @@ $light-green: lighten($green, 25%);
 $dark-green: darken($green, 20%);
 $orange: #F28900;
 $orange-bg: lighten($orange, 35%);
+$yellow: #FEF3B8;
 $light-yellow: #FFFFDE;

app/assets/stylesheets/new_design/confirmations.scss

@@ -0,0 +1,64 @@
+@import "colors";
+@import "constants";
+
+.devise-confirmations {
+  .one-column-centered {
+    max-width: 600px;
+  }
+
+  .confirmation-icon,
+  .confirmation-preamble,
+  .confirmation-instructions,
+  .confirmation-separator {
+    font-size: 1.15em;
+    margin-bottom: $default-padding * 3;
+  }
+
+  .confirmation-icon {
+    display: block;
+    margin-left: auto;
+    margin-right: auto;
+  }
+
+  .confirmation-instructions {
+    color: #000000;
+    background-color: $yellow;
+    margin-left: -15px;
+    margin-right: -15px;
+    padding: 15px 20px 17px 20px;
+  }
+
+  .confirmation-separator {
+    height: 1px;
+    margin-left: -12px;
+    margin-right: -12px;
+    border: none;
+    border-top: 1px solid #DDDDDD;
+  }
+
+  .confirmation-resend {
+    p {
+      margin-bottom: $default-padding;
+    }
+
+    .form {
+      display: flex;
+      flex-wrap: wrap;
+
+      input,
+      button {
+        margin-bottom: $default-spacer;
+      }
+
+      input[type=email] {
+        width: auto;
+        flex-grow: 1;
+        margin-right: $default-spacer;
+      }
+    }
+
+    label {
+      display: none;
+    }
+  }
+}

app/assets/stylesheets/new_design/new_footer.scss

@@ -22,7 +22,7 @@ footer {
 .footer-columns {
   @extend %horizontal-list;
   justify-content: flex-start;
-  margin: 0 -20px;
+  margin: 0 -15px;
 }
 
 .footer-column {

app/controllers/users/confirmations_controller.rb

@@ -4,9 +4,10 @@ class Users::ConfirmationsController < Devise::ConfirmationsController
   layout "new_application"
 
   # GET /resource/confirmation/new
-  # def new
-  #   super
-  # end
+  def new
+    # Allow displaying the user email in the message
+    self.resource = resource_class.new(email: user_email_param)
+  end
 
   # POST /resource/confirmation
   # def create
@@ -20,6 +21,10 @@ class Users::ConfirmationsController < Devise::ConfirmationsController
 
   # protected
 
+  def user_email_param
+    params.permit(user: :email).dig(:user, :email)
+  end
+
   # The path used after resending confirmation instructions.
   # def after_resending_confirmation_instructions_path_for(resource_name)
   #   super(resource_name)

app/controllers/users/registrations_controller.rb

@@ -22,18 +22,20 @@ class Users::RegistrationsController < Devise::RegistrationsController
 
   # POST /resource
   def create
-    user = User.find_by(email: params[:user][:email])
-    if user.present?
-      if user.confirmed?
-        UserMailer.new_account_warning(user).deliver_later
+    # Handle existing user trying to sign up again
+    existing_user = User.find_by(email: params[:user][:email])
+    if existing_user.present?
+      if existing_user.confirmed?
+        UserMailer.new_account_warning(existing_user).deliver_later
+        flash.notice = t('devise.registrations.signed_up_but_unconfirmed')
+        return redirect_to root_path
       else
-        user.resend_confirmation_instructions
+        existing_user.resend_confirmation_instructions
+        return redirect_to after_inactive_sign_up_path_for(existing_user)
       end
-      flash.notice = t('devise.registrations.signed_up_but_unconfirmed')
-      redirect_to root_path
-    else
-      super
     end
+
+    super
   end
 
   # GET /resource/edit
@@ -78,7 +80,8 @@ class Users::RegistrationsController < Devise::RegistrationsController
   # end
 
   # The path used after sign up for inactive accounts.
-  # def after_inactive_sign_up_path_for(resource)
-  #   super(resource)
-  # end
+  def after_inactive_sign_up_path_for(resource)
+    flash.discard(:notice) # Remove devise's default message (as we have a custom page to explain it)
+    new_confirmation_path(resource, :user => { email: resource.email })
+  end
 end

app/views/users/confirmations/new.html.haml

@@ -1,17 +1,31 @@
-- content_for(:title, 'Renvoyer les instructions de confirmation de compte')
+- content_for(:title, 'Confirmer votre adresse email')
 
 - content_for :footer do
   = render partial: 'root/footer'
 
-.container.devise-container
+.container.devise-container.devise-confirmations
   .one-column-centered
     = devise_error_messages!
 
-    = form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { class: 'form' }) do |f|
+    %img.confirmation-icon{ src: image_url("user/confirmation-email.svg"), alt: "" }
 
-      %h1 Renvoyer les instructions de confirmation de compte
+    %p.confirmation-preamble
+      = succeed '.' do
+        Avant d’effectuer votre démarche, nous avons besoin de vérifier votre adresse
+        - if resource.email.present?
+          %strong= resource.email
 
-      = f.label :email, 'Email'
-      = f.email_field :email, autofocus: true
+    %p.confirmation-instructions
+      Ouvrez votre boîte email, et
+      %strong cliquez sur le lien d’activation
+      dans le message que vous avez reçu.
 
-      = f.submit 'Renvoyer les instructions de confirmation', class: 'button primary'
+    %hr.confirmation-separator
+
+    .confirmation-resend
+      %p Si vous n’avez pas reçu notre message, nous pouvons vous le renvoyer.
+
+      = form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { class: 'form' }) do |f|
+        = f.label :email, 'Email'
+        = f.email_field :email, placeholder: 'Email', class: 'small', autofocus: true
+        = f.submit 'Renvoyer un email de confirmation', class: 'button'

spec/controllers/users/registrations_controller_spec.rb

@@ -74,8 +74,7 @@ describe Users::RegistrationsController, type: :controller do
           subject
         end
 
-        it { expect(response).to redirect_to(root_path) }
-        it { expect(flash.notice).to eq(I18n.t('devise.registrations.signed_up_but_unconfirmed')) }
+        it { expect(response).to redirect_to(new_user_confirmation_path(user: { email: user[:email] })) }
         it { expect(UserMailer).not_to have_received(:new_account_warning) }
       end
     end

spec/features/new_user/invite_spec.rb

@@ -37,7 +37,7 @@ feature 'Invitations' do
 
         # Create the account
         sign_up_with invite.email, user_password
-        expect(page).to have_content("lien d'activation")
+        expect(page).to have_content('lien d’activation')
 
         # Confirm the account
         # (The user should be redirected to the dossier they was invited on)

spec/features/sessions/sign_up_spec.rb

@@ -1,15 +1,18 @@
 require 'spec_helper'
 
 feature 'Signin up:' do
+  let(:user_email) { generate :user_email }
+  let(:user_password) { 'testpassword' }
+
   scenario 'a new user can sign-up' do
     visit root_path
     click_on 'Connexion'
     click_on 'Créer un compte'
 
-    sign_up_with 'testuser@exemple.fr'
-    expect(page).to have_content "Nous vous avons envoyé un email contenant un lien d'activation"
+    sign_up_with user_email, user_password
+    expect(page).to have_content "nous avons besoin de vérifier votre adresse #{user_email}"
 
-    click_confirmation_link_for 'testuser@exemple.fr'
+    click_confirmation_link_for user_email
     expect(page).to have_content 'Votre compte a été activé'
     expect(page).to have_current_path dossiers_path
   end
@@ -25,12 +28,37 @@ feature 'Signin up:' do
       expect(page).to have_current_path new_user_session_path
       click_on 'Créer un compte'
 
-      sign_up_with 'testuser@exemple.fr'
-      expect(page).to have_content "Nous vous avons envoyé un email contenant un lien d'activation"
+      sign_up_with user_email, user_password
+      expect(page).to have_content "nous avons besoin de vérifier votre adresse #{user_email}"
 
-      click_confirmation_link_for 'testuser@exemple.fr'
+      click_confirmation_link_for user_email
       expect(page).to have_content 'Votre compte a été activé'
       expect(page).to have_content procedure.libelle
     end
   end
+
+  context 'when a user is not confirmed yet' do
+    before do
+      visit root_path
+      click_on 'Connexion'
+      click_on 'Créer un compte'
+
+      sign_up_with user_email, user_password
+    end
+
+    # Ideally, when signing-in with an unconfirmed account,
+    # the user would be redirected to the "resend email confirmation" page.
+    #
+    # However the check for unconfirmed accounts is made by Warden every time a page is loaded –
+    # and much earlier than SessionsController#create.
+    #
+    # For now only test the default behavior (an error message is displayed).
+    scenario 'they get an error message' do
+      visit root_path
+      click_on 'Connexion'
+
+      sign_in_with user_email, user_password
+      expect(page).to have_content 'Vous devez confirmer votre adresse email pour continuer'
+    end
+  end
 end