Adds username/password sign in, as a third option after Twitch and Google sign-in. Finally!
This is a simple top-level goal, but required overall more code on supporting features:
By allowing linkless accounts we need to implement a forgot password flow (meaning we need to implement our first mailers), which is most of this branch.
We also need to add a canonical user.email field and allow users to change it, as opposed to relying on user.twitch.email and user.google.email.
There are still more supporting features this feature begs for like 2FA, CAPTCHA, Gravatar, and general security/anti-spam/anti-fraud that Twitch and Google used to give us for free, but I didn't include these on this first pass.
I tried this branch in two other ways, one that completely replaced our auth with Devise, and one that tried to string our existing auth code up to Devise and use the missing parts it had that we didn't, but it ended up being overall a lesser headache to implement these things ourselves with the help of some vanilla Rails constructs like has_secure_password and mailers, which have gotten pretty good recently.
There are a couple of changes piggybacked on this branch as well:
Cleaned up many "Speedrun.com" spellings to "speedrun.com", which their branding prefers
Started moving a couple of routes to vanilla Rails resources definitions
Made WSL support in the Makefile a little better (cc @jamacanbacn)
This is live on beta so the emailing part can be tried out.
Adds username/password sign in, as a third option after Twitch and Google sign-in. Finally!
This is a simple top-level goal, but required overall more code on supporting features:
user.emailfield and allow users to change it, as opposed to relying onuser.twitch.emailanduser.google.email.There are still more supporting features this feature begs for like 2FA, CAPTCHA, Gravatar, and general security/anti-spam/anti-fraud that Twitch and Google used to give us for free, but I didn't include these on this first pass.
I tried this branch in two other ways, one that completely replaced our auth with Devise, and one that tried to string our existing auth code up to Devise and use the missing parts it had that we didn't, but it ended up being overall a lesser headache to implement these things ourselves with the help of some vanilla Rails constructs like
has_secure_passwordand mailers, which have gotten pretty good recently.There are a couple of changes piggybacked on this branch as well:
resourcesdefinitionsThis is live on beta so the emailing part can be tried out.