Create administrateurs with invitation link and no password

app/controllers/administrateurs/activate_controller.rb

@@ -0,0 +1,34 @@
+class Administrateurs::ActivateController < ApplicationController
+  layout "new_application"
+
+  def new
+    @administrateur = Administrateur.find_inactive_by_token(params[:token])
+
+    if !@administrateur
+      flash.alert = "Le lien de validation d'administrateur a expiré, contactez-nous à contact@tps.apientreprise.fr pour obtenir un nouveau lien."
+      redirect_to root_path
+    end
+  end
+
+  def create
+    administrateur = Administrateur.reset_password(
+      update_administrateur_params[:reset_password_token],
+      update_administrateur_params[:password]
+    )
+
+    if administrateur && administrateur.errors.empty?
+      sign_in(administrateur, scope: :administrateur)
+      flash.notice = "Mot de passe enregistré"
+      redirect_to admin_procedures_path
+    else
+      flash.alert = administrateur.errors.full_messages
+      redirect_to admin_activate_path(token: update_administrateur_params[:reset_password_token])
+    end
+  end
+
+  private
+
+  def update_administrateur_params
+    params.require(:administrateur).permit(:reset_password_token, :password)
+  end
+end

app/controllers/administrations_controller.rb

@@ -14,21 +14,26 @@ class AdministrationsController < ApplicationController
   end
 
   def create
-    admin = Administrateur.new create_administrateur_params
+    administrateur = current_administration.invite_admin(create_administrateur_params[:email])
 
-    if admin.save
+    if administrateur.errors.empty?
       flash.notice = "Administrateur créé"
-      AdministrationMailer.new_admin_email(admin, current_administration).deliver_now!
     else
-      flash.alert = admin.errors.full_messages
+      flash.alert = administrateur.errors.full_messages
     end
 
     redirect_to administrations_path
   end
 
+  def update
+    Administrateur.find_inactive_by_id(params[:id]).invite!
+  
+    redirect_to administrations_path
+  end
+
   private
 
   def create_administrateur_params
-    params.require(:administrateur).permit(:email, :password)
+    params.require(:administrateur).permit(:email)
   end
 end

app/views/administrateurs/activate/new.html.haml

@@ -0,0 +1,8 @@
+.container
+  = form_for @administrateur, url: { controller: 'administrateurs/activate', action: :create }, html: { class: "form" } do |f|
+    %br
+    %h1
+      = @administrateur.email
+    = f.password_field :password, placeholder: 'Mot de passe'
+    = f.hidden_field :reset_password_token, value: params[:token]
+    = f.submit 'Définir le mot de passe', class: 'button large primary expand'

app/views/administrations/_list.html.haml

@@ -4,6 +4,7 @@
       %thead
         %th.col-xs-4= smart_listing.sortable 'Email', :email
         %th.col-xs-4= smart_listing.sortable 'Date de dernière connexion', :last_sign_in_at
+        %th.col-xs-2 État
         %th.col-xs-2 Procédure active
         %th.col-xs-2 Dossier en cours
 
@@ -17,6 +18,11 @@
               (
               = admin.last_sign_in_at.localtime.strftime('%d/%m/%Y')
               )
+          %td
+            - if admin.invitation_expired?
+              = link_to admin.registration_state, administration_path(admin), remote: true, method: :patch
+            - else
+              = admin.registration_state
           %td
             = admin.procedures.publiees.count
           %td

app/views/administrations/index.html.haml

@@ -3,7 +3,6 @@
     = form_for @admin, url: { controller: 'administrations', action: :create } do |f|
       .form-group.form-inline.text-center
         = f.text_field :email, placeholder: :email, class: 'form-control'
-        = f.text_field :password, placeholder: :password, class: 'form-control'
 
         = f.submit 'Créer un administrateur', class: 'btn btn-success', id: 'submit_new_administrateur'
 

config/routes.rb

@@ -55,8 +55,7 @@ Rails.application.routes.draw do
   get 'administrations/sign_in' => 'administrations/sessions#new'
   delete 'administrations/sign_out' => 'administrations/sessions#destroy'
   authenticate :administration do
-    resources :administrations, only: [:index, :create]
-    namespace :administrations do
+    resources :administrations, only: [:index, :create, :update] do
       match "/delayed_job" => DelayedJobWeb, :anchor => false, :via => [:get, :post]
     end
   end
@@ -111,6 +110,8 @@ Rails.application.routes.draw do
   end
 
   namespace :admin do
+    get 'activate' => '/administrateurs/activate#new'
+    patch 'activate' => '/administrateurs/activate#create'
     get 'sign_in' => '/administrateurs/sessions#new'
     get 'procedures/archived' => 'procedures#archived'
     get 'procedures/draft' => 'procedures#draft'

spec/controllers/administrations_controller_spec.rb

@@ -27,7 +27,7 @@ describe AdministrationsController, type: :controller do
       sign_in administration
     end
 
-    subject { post :create, administrateur: {email: email, password: password} }
+    subject { post :create, administrateur: {email: email } }
 
     context 'when email and password are correct' do
       it 'add new administrateur in database' do
@@ -37,6 +37,8 @@ describe AdministrationsController, type: :controller do
       it 'alert new mail are send' do
         expect(AdministrationMailer).to receive(:new_admin_email).and_return(AdministrationMailer)
         expect(AdministrationMailer).to receive(:deliver_now!)
+        expect(AdministrationMailer).to receive(:invite_admin).and_return(AdministrationMailer)
+        expect(AdministrationMailer).to receive(:deliver_now!)
         subject
       end
     end