Remove current_organisation_id from the registration form#549
Remove current_organisation_id from the registration form#549briankariuki wants to merge 5 commits into3Stones-io:mainfrom
Conversation
| render_submit(form) | ||
|
|
||
| assert redirected_to(conn) == ~p"/edit_profile" | ||
| assert_redirect(view, ~p"/login") |
There was a problem hiding this comment.
We need to make sure that the user is logged in automatically after the registration.
| |> Ash.read(authorize?: false, tenant: organisation) | ||
|
|
||
| assert length(user_group_memberships) == 3 | ||
| # assert length(user_group_memberships) == 3 |
| ) | ||
|
|
||
| _conn = submit_form(form, new_conn) | ||
| render_submit(form) |
There was a problem hiding this comment.
Do we need to assert that user is redirected?
| |> Map.put("current_organisation_id", socket.assigns.invitation.organisation_id) | ||
|
|
||
| form = Form.validate(socket.assigns.form, updated_params) | ||
| case AshPhoenix.Form.submit(socket.assigns.form, params: updated_params) do |
There was a problem hiding this comment.
We only validate at this point. The real registration happens in the Ash controller so that the session gets updated and user logged in.
| )} | ||
| </div> | ||
| </div> | ||
| <div class="sm:col-span-3"> |
There was a problem hiding this comment.
In the register_with_password action, can we check whether the user to be registered has an unexpired invitation in the system? If yes, they should be associated with it and the organisation the invite belongs to.
If not, ask in the Elixir forum how to approach this: https://elixirforum.com/c/ash-framework-forum/123.
Worst case scenario, we can keep the organisation_id in this form and achieve security through obscurity. But there should be a better way.
|
@briankariuki, you can take a look at the Ash code as a reference. |
2 participants
closes #477