Create EmailConfirmationHandler concern & refactor

aaronskiba · aaronskiba · commit e1cdee9fc571 · 2025-06-05T08:55:36.000-06:00
This change addresses the duplicate code shared between `app/controllers/sessions_controller.rb` and `app/controllers/users/omniauth_callbacks_controller.rb`. It does so by creating `app/models/concerns/email_confirmation_handler.rb` which allows us to better adhere to DRY principles.

- Additionally,  the `user.confirmed? || user.confirmation_token.present?` check has been moved from the User model to the concern. It made sense to have this check as a User method. However, the method itself is simply an or check of two other User methods, and only the `EmailConfirmationHandler` module is currently needing it.
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -2,6 +2,8 @@
 
 # Controller that handles user login and logout
 class SessionsController < Devise::SessionsController
+  include EmailConfirmationHandler
+
   def new
     redirect_to(root_path)
   end
@@ -13,10 +15,8 @@ def create
     existing_user = User.find_by(email: params[:user][:email])
     if existing_user.present?
 
-      unless existing_user.confirmed_or_has_confirmation_token?
-        handle_missing_confirmation_instructions(existing_user)
-        return
-      end
+      # (see app/models/concerns/email_confirmation_handler.rb)
+      return if confirmation_instructions_missing_and_handled?(existing_user)
 
       # Until ORCID login is supported
       @ui = create_shibboleth_identifier(existing_user) unless session['devise.shibboleth_data'].nil?
@@ -53,11 +53,3 @@ def create_shibboleth_identifier(user)
   }
   Identifier.new(args)
 end
-
-def handle_missing_confirmation_instructions(user)
-  # Generate a confirmation_token and email confirmation instructions to the user
-  user.send_confirmation_instructions
-  # Notify the user they are unconfirmed but confirmation instructions have been sent
-  flash[:notice] = I18n.t('devise.registrations.signed_up_but_unconfirmed')
-  redirect_to root_path
-end
diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -3,6 +3,7 @@
 module Users
   # Controller that handles callbacks from OmniAuth integrations (e.g. Shibboleth and ORCID)
   class OmniauthCallbacksController < Devise::OmniauthCallbacksController
+    include EmailConfirmationHandler
     ##
     # Dynamically build a handler for each omniauth provider
     # -------------------------------------------------------------
@@ -40,10 +41,10 @@ def handle_omniauth(scheme)
         # Otherwise sign them in
         elsif scheme.name == 'shibboleth'
           # Until ORCID becomes supported as a login method
-          unless existing_user.confirmed_or_has_confirmation_token?
-            handle_missing_confirmation_instructions(existing_user)
-            return
-          end
+
+          # (see app/models/concerns/email_confirmation_handler.rb)
+          return if confirmation_instructions_missing_and_handled?(user)
+
           set_flash_message(:notice, :success, kind: scheme.description) if is_navigational_format?
           sign_in_and_redirect user, event: :authentication
         else
@@ -87,14 +88,4 @@ def failure
       redirect_to root_path
     end
   end
-
-  private
-
-  def handle_missing_confirmation_instructions(user)
-    # Generate a confirmation_token and email confirmation instructions to the user
-    user.send_confirmation_instructions
-    # Notify the user they are unconfirmed but confirmation instructions have been sent
-    flash[:notice] = I18n.t('devise.registrations.signed_up_but_unconfirmed')
-    redirect_to root_path
-  end
 end
diff --git a/app/models/concerns/email_confirmation_handler.rb b/app/models/concerns/email_confirmation_handler.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+# Some users in our db are both unconfirmed AND have no outstanding confirmation_token
+# This is true for those users due to the following:
+#   - We haven't always used Devise's :confirmable module (it generates a confirmation_token when a user is created)
+#   - We have set `confirmed_at` and `confirmation_token` to nil via Rake tasks (lib/tasks/email_confirmation.rake)
+# This concern is meant to streamline the confirmation process for those users
+module EmailConfirmationHandler
+  extend ActiveSupport::Concern
+
+  def confirmation_instructions_missing_and_handled?(user)
+    #  A user's "confirmation instructions are missing" if they're both unconfirmed and have no confirmation_token
+    return false if user_confirmed_or_has_confirmation_token?(user)
+
+    handle_missing_confirmation_instructions(user)
+    true
+  end
+
+  private
+
+  def user_confirmed_or_has_confirmation_token?(user)
+    user.confirmed? || user.confirmation_token.present?
+  end
+
+  def handle_missing_confirmation_instructions(user)
+    user.send_confirmation_instructions
+    redirect_to root_path, notice: I18n.t('devise.registrations.signed_up_but_unconfirmed')
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -382,10 +382,6 @@ def deliver_invitation(options = {})
     )
   end
 
-  def confirmed_or_has_confirmation_token?
-    confirmed? || confirmation_token.present?
-  end
-
   # Case insensitive search over User model
   #
   # field - The name of the field being queried

Original file line number	Diff line number	Diff line change
`@@ -382,10 +382,6 @@ def deliver_invitation(options = {})`
`382`	`382`	`)`
`383`	`383`	`end`
`384`	`384`
`385`		`- def confirmed_or_has_confirmation_token?`
`386`		`- confirmed? \|\| confirmation_token.present?`
`387`		`- end`
`388`		`-`
`389`	`385`	`# Case insensitive search over User model`
`390`	`386`	`#`
`391`	`387`	`# field - The name of the field being queried`