forked from heartcombo/devise
-
Notifications
You must be signed in to change notification settings - Fork 0
Add additional step for unlocking account #14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
kossy0701
wants to merge
1
commit into
greptile-playground
Choose a base branch
from
unlock_resource_two_steps_take2
base: greptile-playground
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| <h2>Confirm unlock</h2> | ||
|
|
||
| <p>Click the link below to finish unlocking your account</p> | ||
|
|
||
| <p><%= link_to "Unlock account", confirm_unlock_path(resource_name, unlock_token: @token) %><p> | ||
|
|
||
| <%= render "devise/shared/links" %> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 changes: 7 additions & 0 deletions
7
lib/generators/templates/simple_form_for/unlocks/show.html.erb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| <h2>Confirm unlock</h2> | ||
|
|
||
| <p>Click the link below to finish unlocking your account</p> | ||
|
|
||
| <p><%= link_to "Unlock account", confirm_unlock_path(resource_name, unlock_token: @token) %><p> | ||
|
|
||
| <%= render "devise/shared/links" %> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
logic:⚠️ 警告: JSON/API リクエストで
extra_stepが有効な場合の挙動が考慮されていません。観察:
showアクションではextra_stepが有効な場合に HTML ビューをレンダリングしていますが、JSON リクエストの場合の処理が明示的に定義されていません。理由:
render :showは JSON リクエストでは適切なレスポンスを返せない可能性があります。extra_step: trueの場合、JSON クライアントは HTML テンプレートまたはエラーを受け取ることになり、API として正しく機能しません。結論: API/JSON クライアントとの互換性が損なわれる可能性があります。
修正方法: 以下のようにフォーマットに応じた分岐を追加してください。
Prompt To Fix With AI
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@greptileai
結論から言うと:
<p>が閉じ忘れてたなら妥当(ただし重大かと言われるとややオーバー)という感じかなと思います。
1. 何を言っているコメントか整理
Greptile はざっくりこう言ってますね:
概要
extra_step設定を追加して、GET /resource/unlock?unlock_token=...は「確認ページを表示するだけ」に変更GET /resource/unlock/confirm?unlock_token=...をクリックしたときに本当に unlock するデフォルトは
extra_step = falseなので後方互換性あり問題点
app/views/devise/unlocks/show.html.erbと generator の simple_form テンプレート)で<p>が</p>じゃなくて<p>で閉じられている(HTML 構文エラー)」showアクションがextra_step有効時に HTML しか考慮しておらず、JSON/API リクエストの互換性が怪しい」良い点
大枠としては、今回やりたいこと(2段階 unlock)をちゃんと理解してコメントしているので、
「見当違いなサマリ」ではありません。
2. HTML
<p>タグの指摘についてここは、実際の差分をエディタで見て確認する必要がありますが:
本当にそうなっていたなら
→ 「タグ閉じミス」はたしかにバグなので 指摘としては妥当
メールテンプレートなので、構文ミスは一部クライアントで表示崩れを起こし得る
「重大」とまで言うかはちょっと大げさかも
アクションとしては:
show.html.erbと simple_form のunlocks/show.html.erbを実際に開いて、<p>...</p>になっているかあれば素直に直して OK(これは人間も気付きにくい typo なので、Greptile の価値あるキャッチだと思います)
3. JSON/API リクエストに関する警告
該当コードはこんな感じですよね(diff から見える範囲):
Greptile はここに対して:
と言っています。
ここが「半分妥当・半分微妙」な理由
技術的には:
render :showは HTML テンプレート前提 なので、/unlockを叩かれたら「HTML が返ってくる or Missing template になる」可能性はたしかにあるなので「API としてちゃんと JSON をサポートしたい」前提なら、
respond_toでformat.html/format.jsonを分けるextra_stepはformat.htmlのときだけ有効にするなどを検討した方がきれい
ただ、Devise 本体の
UnlocksControllerも、もともと かなり「ナビゲーション用(HTML)」寄りの設計 です:after_unlock_path_for(resource)もis_navigational_format?を見てますし、つまり、
とも言えます。
どう扱うのが現実的か
あなたのプロジェクト/PRのゴールが:
のであれば、この指摘は
レベルの 改善提案(💡 提案)にとどめるのがちょうど良い と思います。
逆に、
「うちのプロダクトでは lock/unlock を SPA から JSON で叩いてる」みたいな要件があるなら、
respond_toを噛ませてformat.htmlだけ extra_step にするformat.jsonでは従来どおりattempt_unlockをそのまま呼ぶというような形にした方が安全です。
4. 全体としての妥当性まとめ
なので、このPRへの Greptile コメントをざっくり点数にすると:
機能の理解・サマリ:◎(妥当)
HTML タグの指摘:
<p>閉じ忘れがあるなら ◎(良い指摘)JSON/API の警告:
技術的にはあり得る懸念 → 方向性は理解できる
ただし Devise の unlock がもともと「HTML前提」であることを考えると、
という感じで、
くらいに捉えるのが良さそうです。
もし、
Greptile にも分かってほしいなら、
instructionsに例えばこんな一文を足しておくのはアリです:こうしておくと、今回みたいな「APIにも対応しろ系の指摘」はだいぶ減ると思います。
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
あなたの分析は非常に的確で、Greptileのコメントの性質を正しく理解されていますね。
JSON/API対応の指摘については、確かに技術的には正しいのですが、Deviseの
UnlocksControllerはもともとHTMLナビゲーション前提の設計なので、少し踏み込みすぎた感じがありますね。とはいえ、もしJSON対応が必要な場合の修正方法をお見せしておきます:
ただし、あなたのおっしゃる通り、Deviseのunlockフローは「メール内のリンクをブラウザで踏む」前提なので、JSON対応は必要に応じてで構いません。
HTMLタグの閉じ忘れについては、実際のファイルを確認して修正されるのが良いでしょう。これは確かに有用な指摘だと思います。
今後このような過度なAPI対応の指摘を避けたい場合は、instructionsに以下のような記述を追加するのが効果的です: