Require registration_secret only from users controller

amnis-invictus · Sep 30, 2023 · 46a23af · 46a23af
1 parent 6f5965a
commit 46a23af
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -22,7 +22,8 @@ def collection
   end
 
   def resource_params
-    params.require(:user).permit(PERMITTED_PARAMS).merge(registration_ips: ip_addresses, device_id: @device_id)
+    params.require(:user).permit(PERMITTED_PARAMS).merge(registration_ips: ip_addresses, device_id: @device_id,
+                                                         registration_secret_required: true)
   end
 
   def initialize_resource

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -1,10 +1,13 @@
 class User < ApplicationRecord
-  attr_accessor :registration_secret
+  attr_accessor :registration_secret, :registration_secret_required
 
   validates :name, :email, :city, :institution, :contest_site, :grade, presence: true
   validates :name, :secret, :judge_secret, uniqueness: { scope: :contest }
-  validates :registration_secret, presence: true, on: :create
-  validate :registration_secret_must_be_valid, on: :create
+
+  with_options if: :registration_secret_required, on: :create do
+    validates :registration_secret, presence: true
+    validate :registration_secret_must_be_valid
+  end
 
   belongs_to :contest, inverse_of: :users
   has_many :solutions, inverse_of: :user, dependent: :destroy