Add web-based installation wizard

Replace the CLI-only setup (db:seed + manual application.rb edits) with a web wizard shown automatically on first visit when no admin account exists yet. SetupController (GET/POST /setup) collects the admin e-mail and password, a "skip e-mail confirmation" toggle, and an option to seed the built-in default units. Once submitted it creates the admin User, persists the chosen options as Setting records, and redirects to the sign-in page. ApplicationController gains a redirect_to_setup_if_needed before_action that catches every request (including Devise routes) when no admin exists, so a fresh installation always lands on the wizard rather than an empty sign-in form. A new Setting model provides a lightweight key-value store for runtime options that were previously hard-coded in application.rb (e.g. skip_email_confirmation). RegistrationsController now reads that flag from the database instead of from the application config. Seeds.rb is kept for headless / automated deployments and skips admin creation when an admin already exists (idempotent), with a comment pointing to the web wizard as the preferred path. Also extends the SQLite nil-limit fix (|| Float::INFINITY) to the Quantity model, which suffered the same ArgumentError as Unit. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-28 17:19:24 +00:00
parent 9ad922e3a1
commit 7904ff3ef9
11 changed files with 181 additions and 12 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -9,6 +9,7 @@ class ApplicationController < ActionController::Base
  helper_method :current_user_disguised?
  helper_method :current_tab

+  before_action :redirect_to_setup_if_needed
  before_action :authenticate_user!

  class AccessForbidden < StandardError; end
@@ -43,6 +44,16 @@ class ApplicationController < ActionController::Base

  private

+  # Redirect to the web setup wizard when the application has not yet been
+  # initialised (i.e. no admin account exists in the database).
+  def redirect_to_setup_if_needed
+    return if User.exists?(status: :admin)
+    redirect_to new_setup_path
+  rescue ActiveRecord::StatementInvalid
+    # Tables may not exist yet (migrations not run). Fall through and let the
+    # normal request handling surface a meaningful error.
+  end
+
  def render_no_content(record)
    helpers.render_errors(record)
    render html: nil, layout: true
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -10,10 +10,11 @@ class RegistrationsController < Devise::RegistrationsController

  def build_resource(hash = {})
    super
-    # Skip the email confirmation step when the admin has opted out of it via
-    # config.skip_email_confirmation in application.rb.  The account becomes
-    # active immediately so the user can sign in right after registering.
-    resource.skip_confirmation! if Rails.application.config.skip_email_confirmation
+    # Skip the email confirmation step when the admin has enabled this option
+    # via the web setup wizard (stored as the "skip_email_confirmation" Setting).
+    # The account becomes active immediately so the user can sign in right after
+    # registering.
+    resource.skip_confirmation! if Setting.get("skip_email_confirmation") == "true"
  end

  def update_resource(resource, params)
--- a/app/controllers/setup_controller.rb
+++ b/app/controllers/setup_controller.rb
@@ -0,0 +1,59 @@
+# Handles the one-time web-based installation wizard.
+#
+# The wizard is only accessible when no admin account exists yet.  Once an
+# admin has been created the controller redirects every request to the root
+# path, so it can never be used to overwrite an existing installation.
+class SetupController < ActionController::Base
+  # Use the full application layout (header, flash, etc.) so the page looks
+  # consistent with the rest of the site.
+  layout "application"
+
+  before_action :redirect_if_installed
+
+  def new
+  end
+
+  def create
+    email    = params[:admin_email].to_s.strip
+    password = params[:admin_password].to_s
+    confirm  = params[:admin_password_confirmation].to_s
+
+    errors = []
+    errors << t(".email_blank")    if email.blank?
+    errors << t(".password_blank") if password.blank?
+    errors << t(".password_mismatch") if password != confirm
+
+    if errors.any?
+      flash.now[:alert] = errors.join("  ")
+      return render :new, status: :unprocessable_entity
+    end
+
+    user = User.new(email: email, password: password, status: :admin)
+    user.skip_confirmation!
+
+    unless user.save
+      flash.now[:alert] = user.errors.full_messages.join("  ")
+      return render :new, status: :unprocessable_entity
+    end
+
+    # Persist runtime settings chosen during setup.
+    Setting.set("skip_email_confirmation",
+                params[:skip_email_confirmation] == "1")
+
+    # Optionally seed the built-in default units.
+    if params[:seed_units] == "1"
+      load Rails.root.join("db/seeds/units.rb")
+    end
+
+    redirect_to new_user_session_path, notice: t(".success")
+  end
+
+  private
+
+  def redirect_if_installed
+    redirect_to root_path if User.exists?(status: :admin)
+  rescue ActiveRecord::StatementInvalid
+    # Tables are not yet migrated — stay on the setup page so the user sees a
+    # meaningful error rather than a crash.
+  end
+end
--- a/app/models/quantity.rb
+++ b/app/models/quantity.rb
@@ -15,8 +15,8 @@ class Quantity < ApplicationRecord
    errors.add(:parent, :descendant_reference) if ancestor_of?(parent)
  end
  validates :name, presence: true, uniqueness: {scope: [:user_id, :parent_id]},
-    length: {maximum: type_for_attribute(:name).limit}
-  validates :description, length: {maximum: type_for_attribute(:description).limit}
+    length: {maximum: type_for_attribute(:name).limit || Float::INFINITY}
+  validates :description, length: {maximum: type_for_attribute(:description).limit || Float::INFINITY}

  # Update :depths of progenies after parent change
  before_save if: :parent_changed? do
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -0,0 +1,20 @@
+# Key-value store for runtime application settings that are configured through
+# the web setup wizard (or updated by an administrator) rather than hard-coded
+# in application.rb.
+#
+# Known keys:
+#   skip_email_confirmation  – "true"/"false", mirrors the homonymous option
+#                              that was previously in application.rb.
+class Setting < ApplicationRecord
+  validates :key, presence: true, uniqueness: true
+
+  # Return the string value stored for +key+, or +default+ when absent.
+  def self.get(key, default: nil)
+    find_by(key: key)&.value || default
+  end
+
+  # Persist +value+ for +key+, creating the record if it does not yet exist.
+  def self.set(key, value)
+    find_or_initialize_by(key: key).update!(value: value.to_s)
+  end
+end
--- a/app/views/setup/new.html.erb
+++ b/app/views/setup/new.html.erb
@@ -0,0 +1,38 @@
+<%= form_with url: setup_path, method: :post, class: "main-area" do |f| %>
+  <fieldset>
+    <legend><%= t(".admin_account") %></legend>
+
+    <label for="admin_email"><%= t(".admin_email") %></label>
+    <%= email_field_tag :admin_email, params[:admin_email],
+          id: "admin_email", required: true, size: 30, autofocus: true,
+          autocomplete: "email" %>
+
+    <label for="admin_password"><%= t(".admin_password") %></label>
+    <%= password_field_tag :admin_password, nil,
+          id: "admin_password", required: true, size: 30,
+          autocomplete: "new-password" %>
+
+    <label for="admin_password_confirmation"><%= t(".admin_password_confirmation") %></label>
+    <%= password_field_tag :admin_password_confirmation, nil,
+          id: "admin_password_confirmation", required: true, size: 30,
+          autocomplete: "off" %>
+  </fieldset>
+
+  <fieldset>
+    <legend><%= t(".options") %></legend>
+
+    <label for="skip_email_confirmation">
+      <%= check_box_tag :skip_email_confirmation, "1",
+            params[:skip_email_confirmation] == "1",
+            id: "skip_email_confirmation" %>
+      <%= t(".skip_email_confirmation") %>
+    </label>
+
+    <label for="seed_units">
+      <%= check_box_tag :seed_units, "1", true, id: "seed_units" %>
+      <%= t(".seed_units") %>
+    </label>
+  </fieldset>
+
+  <%= submit_tag t(".submit") %>
+<% end %>
--- a/config/application.rb.dist
+++ b/config/application.rb.dist
@@ -55,11 +55,8 @@ module FixinMe
    # Sender address of account registration-related messages
    Devise.mailer_sender = 'noreply@localhost'

-    # When set to true, new user registrations are automatically confirmed
-    # without requiring email verification, so accounts become active
-    # immediately upon sign-up.  Intended for installations where outgoing
-    # email is not configured, or for development / testing environments.
-    # Defaults to false (email confirmation is required).
-    # config.skip_email_confirmation = true
+    # Whether to skip e-mail confirmation for new registrations is configured
+    # through the web setup wizard and stored in the database (Setting model),
+    # so it does not need to be set here.
  end
 end
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -163,6 +163,23 @@ en:
          <br><em>leave blank to keep unchanged</em>
          %{password_length_hint_html}
  actions: Actions
+  setup:
+    new:
+      admin_account: Admin account
+      admin_email: 'E-mail:'
+      admin_password: 'Password:'
+      admin_password_confirmation: 'Retype password:'
+      options: Options
+      skip_email_confirmation: Skip e-mail confirmation for new registrations
+      seed_units: Seed built-in default units
+      submit: Set up
+    create:
+      email_blank: E-mail cannot be blank.
+      password_blank: Password cannot be blank.
+      password_mismatch: Passwords do not match.
+      success: >
+        Installation complete. You can now sign in with the admin account you
+        just created.
  add: Add
  apply: Apply
  back: Back
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,4 +1,7 @@
 Rails.application.routes.draw do
+  # Web-based installation wizard — only reachable when no admin exists yet.
+  resource :setup, only: [:new, :create], controller: :setup
+
  resources :measurements

  resources :readouts, only: [:new] do
--- a/db/migrate/20260228171524_create_settings.rb
+++ b/db/migrate/20260228171524_create_settings.rb
@@ -0,0 +1,12 @@
+class CreateSettings < ActiveRecord::Migration[7.2]
+  def change
+    create_table :settings do |t|
+      t.string :key, null: false
+      t.string :value
+
+      t.timestamps
+    end
+
+    add_index :settings, :key, unique: true
+  end
+end
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -3,6 +3,17 @@
 #   bin/rails db:seed
 # command (or created alongside the database with db:setup).
 # Seeding process should be idempotent.
+#
+# Admin account setup
+# -------------------
+# The preferred way to create the first admin account is through the web setup
+# wizard, which is shown automatically on the first visit when no admin exists.
+# The wizard also lets you configure runtime options (e.g. skip e-mail
+# confirmation) and seed the default units without using the command line.
+#
+# The block below provides an alternative CLI path for headless / automated
+# deployments.  It is skipped when an admin account already exists (e.g. after
+# the web wizard has run).

 User.transaction do
  break if User.find_by status: :admin