decidim-friendly_signup 0.3 → 0.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 88bd76deb088270153f2b8d9dc3376d1f6333c0429e2433c2f896870027cbd30
-  data.tar.gz: d2e2efec13ef916c6835e8f09b4d50e8e20ddef3c05a1f41bf24b51a1054c074
+  metadata.gz: 156a94366f47dc7f364338feca03ba824d6e9d38a16b9c8f8a6fbac4774ccbd1
+  data.tar.gz: 131f4becfb5b981f0f026a970b0b38cf98fdb2d5970bc43873ad942d360df76d
 SHA512:
-  metadata.gz: 4a23dbcb2623314b4fcfbe30b8025b97309049beb28a2ab66ab0bb070498624509805054e2fc476f04f078fd56ed3161f49c66accae5b5d06b9537547d1fcbdd
-  data.tar.gz: f5312068c52ccb019f87e1af5beabc72e7f85396aee34ab4b1799001dcb905e17962c042186c55b749af4a4a69bdb19b7b915cfad4581e17bccb8e96529e31fe
+  metadata.gz: 0a384da56675c80fc63b1d3c8f1a197e5ac46658395caa5926dbedc6d3a20a37648dc7f50183ebe69d601940fa50b87f8ee124109a4dd44e12fdf137f79d2ec1
+  data.tar.gz: a5622ee4f5bbc17f42abbb24922007332df97361a7f00ca39702b4965e3117483170aafd15da5c68e38053606e9736bfae20b0f1414377eb1c522060a7f1e9da

data/README.md

@@ -20,7 +20,7 @@ This module simply substitutes some pages to ease up the registration process in
  
 - [x] Remove the nickname field from the registration process and automatically create one on registering. ![Hide nickname](examples/nickname.png)
 - [x] Instant validate parameters when registering without having to send it for backend validation. ![Instant validation](examples/instant_validation.png)
-- [ ] Use checkout codes to validate the email instead of a link
+- [x] Use numeric, confirmation codes to validate the email instead of a link. ![Confirmation codes](examples/confirmation_codes.png)
 
 ## Installation
 
@@ -42,6 +42,18 @@ And then execute:
 bundle
 ```
 
+For security reasons, it is also recomended to set a expiration time on confirmation tokens, to do that, make sure your Devise initializer has the variable `confirm_within` to certain amount of time.
+
+For instance, you can do that by creating an initializer such as:
+
+```ruby
+# config/initializers/devise.rb
+
+Devise.setup do |config|
+  config.confirm_within = 12.hours
+end
+```
+
 **Note:**
 
 The correct version of FriendlySignup should resolved automatically by the Bundler.
@@ -51,6 +63,7 @@ Depending on your Decidim version, choose the corresponding FriendlySignup versi
 
 | FriendlySignup version | Compatible Decidim versions |
 |---|---|
+| 0.4.x | 0.26.x |
 | 0.3.x | 0.26.x |
 | 0.2.x | 0.26.x |
 | 0.1.x | 0.26.x |
@@ -71,9 +84,47 @@ Decidim::FriendlySignup.configure do |config|
 
   # Hide nickname field and create one automatically from user's name or email (default is true)
   config.hide_nickname = false
+
+  # Send the users a 4-digit number that needs to be entered in a confirmation page instead of a confirmation link (default is true)
+  config.use_confirmation_codes = false
 end
 ```
 
+### Customize error messages in instant validation
+
+You can customize any message either overriding in your application the files in `config/locales/*.yml` or by using a module like Term Customizer.
+
+This plugin uses a cascade-style fallback looking for a series of I18n keys and returns the first available. For instance, for the attribute `email` and the validation key `blank` it will look for these 3 possibilities, returning the first matching one:
+
+Specific attribute error:
+```yaml
+en:
+  decidim:
+    friendly_signup:
+      errors:
+        messages:
+          email:
+            blank: Please enter an email address
+```
+
+Generic error:
+```yaml
+en:
+  decidim:
+    friendly_signup:
+      errors:
+        messages:
+          blank: Looks like you haven’t entered anything in this field
+```
+
+Rails' default error:
+```yaml
+en:
+  errors:
+    messages:
+      blank: can't be blank
+```
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/OpenSourcePolitics/decidim-module-friendly_signup.

data/app/controllers/concerns/decidim/friendly_signup/registrations_redirect.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+
+module Decidim
+  module FriendlySignup
+    module RegistrationsRedirect
+      extend ActiveSupport::Concern
+
+      included do
+        def after_sign_up_path_for(user)
+          codes_confirmation_path(user) || super(user)
+        end
+
+        def after_inactive_sign_up_path_for(user)
+          codes_confirmation_path(user) || super(user)
+        end
+
+        def after_resending_confirmation_instructions_path_for(resource_name)
+          user = Decidim::User.find_by email: params.dig(:user, :email)
+          codes_confirmation_path(user) || super(resource_name)
+        end
+      end
+
+      private
+
+      def codes_confirmation_path(user)
+        return if Decidim::FriendlySignup.use_confirmation_codes.blank?
+        return if user.blank?
+        return unless user.inactive_message.to_s == "unconfirmed"
+
+        set_flash_message! :notice, :signed_up_but_code_required
+        decidim_friendly_signup.confirmation_codes_path(confirmation_token: user.confirmation_token)
+      end
+    end
+  end
+end

data/app/controllers/decidim/friendly_signup/confirmation_codes_controller.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Decidim
+  module FriendlySignup
+    class ConfirmationCodesController < Decidim::Devise::ConfirmationsController
+      include Decidim::FormFactory
+      include NeedsHeaderSnippets
+
+      before_action :require_unconfirmed_user
+      helper_method :user, :confirmation_form
+
+      def index; end
+
+      def create
+        if confirmation_form.valid?
+          user.confirm
+          flash[:success] = I18n.t("confirmation_codes.create.user_confirmed", name: user.name, scope: "decidim.friendly_signup")
+          return sign_in_and_redirect user, event: :authentication
+        end
+
+        flash.now[:alert] = confirmation_form.errors.messages.values.flatten.join(" ")
+        render :index
+      end
+
+      private
+
+      def confirmation_form
+        @confirmation_form ||= form(ConfirmationCodeForm).from_params(params)
+      end
+
+      def user
+        @user ||= User.find_by(confirmation_token: params[:confirmation_token], organization: current_organization)
+      end
+
+      def require_unconfirmed_user
+        return redirect_to decidim.user_confirmation_path unless FriendlySignup.use_confirmation_codes
+
+        unless user.present? && !user.confirmed?
+          flash[:alert] = I18n.t("confirmation_code_form.invalid_token", scope: "decidim.friendly_signup")
+          return redirect_to decidim.new_user_session_path
+        end
+
+        if user.send(:confirmation_period_expired?)
+          flash[:alert] = I18n.t("confirmation_code_form.expired", scope: "decidim.friendly_signup")
+          redirect_to decidim.user_confirmation_path
+        end
+      end
+    end
+  end
+end

data/app/forms/decidim/friendly_signup/confirmation_code_form.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Decidim
+  module FriendlySignup
+    class ConfirmationCodeForm < Decidim::Form
+      attribute :confirmation_token, String
+      attribute :code, Integer
+      attribute :confirmation_numbers, Array[Integer]
+
+      validates :confirmation_token, presence: true
+      validate :code_matches_confirmation_token
+      validate :user_exists
+
+      def user_code
+        code || confirmation_numbers.map(&:to_s).join("").to_i
+      end
+
+      private
+
+      def code_matches_confirmation_token
+        return if FriendlySignup.confirmation_code(confirmation_token) == user_code
+
+        errors.add(:code, I18n.t("confirmation_code_form.invalid", scope: "decidim.friendly_signup"))
+      end
+
+      def user_exists
+        return if User.exists?(confirmation_token: confirmation_token, organization: current_organization)
+
+        errors.add(:code, I18n.t("confirmation_code_form.invalid_token", scope: "decidim.friendly_signup"))
+      end
+    end
+  end
+end

data/app/mailers/decidim/friendly_signup/confirmation_codes_mailer.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Decidim
+  module FriendlySignup
+    class ConfirmationCodesMailer < ApplicationMailer
+      include Decidim::LocalisedMailer
+
+      def confirmation_instructions(user, opts)
+        @user = user
+        @email = opts[:to] || user.email
+        @token = opts[:token]
+        @organization = user.organization
+        @code = FriendlySignup.confirmation_code(@token)
+        @expires_at = @user.confirmation_sent_at + @user.class.confirm_within if @user.class.confirm_within
+
+        with_user(user) do
+          mail(to: "#{user.name} <#{@email}>", subject: I18n.t("decidim.friendly_signup.confirmation_codes.mailer.subject", organization: @organization.name, code: @code))
+        end
+      end
+    end
+  end
+end

data/app/models/concerns/decidim/friendly_signup/needs_registration_codes.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+
+module Decidim
+  module FriendlySignup
+    module NeedsRegistrationCodes
+      extend ActiveSupport::Concern
+
+      included do
+        def send_confirmation_instructions
+          return super if Decidim::FriendlySignup.use_confirmation_codes.blank?
+          return super unless inactive_message.to_s == "unconfirmed"
+
+          generate_confirmation_token! unless @raw_confirmation_token
+
+          opts = pending_reconfirmation? ? { to: unconfirmed_email } : {}
+          opts[:token] = @raw_confirmation_token
+          ConfirmationCodesMailer.confirmation_instructions(self, opts).deliver_now
+        end
+      end
+    end
+  end
+end

data/app/packs/entrypoints/decidim_friendly_signup.js

@@ -1,5 +1,6 @@
 import "src/decidim/friendly_signup/setup_password"
 import "src/decidim/friendly_signup/setup_validations"
+import "src/decidim/friendly_signup/setup_confirmations"
 
 // CSS
 import "entrypoints/decidim_friendly_signup.scss";

data/app/packs/entrypoints/decidim_friendly_signup.scss

@@ -1,2 +1,3 @@
 /* css for decidim_friendly_signup */
 @import "stylesheets/decidim/friendly_signup/input-groups";
+@import "stylesheets/decidim/friendly_signup/confirmation-codes";

data/app/packs/src/decidim/friendly_signup/lib/instant_validator.js

@@ -15,6 +15,9 @@ export default class InstantValidator {
   }
 
   init() {
+    if (!this.url || !this.$form.length) {
+      return;
+    }
     this.$form.foundation("disableValidation");
     // this final validation prevents abide from resetting the field when user loses focus
     this.$inputs.on("blur", (evt) => {
@@ -50,10 +53,15 @@ export default class InstantValidator {
   }
 
   validate($input) {
+    let $recheck = $($input.data("instantRecheck"));
     this.tamper($input);
     this.post($input).done((response) => {
       this.setFeedback(response, $input);
     });
+
+    if ($recheck.length && this.isTampered($recheck)) {
+      this.validate($recheck)
+    }
   }
 
   setFeedback(data, $input) {
@@ -73,13 +81,14 @@ export default class InstantValidator {
   }
 
   addErrors($dest, msg) {
+    console.log("$dest", $dest, "%form", this.$form)
     if ($dest.closest("label").find(".form-error").length > 1) {
       // Decidim may add and additional error class that does not play well with abide
       $dest.closest("label").find(".form-error:last").remove();
     }
     this.$form.foundation("addErrorClasses", $dest);
     if (msg) {
-      $dest.closest("label").find(".form-error").text(msg);
+      $dest.closest("label").find(".form-error").html(msg);
     }
   }
 

data/app/packs/src/decidim/friendly_signup/setup_confirmations.js

@@ -0,0 +1,57 @@
+$(() => {
+  const $inputs = $('.confirmation-code-inputs input[type="number"]');
+  const $form = $inputs.closest("form");
+  const intRegex = /^\d+$/;
+  let disableManual = false;
+
+  // Parses the individual digits into the individual boxes.
+  const pasteValues = (element, $first) => {
+    const values = element.split("");
+    let $inputBox = $first;
+
+    $(values).each((index) => {
+      $inputBox.val(values[index]);
+      $inputBox = $inputBox.next('input[type="number"]');
+      if ($inputBox.length === 0) {
+        $form.submit();
+      }
+    });
+  };
+
+  $inputs.on("focus", (e) => {
+    $(e.target).select();
+  });
+
+  // Prevents user from manually entering non-digits.
+  $inputs.on("input.fromManual", (e) => {
+    if (disableManual) {
+      return;
+    }
+    const $this = $(e.target);
+    if (intRegex.test($this.val())) {
+      pasteValues($this.val(), $this);
+      $this.next('input[type="number"]').focus();
+    } else {
+      $this.val("");
+    }
+  });
+
+  $inputs.on("paste", (evt) => {
+    const $this = $(evt.target);
+    const originalValue = $this.val();
+    $this.val("");
+    disableManual = true;
+    $this.one("input.fromPaste", (e) => {
+      const $currentInputBox = $(e.target);
+
+      const pastedValue = $currentInputBox.val();
+      if (intRegex.test(pastedValue)) {
+        pasteValues(pastedValue, $inputs.eq(0));
+      }
+      else {
+        $this.val(originalValue);
+      }
+      disableManual = false;
+    });
+  });
+});

data/app/packs/stylesheets/decidim/friendly_signup/_confirmation-codes.scss

@@ -0,0 +1,23 @@
+.confirmation-code-inputs {
+  display: flex;
+  justify-content: center;
+  margin: 2rem;
+
+  input[type="number"] {
+    width: 15%;
+    font-size: 5em;
+    height: 1.2em;
+    line-height: 1;
+    padding: 0;
+    margin: 0 2%;
+    text-align: center;
+    box-shadow: 1px 3px 3px #bbb;
+    -moz-appearance: textfield;
+
+    &::-webkit-inner-spin-button,
+    &::-webkit-outer-spin-button {
+      -webkit-appearance: none;
+      margin: 0;
+    }
+  }
+}

data/app/views/decidim/devise/invitations/edit.html.erb

@@ -10,7 +10,7 @@
 
   <div class="row">
     <div class="columns large-6 medium-10 medium-centered">
-      <%= decidim_form_for resource, namespace: "invitation", as: resource_name, url: invitation_path(resource_name, invite_redirect: params[:invite_redirect]), html: { method: :put, class: "register-form new_user" } do |f| %>
+      <%= decidim_form_for(resource, namespace: "invitation", as: resource_name, url: invitation_path(resource_name, invite_redirect: params[:invite_redirect]), html: { method: :put, class: "register-form new_user#{friendly_override_activated?(:use_instant_validation) ? ' instant-validation' : ''}" } , data: { "validation-url" => decidim_friendly_signup.validate_path }) do |f| %>
         <div class="card">
           <div class="card__content">
             <legend><%= t("sign_up_as.legend", scope: "decidim.devise.registrations.new") %></legend>
@@ -19,14 +19,16 @@
 
             <%= f.hidden_field :invitation_token %>
 
-            <div class="user-nickname">
-              <div class="field">
-                <%= f.text_field :nickname, help_text: t("devise.invitations.edit.nickname_help", organization: current_organization.name), required: "required", prefix: { value: "@", small: 1, large: 1 } %>
+            <% unless friendly_override_activated?(:hide_nickname) %>
+              <div class="user-nickname">
+                <div class="field">
+                  <%= f.text_field :nickname, help_text: t("devise.invitations.edit.nickname_help", organization: current_organization.name), required: "required", prefix: { value: "@", small: 1, large: 1 }, data: { "instant-attribute" => "nickname", "instant-recheck" => "password" } %>
+                </div>
               </div>
-            </div>
+            <% end %>
 
             <% if f.object.class.require_password_on_accepting %>
-              <%= render("decidim/friendly_signup/shared/password_fields", form: f, options: { required: "required", minlength: ::PasswordValidator::MINIMUM_LENGTH, maxlength: ::PasswordValidator::MAX_LENGTH }) %>
+              <%= render("decidim/friendly_signup/shared/password_fields", form: f, options: { required: true, autocomplete: "off", help_text: t("devise.passwords.edit.password_help", minimun_characters: ::PasswordValidator::MINIMUM_LENGTH), minlength: ::PasswordValidator::MINIMUM_LENGTH, maxlength: ::PasswordValidator::MAX_LENGTH, data: { "instant-attribute" => "password" } }) %>
             <% end %>
           </div>
         </div>

data/app/views/decidim/devise/passwords/edit.html.erb

@@ -10,12 +10,12 @@
     <div class="columns medium-7 large-5 medium-centered">
       <div class="card">
         <div class="card__content">
-          <%= decidim_form_for(resource, namespace: "password", as: resource_name, url: password_path(resource_name), html: { method: :put, class: "register-form new_user" }) do |f| %>
+          <%= decidim_form_for(resource, namespace: "password", as: resource_name, url: password_path(resource_name), html: { method: :put, class: "register-form new_user#{friendly_override_activated?(:use_instant_validation) ? ' instant-validation' : ''}" } , data: { "validation-url" => decidim_friendly_signup.validate_path }) do |f| %>
             <%= form_required_explanation %>
 
             <%= f.hidden_field :reset_password_token %>
 
-            <%= render("decidim/friendly_signup/shared/password_fields", form: f, options: { autocomplete: "off", help_text: t("devise.passwords.edit.password_help", minimun_characters: ::PasswordValidator::MINIMUM_LENGTH) }) %>
+            <%= render("decidim/friendly_signup/shared/password_fields", form: f, options: { required: true, autocomplete: "off", help_text: t("devise.passwords.edit.password_help", minimun_characters: ::PasswordValidator::MINIMUM_LENGTH), minlength: ::PasswordValidator::MINIMUM_LENGTH, maxlength: ::PasswordValidator::MAX_LENGTH, data: { "instant-attribute" => "password" } }) %>
 
             <div class="actions">
               <%= f.submit t("devise.passwords.edit.change_my_password"), class: "button expanded" %>

data/app/views/decidim/devise/registrations/new.html.erb

@@ -26,7 +26,7 @@
   <div class="row">
     <div class="columns large-6 medium-10 medium-centered">
 
-      <%= decidim_form_for(@form, namespace: "registration", as: resource_name, url: registration_path(resource_name), html: { class: "register-form new_user#{friendly_override_activated?(:use_instant_validation) && ' instant-validation'}", id: "register-form" }, data: { "validation-url": decidim_friendly_signup.validate_path }) do |f| %>
+      <%= decidim_form_for(@form, namespace: "registration", as: resource_name, url: registration_path(resource_name), html: { class: "register-form new_user#{friendly_override_activated?(:use_instant_validation) ? ' instant-validation' : ''}", id: "register-form" }, data: { "validation-url" => decidim_friendly_signup.validate_path }) do |f| %>
         <%= invisible_captcha %>
         <div class="card">
           <div class="card__content">
@@ -34,23 +34,23 @@
 
             <div class="user-person">
               <div class="field">
-                <%= f.text_field :name, help_text: t(".username_help"), autocomplete: "off", data: { "instant-attribute": "nickname" } %>
+                <%= f.text_field :name, help_text: t(".username_help"), autocomplete: "off", data: { "instant-attribute" => "name", "instant-recheck" => "#registration_user_password" } %>
               </div>
             </div>
 
             <% unless friendly_override_activated?(:hide_nickname) %>
               <div class="user-nickname">
                 <div class="field">
-                  <%= f.text_field :nickname, help_text: t(".nickname_help", organization: current_organization.name), prefix: { value: "@", small: 1, large: 1 }, autocomplete: "off", data: { "instant-attribute": "nickname" } %>
+                  <%= f.text_field :nickname, help_text: t(".nickname_help", organization: current_organization.name), prefix: { value: "@", small: 1, large: 1 }, autocomplete: "off", data: { "instant-attribute" => "nickname", "instant-recheck" => "#registration_user_password" } %>
                 </div>
               </div>
             <% end %>
 
             <div class="field">
-              <%= f.email_field :email, autocomplete: "email", data: { "instant-attribute": "email" } %>
+              <%= f.email_field :email, autocomplete: "email", data: { "instant-attribute" => "email", "instant-recheck" => "#registration_user_password" } %>
             </div>
 
-            <%= render("decidim/friendly_signup/shared/password_fields", form: f, options: { required: true, help_text: t(".password_help", minimun_characters: ::PasswordValidator::MINIMUM_LENGTH), autocomplete: "off", data: { "instant-attribute": "password" } }) %>
+            <%= render("decidim/friendly_signup/shared/password_fields", form: f, options: { required: true, help_text: t(".password_help", minimun_characters: ::PasswordValidator::MINIMUM_LENGTH), autocomplete: "off", data: { "instant-attribute" => "password" } }) %>
           </div>
         </div>
 

data/app/views/decidim/devise/sessions/new.html.erb

@@ -0,0 +1,58 @@
+<% add_decidim_page_title(t("devise.sessions.new.sign_in")) %>
+
+<div class="wrapper">
+  <div class="row collapse">
+    <div class="row collapse">
+      <div class="columns large-8 large-centered text-center page-title">
+        <h1><%= t("devise.sessions.new.sign_in") %></h1>
+        <% if current_organization.sign_up_enabled? %>
+          <p>
+            <%= t(".are_you_new?") %>
+            <%= link_to t(".register"), new_user_registration_path %>
+          </p>
+        <% elsif current_organization.sign_in_enabled? %>
+          <p>
+            <%= t(".sign_up_disabled") %>
+          </p>
+        <% else %>
+          <p>
+            <%= t(".sign_in_disabled") %>
+          </p>
+        <% end %>
+      </div>
+    </div>
+    <% cache current_organization do %>
+      <%= render "decidim/devise/shared/omniauth_buttons" %>
+    <% end %>
+
+    <% if current_organization.sign_in_enabled? %>
+      <div class="row">
+        <div class="columns large-6 medium-centered">
+          <div class="card">
+            <div class="card__content">
+              <%= decidim_form_for(resource, namespace: "session", as: resource_name, url: session_path(resource_name), html: { class: "register-form new_user" }) do |f| %>
+                <div>
+                  <div class="field">
+                    <%= f.email_field :email, required: true, pattern: "email" %>
+                  </div>
+                  <div class="field">
+                    <%= render("decidim/friendly_signup/shared/password_fields", form: f, options: { autocomplete: "off" }, skip_confirmation: true) %>
+                  </div>
+                </div>
+                  <% if devise_mapping.rememberable? %>
+                    <div class="field">
+                      <%= f.check_box :remember_me %>
+                    </div>
+                  <% end %>
+                <div class="actions">
+                  <%= f.submit t("devise.sessions.new.sign_in"), class: "button expanded" %>
+                </div>
+              <% end %>
+              <%= render "decidim/devise/shared/links" %>
+            </div>
+          </div>
+        </div>
+      </div>
+    <% end %>
+  </div>
+</div>

data/app/views/decidim/friendly_signup/confirmation_codes/index.html.erb

@@ -0,0 +1,38 @@
+<% add_decidim_page_title(t(".enter_code")) %>
+
+<div class="wrapper">
+<div class="row collapse">
+  <div class="row collapse">
+    <div class="columns large-8 large-centered text-center page-title">
+      <h1><%= t(".title") %></h1>
+      <h6><%= t(".subtitle") %></h6>
+    </div>
+  </div>
+
+  <div class="row">
+    <div class="columns medium-10 large-8 medium-centered">
+      <div class="card">
+        <div class="card__content">
+          <p class="text-center"><%= t(".description", email: "<strong>#{user.email}</strong>").html_safe %></p>
+          <%= decidim_form_for(confirmation_form, url: decidim_friendly_signup.confirmation_codes_path(confirmation_token: confirmation_form.confirmation_token)) do |f| %>
+            <div class="field confirmation-code-inputs">
+              <%= number_field_tag "confirmation_numbers[0]", "", autofocus: true, autocomplete: :off %>
+              <%= number_field_tag "confirmation_numbers[1]", "", autocomplete: :off %>
+              <%= number_field_tag "confirmation_numbers[2]", "", autocomplete: :off %>
+              <%= number_field_tag "confirmation_numbers[3]", "", autocomplete: :off %>
+            </div>
+
+            <div class="actions text-center">
+              <%= f.submit t(".verify"), class: "button text-uppercase" %>
+            </div>
+          <% end %>
+
+          <p class="text-center">
+            <%= link_to t(".code_not_received"), decidim.user_confirmation_path(confirmation_token: confirmation_form.confirmation_token, "user[email]" => user.email), method: :post, data: { confirm: t(".confirm_send_code", email: user.email) } %>
+          </p>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+</div>

data/app/views/decidim/friendly_signup/confirmation_codes_mailer/confirmation_instructions.html.erb

@@ -0,0 +1,13 @@
+<h1 class="text-center"><%= t(".title") %></h1>
+
+<p class="email-instructions text-center"><%= t(".subtitle", organization: link_to(@organization.name, decidim_friendly_signup.confirmation_codes_path(confirmation_token: @token))).html_safe %></p>
+
+<h3 class="email-instruction text-center" style="margin:1em 0 0.2em 0;"><%= t(".copy") %></h3>
+
+<p class="stat text-center" style="margin:1em 0 0.5em 0;"><b style="font-size: 2em"><%= @code %></b></p>
+
+<% if @expires_at %>
+  <p class="email-small text-center" style="margin-bottom: 2em;"><%= t(".expires_in", time: distance_of_time_in_words(Time.now, @expires_at, scope: "decidim.friendly_signup.datetime.distance_in_words")) %></p>
+<% end %>
+
+<p class="email-small email-closing text-center"><%= t(".ignore").html_safe %></p>

data/app/views/decidim/friendly_signup/shared/_password_fields.html.erb

@@ -9,17 +9,23 @@
     </div>
   </div>
 
-  <div class="user-password-confirmation">
-    <div class="field">
-      <%= form.password_field :password_confirmation %>
+  <% unless defined?(skip_confirmation) && skip_confirmation %>
+    <div class="user-password-confirmation">
+      <div class="field">
+        <%= form.password_field :password_confirmation %>
+      </div>
     </div>
-  </div>
+  <% end %>
+
 <% else %>
   <div class="field">
     <%= form.password_field :password, options %>
   </div>
 
-  <div class="field">
-    <%= form.password_field :password_confirmation %>
-  </div>
+  <% unless defined?(skip_confirmation) && skip_confirmation %>
+    <div class="field">
+      <%= form.password_field :password_confirmation %>
+    </div>
+  <% end %>
+
 <% end %>

data/config/locales/en.yml

@@ -1,10 +1,113 @@
 ---
 en:
+  activemodel:
+    attributes:
+      confirmation_code:
+        code: Confirmation code
   decidim:
+    forms:
+      errors:
+        decidim/user:
+          email: Please enter a valid email address
     friendly_signup:
+      confirmation_code_form:
+        expired: Sorry, this code has expired, please generate a new one.
+        invalid: Code is invalid, please make sure to copy the code emailed to you.
+        invalid_token: Invalid token.
+      confirmation_codes:
+        create:
+          user_confirmed: Welcome %{name}! Your account has been succesfully confirmed!
+        index:
+          code_not_received: Didn't receive the code?
+          confirm_send_code: Do you want to resend the confirmation code to %{email}?<br>Be
+            sure to check the spam folder just in case!
+          description: You should receive a 4 digit code at %{email}.<br>If you can't
+            find it, please check your spam folder or wait  up to 10 minutes.
+          enter_code: Enter code
+          subtitle: You need to confirm your email address to be able to submit proposals,
+            comment and vote.
+          title: One last step...
+          verify: Verify
+        mailer:
+          subject: "%{code} is your confirmation code for %{organization}"
+        resend_code:
+          sent: The confirmation code has been sent to %{email}.
+      confirmation_codes_mailer:
+        confirmation_instructions:
+          copy: 'Copy this code:'
+          expires_in: It will expire in %{time}.
+          ignore: |-
+            If you didn't request this comunication, please ignore this email.<br />
+            Your account won't be active until your account is fully confirmed.
+          subtitle: To finalize the registration you just need to copy the 4 digit
+            code below, go back to the %{organization} signup page and paste it!
+          title: You're almost there!
+      datetime:
+        distance_in_words:
+          about_x_hours:
+            one: about 1 hour
+            other: about %{count} hours
+          about_x_months:
+            one: about 1 month
+            other: about %{count} months
+          about_x_years:
+            one: about 1 year
+            other: about %{count} years
+          almost_x_years:
+            one: almost 1 year
+            other: almost %{count} years
+          half_a_minute: half a minute
+          less_than_x_minutes:
+            one: less than a minute
+            other: less than %{count} minutes
+          less_than_x_seconds:
+            one: less than 1 second
+            other: less than %{count} seconds
+          over_x_years:
+            one: over 1 year
+            other: over %{count} years
+          x_days:
+            one: 1 day
+            other: "%{count} days"
+          x_minutes:
+            one: 1 minute
+            other: "%{count} minutes"
+          x_months:
+            one: 1 month
+            other: "%{count} months"
+          x_seconds:
+            one: 1 second
+            other: "%{count} seconds"
+      errors:
+        messages:
+          blank: Looks like you haven’t entered anything in this field
+          email:
+            blank: Please enter an email address
+            invalid: The email address looks incomplete
+            taken: This email is already in use for another account. Try signing in
+              or use another email
+          password:
+            email_included_in_password: The password you have entered is too similar
+              to your email
+            name_included_in_password: The password you have entered is too similar
+              to your name
+            nickname_included_in_password: The password you have entered is too similar
+              to your nickname
+            not_enough_unique_characters: The password you have entered does not have
+              enough different characters
+            password_too_common: The password you have entered is very common - we
+              suggest using a different password
+            password_too_short: The password you have entered is too short
       shared:
         password_fields:
           hidden_password: Your password is hidden
           hide_password: Hide password
           show_password: Show password
           shown_password: Your password is shown
+  devise:
+    confirmations:
+      signed_up_but_code_required: A message with a code has been sent to your email
+        address. Please copy and paste the received code in this page.
+    registrations:
+      signed_up_but_code_required: A message with a code has been sent to your email
+        address. Please copy and paste the received code in this page.

data/lib/decidim/friendly_signup/engine.rb

@@ -2,6 +2,7 @@
 
 require "rails"
 require "decidim/core"
+require "rack/attack"
 
 module Decidim
   module FriendlySignup
@@ -10,21 +11,37 @@ module Decidim
       isolate_namespace Decidim::FriendlySignup
 
       routes do
+        devise_scope :user do
+          resources :confirmation_codes, only: [:index, :create]
+        end
         post :validate, to: "validator#validate"
+        put :validate, to: "validator#validate"
       end
 
       # Prepare a zone to create overrides
       # https://edgeguides.rubyonrails.org/engines.html#overriding-models-and-controllers
       # overrides
       config.after_initialize do
+        Decidim::Devise::SessionsController.include(Decidim::FriendlySignup::NeedsHeaderSnippets)
         Decidim::Devise::RegistrationsController.include(Decidim::FriendlySignup::NeedsHeaderSnippets)
-        Decidim::Devise::InvitationsController.include(Decidim::FriendlySignup::NeedsHeaderSnippets)
         Decidim::Devise::PasswordsController.include(Decidim::FriendlySignup::NeedsHeaderSnippets)
+        Decidim::Devise::InvitationsController.include(Decidim::FriendlySignup::NeedsHeaderSnippets)
+        Decidim::Devise::RegistrationsController.include(Decidim::FriendlySignup::RegistrationsRedirect)
+        Decidim::Devise::ConfirmationsController.include(Decidim::FriendlySignup::RegistrationsRedirect)
         Decidim::AccountController.include(Decidim::FriendlySignup::NeedsHeaderSnippets)
         Decidim::RegistrationForm.include(Decidim::FriendlySignup::AutoNickname)
+        Decidim::User.include(Decidim::FriendlySignup::NeedsRegistrationCodes)
+      end
+
+      initializer "friendly_signup.confirmation_throttling" do
+        # Throttle confirmation attempts for a given code parameter to 6 reqs/minute
+        # Return the confirmation_token as a discriminator on POST /users/sign_in requests
+        Rack::Attack.throttle("limit confirmations attempts per code", limit: 5, period: 60.seconds) do |request|
+          request.params["confirmation_token"] if request.path == "/friendly_signup/confirmation_codes" && request.post?
+        end
       end
 
-      initializer "FriendlySignup.webpacker.assets_path" do
+      initializer "friendly_signup.webpacker.assets_path" do
         Decidim.register_assets_path File.expand_path("app/packs", root)
       end
     end

data/lib/decidim/friendly_signup/user_attribute_validator.rb

@@ -28,11 +28,44 @@ module Decidim
       end
 
       def error
-        errors.flatten.map(&:upcase_first).join(". ") unless valid?
+        return if valid?
+
+        errors.map do |msg|
+          key = find_key(msg)
+          next if key == :nickname_included_in_password && FriendlySignup.hide_nickname.present?
+
+          custom_error(key).presence || msg.upcase_first
+        end.join(".<br>")
       end
 
       private
 
+      def custom_error(key)
+        return if key.blank?
+
+        generic = I18n.t(key, scope: "decidim.friendly_signup.errors.messages", default: "")
+        I18n.t("#{attribute}.#{key}", scope: "decidim.friendly_signup.errors.messages", default: generic)
+      end
+
+      def find_key(msg)
+        case attribute
+        when "password"
+          [:blacklisted,
+           :domain_included_in_password,
+           :email_included_in_password,
+           :fallback,
+           :name_included_in_password,
+           :nickname_included_in_password,
+           :not_enough_unique_characters,
+           :password_not_allowed,
+           :password_too_common,
+           :password_too_long,
+           :password_too_short].find { |key| msg == I18n.t(key, scope: "password_validator") }
+        else
+          [:blank, :invalid, :taken].find { |key| msg == I18n.t(key, scope: "errors.messages") }
+        end
+      end
+
       def valid_attribute?
         %w(nickname email name password).include? attribute.to_s
       end
@@ -40,10 +73,6 @@ module Decidim
       def valid_suggestor?
         ["nickname"].include? attribute.to_s
       end
-
-      def valid_users
-        Decidim::UserBaseEntity.where(invitation_token: nil, organization: current_organization)
-      end
     end
   end
 end

data/lib/decidim/friendly_signup/version.rb

@@ -5,6 +5,6 @@ module Decidim
   module FriendlySignup
     DECIDIM_VERSION = "0.26.2"
     COMPAT_DECIDIM_VERSION = "~> 0.26.0"
-    VERSION = "0.3"
+    VERSION = "0.4.2"
   end
 end

data/lib/decidim/friendly_signup.rb

@@ -23,6 +23,18 @@ module Decidim
     config_accessor :hide_nickname do
       true
     end
+
+    # Use confirmation codes instead of confirmation links
+    config_accessor :use_confirmation_codes do
+      true
+    end
+
+    # Generates a secure code from a string
+    def self.confirmation_code(hash)
+      num = Decidim::Tokenizer.new(salt: Rails.application.secret_key_base).int_digest(hash).to_s[0..3]
+      num += "0" while num.size < 4
+      num.to_i
+    end
   end
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: decidim-friendly_signup
 version: !ruby/object:Gem::Version
-  version: '0.3'
+  version: 0.4.2
 platform: ruby
 authors:
 - Ivan Vergés
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-07-14 00:00:00.000000000 Z
+date: 2022-07-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: decidim-core
@@ -49,21 +49,31 @@ files:
 - README.md
 - Rakefile
 - app/controllers/concerns/decidim/friendly_signup/needs_header_snippets.rb
+- app/controllers/concerns/decidim/friendly_signup/registrations_redirect.rb
 - app/controllers/decidim/friendly_signup/application_controller.rb
+- app/controllers/decidim/friendly_signup/confirmation_codes_controller.rb
 - app/controllers/decidim/friendly_signup/validator_controller.rb
 - app/forms/concerns/decidim/friendly_signup/auto_nickname.rb
+- app/forms/decidim/friendly_signup/confirmation_code_form.rb
+- app/mailers/decidim/friendly_signup/confirmation_codes_mailer.rb
+- app/models/concerns/decidim/friendly_signup/needs_registration_codes.rb
 - app/packs/entrypoints/decidim_friendly_signup.js
 - app/packs/entrypoints/decidim_friendly_signup.scss
 - app/packs/images/decidim/friendly_signup/icon.svg
 - app/packs/src/decidim/friendly_signup/lib/instant_validator.js
 - app/packs/src/decidim/friendly_signup/lib/password_toggler.js
+- app/packs/src/decidim/friendly_signup/setup_confirmations.js
 - app/packs/src/decidim/friendly_signup/setup_password.js
 - app/packs/src/decidim/friendly_signup/setup_validations.js
+- app/packs/stylesheets/decidim/friendly_signup/_confirmation-codes.scss
 - app/packs/stylesheets/decidim/friendly_signup/_input-groups.scss
 - app/views/decidim/account/_password_fields.html.erb
 - app/views/decidim/devise/invitations/edit.html.erb
 - app/views/decidim/devise/passwords/edit.html.erb
 - app/views/decidim/devise/registrations/new.html.erb
+- app/views/decidim/devise/sessions/new.html.erb
+- app/views/decidim/friendly_signup/confirmation_codes/index.html.erb
+- app/views/decidim/friendly_signup/confirmation_codes_mailer/confirmation_instructions.html.erb
 - app/views/decidim/friendly_signup/shared/_password_fields.html.erb
 - config/assets.rb
 - config/i18n-tasks.yml