Fix SQLite compatibility in Unit and Quantity models

Several fixes to make complex Arel/CTE queries work with both MySQL and SQLite: Unit model: - Add guard for description length validation (text column .limit returns nil in SQLite) - defaults_diff: rename 'units' CTE to 'all_units' to avoid SQLite circular reference (SQLite treats any CTE in WITH RECURSIVE that references a same-named table as circular) - defaults_diff: read from 'all_units' CTE explicitly in UNION parts via AR::Relation instead of relying on CTE name shadowing; use AR::Relation (not SelectManager) for UNION parts to avoid extra parentheses (visit_Arel_SelectManager always wraps in parens) - defaults_diff: qualify GROUP BY and ORDER BY columns to avoid ambiguity when bases_units join adds a second table with same column names - Qualify :symbol in ordering to avoid ambiguous column in joined queries Quantity model: - Add guard for description length validation (text column .limit returns nil in SQLite) - ordered: rename recursive CTE from 'quantities' to 'q_ordered' to avoid circular reference; use AR::Relation for UNION parts; fix column qualifiers; use printf() instead of LPAD() for SQLite (LPAD not supported), BLOB instead of BINARY cast - common_ancestors: rename CTE to 'q_common', use AR::Relation for UNION parts - with_ancestors: rename CTE to 'q_ancestors', use AR::Relation for UNION parts - successive: replace SQL LAG window function approach (which causes nested WITH RECURSIVE) with Ruby array approach for SQLite compatibility Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Merge recover password/resend confirmation forms into sign in/register
2026-03-12 14:35:19 +00:00 · 2026-03-01 20:04:42 +01:00
32 changed files with 338 additions and 483 deletions
--- a/app/assets/stylesheets/application.css
+++ b/app/assets/stylesheets/application.css
@@ -113,6 +113,12 @@ textarea {
  border: solid 1px var(--color-gray);
  border-radius: 0.25em;
 }
 [name=cancel],
 .auxiliary {
  border-color: var(--color-border-gray);
  color: var(--color-nav-gray);
  fill: var(--color-nav-gray);
 }
 input[type=checkbox],
 svg,
 textarea {
@@ -131,6 +137,7 @@ input[type=checkbox]:checked {
  -webkit-appearance: checkbox;
 }
 /* Hide spin buttons in input number fields */
 /* TODO: add spin buttons inside input[number]: before (-) and after (+) input */
 input[type=number] {
  appearance: textfield;
  -moz-appearance: textfield;
@@ -340,6 +347,7 @@ header {
  opacity: 1;
 }
 /* TODO: Hover over invalid should work like in measurements (thin vs thick border) */
 .labeled-form {
  align-items: center;
@@ -371,9 +379,17 @@ header {
 }
 .labeled-form input[type=submit] {
  font-size: 1rem;
-  margin: 1.5em auto 0 auto;
+  margin: 1em auto 0 auto;
  padding: 0.75em;
 }
 .labeled-form .auxiliary {
  grid-column: 3;
  /* If more buttons are needed, `grid-row` can be replaced with
   * `reading-flow: grid-columns` to ensure proper tabindex order */
  grid-row: 1;
  height: 100%;
  padding-block: 0;
 }
 /* TODO: remove .items class (?) and make 'form table' work properly */
@@ -532,11 +548,6 @@ table.items select:focus-within,
 table.items select:focus-visible {
  color: black;
 }
 form a[name=cancel] {
  border-color: var(--color-border-gray);
  color: var(--color-nav-gray);
  fill: var(--color-nav-gray);
 }
 form table.items {
  border: none;
 }
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -9,7 +9,6 @@ class ApplicationController < ActionController::Base
  helper_method :current_user_disguised?
  helper_method :current_tab
  before_action :redirect_to_setup_if_needed
  before_action :authenticate_user!
  class AccessForbidden < StandardError; end
@@ -26,6 +25,18 @@ class ApplicationController < ActionController::Base
  #   Turbo will reload 2nd time with HTML format and flashes will be lost.
  rescue_from *ActionDispatch::ExceptionWrapper.rescue_responses.keys, with: :rescue_turbo
  # Required by #respond_with (gem `responders`) used by Devise controllers.
  respond_to :html, :turbo_stream
  def after_sign_in_path_for(resource)
    # TODO: allow setting path per-user or save last path in session and restore
    units_path
  end
  def after_sign_out_path_for(resource)
    new_user_session_path
  end
  protected
  def current_user_disguised?
@@ -44,16 +55,6 @@ class ApplicationController < ActionController::Base
  private
  # Redirect to the web setup wizard when the application has not yet been
  # initialised (i.e. no admin account exists in the database).
  def redirect_to_setup_if_needed
    return if User.exists?(status: :admin)
    redirect_to new_setup_path
  rescue ActiveRecord::StatementInvalid
    # Tables may not exist yet (migrations not run). Fall through and let the
    # normal request handling surface a meaningful error.
  end
  def render_no_content(record)
    helpers.render_errors(record)
    render html: nil, layout: true
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -1,39 +0,0 @@
 class RegistrationsController < Devise::RegistrationsController
  before_action :authenticate_user!, only: [:edit, :update, :destroy]
  def destroy
    if current_user.sole_admin?
      redirect_back fallback_location: edit_user_registration_path,
        alert: t(".sole_admin")
      return
    end
    super
  end
  protected
  def build_resource(hash = {})
    super
    # Skip the email confirmation step when the admin has enabled this option
    # via the web setup wizard (stored as the "skip_email_confirmation" Setting).
    # The account becomes active immediately so the user can sign in right after
    # registering.
    resource.skip_confirmation! if Setting.get("skip_email_confirmation") == "true"
  end
  def update_resource(resource, params)
    # Based on update_with_password()
    if params[:password].blank?
      params.delete(:password)
      params.delete(:password_confirmation) if params[:password_confirmation].blank?
    end
    result = resource.update(params)
    resource.clean_up_passwords
    result
  end
  def after_inactive_sign_up_path_for(resource)
    new_user_session_path
  end
 end
--- a/app/controllers/setup_controller.rb
+++ b/app/controllers/setup_controller.rb
@@ -1,59 +0,0 @@
 # Handles the one-time web-based installation wizard.
 #
 # The wizard is only accessible when no admin account exists yet.  Once an
 # admin has been created the controller redirects every request to the root
 # path, so it can never be used to overwrite an existing installation.
 class SetupController < ActionController::Base
  # Use the full application layout (header, flash, etc.) so the page looks
  # consistent with the rest of the site.
  layout "application"
  before_action :redirect_if_installed
  def new
  end
  def create
    email    = params[:admin_email].to_s.strip
    password = params[:admin_password].to_s
    confirm  = params[:admin_password_confirmation].to_s
    errors = []
    errors << t(".email_blank")    if email.blank?
    errors << t(".password_blank") if password.blank?
    errors << t(".password_mismatch") if password != confirm
    if errors.any?
      flash.now[:alert] = errors.join("  ")
      return render :new, status: :unprocessable_entity
    end
    user = User.new(email: email, password: password, status: :admin)
    user.skip_confirmation!
    unless user.save
      flash.now[:alert] = user.errors.full_messages.join("  ")
      return render :new, status: :unprocessable_entity
    end
    # Persist runtime settings chosen during setup.
    Setting.set("skip_email_confirmation",
                params[:skip_email_confirmation] == "1")
    # Optionally seed the built-in default units.
    if params[:seed_units] == "1"
      load Rails.root.join("db/seeds/units.rb")
    end
    redirect_to new_user_session_path, notice: t(".success")
  end
  private
  def redirect_if_installed
    redirect_to root_path if User.exists?(status: :admin)
  rescue ActiveRecord::StatementInvalid
    # Tables are not yet migrated — stay on the setup page so the user sees a
    # meaningful error rather than a crash.
  end
 end
--- a/app/controllers/user/profiles_controller.rb
+++ b/app/controllers/user/profiles_controller.rb
@@ -0,0 +1,24 @@
 class User::ProfilesController < Devise::RegistrationsController
  def destroy
    # TODO: Disallow/disable deletion for last admin account; update :edit view
    super
  end
  protected
  def update_resource(resource, params)
    # Based on update_with_password()
    if params[:password].blank?
      params.delete(:password)
      params.delete(:password_confirmation) if params[:password_confirmation].blank?
    end
    result = resource.update(params)
    resource.clean_up_passwords
    result
  end
  def after_inactive_sign_up_path_for(resource)
    new_user_session_path
  end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -37,7 +37,7 @@ class UsersController < ApplicationController
  end
  # NOTE: limited actions availabe to :admin by design. Users are meant to
-  # manage their accounts by themselves through registrations. :admin
+  # manage their accounts by themselves through profiles. :admin
  # is allowed to sign-in (disguise) as user and make changes from there.
  protected
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -72,13 +72,8 @@ module ApplicationHelper
  end
  def labeled_form_for(record, options = {}, &block)
-    extra_options = {builder: LabeledFormBuilder,
+    extra_options = {builder: LabeledFormBuilder, html: {class: 'labeled-form'}}
-                     data: {turbo: false},
+    form_for(record, **merge_attributes(options, extra_options), &block)
                     html: {class: 'labeled-form'}}
    options = options.deep_merge(extra_options) do |key, left, right|
      key == :class ? class_names(left, right) : right
    end
    form_for(record, **options, &block)
  end
  class TabularFormBuilder < ActionView::Helpers::FormBuilder
@@ -135,16 +130,16 @@ module ApplicationHelper
    # [autofocus].  Otherwise IDs are not unique when multiple forms are open
    # and the first input gets focus.
    record_object, options = nil, record_object if record_object.is_a?(Hash)
-    options.merge!(builder: TabularFormBuilder, skip_default_ids: true)
+    extra_options = {builder: TabularFormBuilder, skip_default_ids: true}
    options = merge_attributes(options, extra_options)
    # TODO: set error message with setCustomValidity instead of rendering to flash?
    render_errors(record_object || record_name)
    fields_for(record_name, record_object, **options, &block)
  end
  def tabular_form_with(**options, &block)
-    options = options.deep_merge(builder: TabularFormBuilder,
+    extra_options = {builder: TabularFormBuilder, html: {autocomplete: 'off'}}
-                                 html: {autocomplete: 'off'})
+    form_with(**merge_attributes(options, extra_options), &block)
    form_with(**options, &block)
  end
  def svg_tag(source, label = nil, options = {})
@@ -159,6 +154,7 @@ module ApplicationHelper
      ['measurements', 'scale-bathroom', :restricted],
      ['quantities', 'axis-arrow', :restricted, 'right'],
      ['units', 'weight-gram', :restricted],
      # TODO: display users tab only if >1 user present; sole_user?/sole_admin?
      ['users', 'account-multiple-outline', :admin],
    ]
@@ -206,6 +202,7 @@ module ApplicationHelper
  def render_errors(records)
    # Conversion of flash to Array only required because of Devise
    # TODO: override Devise message setting to Array()?
    flash[:alert] = Array(flash[:alert])
    Array(records).each { |record| flash[:alert] += record.errors.full_messages }
  end
@@ -215,6 +212,7 @@ module ApplicationHelper
      # Conversion of flash to Array only required because of Devise
      Array(messages).map do |message|
        tag.div class: "flash #{entry}" do
          # TODO: change button text to svg to make it aligned vertically
          tag.div(sanitize(message)) + tag.button(sanitize("&times;"), tabindex: -1,
                                                  onclick: "this.parentElement.remove();")
        end
@@ -252,4 +250,11 @@ module ApplicationHelper
    [name, html_options]
  end
  # Like Hash#deep_merge, but aware of HTML attributes.
  def merge_attributes(left, right)
    left.deep_merge(right) do |key, lvalue, rvalue|
      key == :class ? class_names(lvalue, rvalue) : rvalue
    end
  end
 end
--- a/app/javascript/application.js
+++ b/app/javascript/application.js
@@ -37,6 +37,18 @@ window.detailsObserver = new MutationObserver((mutations) => {
  mutations[0].target.dispatchEvent(new Event('change', {bubbles: true}))
 });
 function formValidate(event) {
  var id = event.submitter.getAttribute("data-validate")
  if (!id) return;
  var input = document.getElementById(id)
  if (!input.checkValidity()) {
    input.reportValidity()
    event.preventDefault()
  }
 }
 window.formValidate = formValidate
 /* Turbo stream actions */
 Turbo.StreamElement.prototype.disableElement = function(element) {
--- a/app/models/quantity.rb
+++ b/app/models/quantity.rb
@@ -15,8 +15,8 @@ class Quantity < ApplicationRecord
    errors.add(:parent, :descendant_reference) if ancestor_of?(parent)
  end
  validates :name, presence: true, uniqueness: {scope: [:user_id, :parent_id]},
-    length: {maximum: type_for_attribute(:name).limit || Float::INFINITY}
+    length: {maximum: type_for_attribute(:name).limit}
-  validates :description, length: {maximum: type_for_attribute(:description).limit || Float::INFINITY}
+  validates :description, length: {maximum: type_for_attribute(:description).limit} if type_for_attribute(:description).limit
  # Update :depths of progenies after parent change
  before_save if: :parent_changed? do
@@ -61,18 +61,22 @@ class Quantity < ApplicationRecord
  # Return: ordered [sub]hierarchy
  scope :ordered, ->(root: nil, include_root: true) {
-    numbered = Arel::Table.new('numbered')
+    q_ordered = Arel::Table.new('q_ordered')
    cast_type = connection.adapter_name == 'Mysql2' ? 'BINARY' : 'BLOB'
-    self.model.with(numbered: numbered(:parent_id, :name)).with_recursive(arel_table.name => [
+    self.model.with(numbered: numbered(:parent_id, :name)).with_recursive(q_ordered: [
-      numbered.project(
+      Quantity.from(Arel::Table.new('numbered').as(arel_table.name))
-        numbered[Arel.star],
+        .select(
-        numbered.cast(numbered[:child_number], 'BINARY').as('path')
+          arel_table[Arel.star],
-      ).where(numbered[root && include_root ? :id : :parent_id].eq(root)),
+          arel_table.cast(arel_table[:child_number], cast_type).as('path')
-      numbered.project(
+        ).where(arel_table[root && include_root ? :id : :parent_id].eq(root)),
-        numbered[Arel.star],
+      Quantity.from(Arel::Table.new('numbered').as(arel_table.name))
-        arel_table[:path].concat(numbered[:child_number])
+        .joins("INNER JOIN q_ordered ON quantities.parent_id = q_ordered.id")
-      ).join(arel_table).on(numbered[:parent_id].eq(arel_table[:id]))
+        .select(
-    ]).order(arel_table[:path])
+          arel_table[Arel.star],
          q_ordered[:path].concat(arel_table[:child_number])
        )
    ]).from(q_ordered.as(arel_table.name)).order(arel_table[:path])
  }
  # TODO: extract named functions to custom Arel extension
@@ -80,20 +84,24 @@ class Quantity < ApplicationRecord
  # be merged with :ordered
  # https://gist.github.com/ProGM/c6df08da14708dcc28b5ca325df37ceb#extending-arel
  scope :numbered, ->(parent_column, order_column) {
-    select(
+    row_number = Arel::Nodes::NamedFunction.new('ROW_NUMBER', [])
-      arel_table[Arel.star],
+      .over(Arel::Nodes::Window.new.partition(parent_column).order(order_column))
-      Arel::Nodes::NamedFunction.new(
+    width = Arel::SelectManager.new.project(
        'LPAD',
        [
          Arel::Nodes::NamedFunction.new('ROW_NUMBER', [])
            .over(Arel::Nodes::Window.new.partition(parent_column).order(order_column)),
          Arel::SelectManager.new.project(
      Arel::Nodes::NamedFunction.new('LENGTH', [Arel.star.count])
-          ).from(arel_table),
+    ).from(arel_table)
-          Arel::Nodes.build_quoted('0')
+
-        ],
+    pad_expr = if connection.adapter_name == 'Mysql2'
-      ).as('child_number')
+      Arel::Nodes::NamedFunction.new('LPAD', [row_number, width, Arel::Nodes.build_quoted('0')])
    else
      # SQLite: printf('%0' || width || 'd', row_number)
      fmt = Arel::Nodes::InfixOperation.new('||',
        Arel::Nodes::InfixOperation.new('||', Arel::Nodes.build_quoted('%0'), width),
        Arel::Nodes.build_quoted('d')
      )
      Arel::Nodes::NamedFunction.new('printf', [fmt, row_number])
    end
    select(arel_table[Arel.star], pad_expr.as('child_number'))
  }
  def to_s
@@ -102,7 +110,7 @@ class Quantity < ApplicationRecord
  def to_s_with_depth
    # em space, U+2003
-    ' ' * depth + name
+    ' ' * depth + name
  end
  def destroyable?
@@ -115,16 +123,18 @@ class Quantity < ApplicationRecord
  # Common ancestors, assuming node is a descendant of itself
  scope :common_ancestors, ->(of) {
-    selected = Arel::Table.new('selected')
+    q_common = Arel::Table.new('q_common')
    # Take unique IDs, so self can be called with parent nodes of collection to
    # get common ancestors of collection _excluding_ nodes in collection.
    uniq_of = of.uniq
-    model.with(selected: self).with_recursive(arel_table.name => [
+    model.with(selected: self).with_recursive(q_common: [
-      selected.project(selected[Arel.star]).where(selected[:id].in(uniq_of)),
+      Quantity.from(Arel::Table.new('selected').as(arel_table.name))
-      selected.project(selected[Arel.star])
+        .where(arel_table[:id].in(uniq_of)),
-        .join(arel_table).on(selected[:id].eq(arel_table[:parent_id]))
+      Quantity.from(Arel::Table.new('selected').as(arel_table.name))
        .joins("INNER JOIN q_common ON selected.id = q_common.parent_id")
    ]).select(arel_table[Arel.star])
      .from(q_common.as(arel_table.name))
      .group(column_names)
      .having(arel_table[:id].count.eq(uniq_of.size))
      .order(arel_table[:depth].desc)
@@ -132,13 +142,9 @@ class Quantity < ApplicationRecord
  # Return: successive record in order of appearance; used for partial view reload
  def successive
-    quantities = Quantity.arel_table
+    ordered = user.quantities.ordered.to_a
-    Quantity.with(
+    idx = ordered.index { |q| q.id == id }
-      quantities: user.quantities.ordered.select(
+    ordered[idx + 1] if idx
        quantities[Arel.star],
        Arel::Nodes::NamedFunction.new('LAG', [quantities[:id]]).over.as('lag_id')
      )
    ).where(quantities[:lag_id].eq(id)).first
  end
  def with_progenies
@@ -151,13 +157,14 @@ class Quantity < ApplicationRecord
  # Return: record with ID `of` with its ancestors, sorted by :depth
  scope :with_ancestors, ->(of) {
-    selected = Arel::Table.new('selected')
+    q_ancestors = Arel::Table.new('q_ancestors')
-    model.with(selected: self).with_recursive(arel_table.name => [
+    model.with(selected: self).with_recursive(q_ancestors: [
-      selected.project(selected[Arel.star]).where(selected[:id].eq(of)),
+      Quantity.from(Arel::Table.new('selected').as(arel_table.name))
-      selected.project(selected[Arel.star])
+        .where(arel_table[:id].eq(of)),
-        .join(arel_table).on(selected[:id].eq(arel_table[:parent_id]))
+      Quantity.from(Arel::Table.new('selected').as(arel_table.name))
-    ])
+        .joins("INNER JOIN q_ancestors ON selected.id = q_ancestors.parent_id")
    ]).from(q_ancestors.as(arel_table.name))
  }
  # Return: ancestors of (possibly destroyed) self
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -1,20 +0,0 @@
 # Key-value store for runtime application settings that are configured through
 # the web setup wizard (or updated by an administrator) rather than hard-coded
 # in application.rb.
 #
 # Known keys:
 #   skip_email_confirmation  – "true"/"false", mirrors the homonymous option
 #                              that was previously in application.rb.
 class Setting < ApplicationRecord
  validates :key, presence: true, uniqueness: true
  # Return the string value stored for +key+, or +default+ when absent.
  def self.get(key, default: nil)
    find_by(key: key)&.value || default
  end
  # Persist +value+ for +key+, creating the record if it does not yet exist.
  def self.set(key, value)
    find_or_initialize_by(key: key).update!(value: value.to_s)
  end
 end
--- a/app/models/unit.rb
+++ b/app/models/unit.rb
@@ -12,8 +12,8 @@ class Unit < ApplicationRecord
    errors.add(:base, :multilevel_nesting) if base.base_id?
  end
  validates :symbol, presence: true, uniqueness: {scope: :user_id},
-    length: {maximum: type_for_attribute(:symbol).limit || Float::INFINITY}
+    length: {maximum: type_for_attribute(:symbol).limit}
-  validates :description, length: {maximum: type_for_attribute(:description).limit || Float::INFINITY}
+  validates :description, length: {maximum: type_for_attribute(:description).limit} if type_for_attribute(:description).limit
  validates :multiplier, numericality: {equal_to: 1}, unless: :base
  validates :multiplier, numericality: {greater_than: 0, precision: true, scale: true}, if: :base
@@ -22,14 +22,23 @@ class Unit < ApplicationRecord
    actionable_units = Arel::Table.new('actionable_units')
    units = actionable_units.alias('units')
    bases_units = arel_table.alias('bases_units')
-    other_units = arel_table.alias('other_units')
+    # Use 'all_units' alias for correlated subqueries to reference the all_units CTE.
-    other_bases_units = arel_table.alias('other_bases_units')
+    # Cannot use arel_table.alias here because the CTE is named 'all_units', not 'units'.
    other_units = Arel::Table.new('all_units').alias('other_units')
    other_bases_units = Arel::Table.new('all_units').alias('other_bases_units')
    sub_units = arel_table.alias('sub_units')
-    # TODO: move inner 'with' CTE to outer 'with recursive' - it can have multiple
+    Unit.with_recursive(
-    # CTEs, even non recursive ones.
+      # Renamed from 'units' to 'all_units' to avoid SQLite circular reference:
-    Unit.with_recursive(actionable_units: [
+      # SQLite treats any CTE in WITH RECURSIVE that references a table with the same
-      Unit.with(units: self.or(Unit.defaults)).left_joins(:base)
+      # name as the CTE itself as a circular reference, even for non-recursive CTEs.
      all_units: self.or(Unit.defaults),
      actionable_units: [
        # Read from all_units CTE (user+defaults) aliased as the units table name.
        # Using AR::Relation (not Arel::SelectManager) to avoid extra parentheses
        # around the UNION part (visit_Arel_SelectManager always wraps in parens).
        Unit.from(Arel::Table.new('all_units').as(arel_table.name))
          .joins("LEFT OUTER JOIN all_units bases_units ON bases_units.id = units.base_id")
          .where.not(
            # Exclude Units that are/have default counterpart
            Arel::SelectManager.new.project(1).from(other_units)
@@ -65,16 +74,20 @@ class Unit < ApplicationRecord
          ),
        # Fill base Units to display proper hierarchy. Duplicates will be removed
        # by final group() - can't be deduplicated with UNION due to 'portable' field.
-      arel_table.join(actionable_units).on(actionable_units[:base_id].eq(arel_table[:id]))
+        # Using AR::Relation instead of Arel::SelectManager to avoid extra parentheses
-        .project(arel_table[Arel.star], Arel::Nodes.build_quoted(nil).as('portable'))
+        # around the UNION part (visit_Arel_SelectManager always wraps in parens).
-    ]).select(units: [:base_id, :symbol])
+        Unit.from(Arel::Table.new('all_units').as(arel_table.name))
          .joins("INNER JOIN actionable_units ON actionable_units.base_id = units.id")
          .select(arel_table[Arel.star], Arel::Nodes.build_quoted(nil).as('portable'))
      ]
    ).select(units: [:base_id, :symbol])
      .select(
        units[:id].minimum.as('id'), # can be ANY_VALUE()
        units[:user_id].minimum.as('user_id'), # prefer non-default
        Arel::Nodes.build_quoted(1).as('multiplier'), # disregard multiplier when sorting
        units[:portable].minimum.as('portable')
      )
-      .from(units).group(:base_id, :symbol)
+      .from(units).group(units[:base_id], units[:symbol])
  }
  scope :ordered, ->{
    left_outer_joins(:base).order(ordering)
@@ -84,7 +97,7 @@ class Unit < ApplicationRecord
    [arel_table.coalesce(Arel::Table.new(:bases_units)[:symbol], arel_table[:symbol]),
     arel_table[:base_id].not_eq(nil),
     :multiplier,
-     :symbol]
+     arel_table[:symbol]]
  end
  before_destroy do
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -29,11 +29,4 @@ class User < ApplicationRecord
  def at_least(status)
    User.statuses[self.status] >= User.statuses[status]
  end
  # Returns true when this user is the only admin account in the system.
  # Used to block actions that would leave the application without an admin
  # (account deletion, status demotion).
  def sole_admin?
    admin? && !User.admin.where.not(id: id).exists?
  end
 end
--- a/app/views/setup/new.html.erb
+++ b/app/views/setup/new.html.erb
@@ -1,39 +0,0 @@
 <%= form_with url: setup_path, method: :post, class: "labeled-form main-area" do %>
  <h3 style="grid-column: 1 / -1; text-align: left; margin: 0;">
    <%= t(".admin_account") %>
  </h3>
  <label for="admin_email"><%= t(".admin_email") %></label>
  <%= email_field_tag :admin_email, params[:admin_email],
        id: "admin_email", required: true, size: 30, autofocus: true,
        autocomplete: "email" %>
  <label for="admin_password"><%= t(".admin_password") %></label>
  <%= password_field_tag :admin_password, nil,
        id: "admin_password", required: true, size: 30,
        autocomplete: "new-password" %>
  <label for="admin_password_confirmation"><%= t(".admin_password_confirmation") %></label>
  <%= password_field_tag :admin_password_confirmation, nil,
        id: "admin_password_confirmation", required: true, size: 30,
        autocomplete: "off" %>
  <h3 style="grid-column: 1 / -1; text-align: left; margin: 0.5em 0 0 0;">
    <%= t(".options") %>
  </h3>
  <label for="skip_email_confirmation" style="grid-column: 1 / 3; text-align: left;">
    <%= check_box_tag :skip_email_confirmation, "1",
          params[:skip_email_confirmation] == "1",
          id: "skip_email_confirmation" %>
    <%= t(".skip_email_confirmation") %>
  </label>
  <label for="seed_units" style="grid-column: 1 / 3; text-align: left;">
    <%= check_box_tag :seed_units, "1", true, id: "seed_units" %>
    <%= t(".seed_units") %>
  </label>
  <%= submit_tag t(".submit") %>
 <% end %>
--- a/app/views/users/confirmations/create.turbo_stream.erb
+++ b/app/views/users/confirmations/create.turbo_stream.erb
@@ -0,0 +1 @@
 <% flash.discard %>
--- a/app/views/users/confirmations/new.html.erb
+++ b/app/views/users/confirmations/new.html.erb
@@ -1,9 +0,0 @@
 <%= labeled_form_for resource, url: user_confirmation_path,
  html: {class: 'main-area'} do |f| %>
  <%= f.email_field :email, required: true, size: 30, autofocus: true,
    autocomplete: 'email', value:
    resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email %>
  <%= f.submit t(:resend_confirmation) %>
 <% end %>
--- a/app/views/users/passwords/create.turbo_stream.erb
+++ b/app/views/users/passwords/create.turbo_stream.erb
@@ -0,0 +1,2 @@
 <%# For some reason flash messages are duplicated in bot flash and flash.now %>
 <% flash.discard %>
--- a/app/views/users/passwords/edit.html.erb
+++ b/app/views/users/passwords/edit.html.erb
@@ -1,5 +1,5 @@
 <%= labeled_form_for resource, url: user_password_path,
-  html: {method: :put, class: 'main-area'} do |f| %>
+  html: {method: :put, class: 'main-area', data: {turbo: false}} do |f| %>
  <%= f.hidden_field :reset_password_token %>
--- a/app/views/users/passwords/new.html.erb
+++ b/app/views/users/passwords/new.html.erb
@@ -1,8 +0,0 @@
 <%= labeled_form_for resource, url: user_password_path,
  html: {class: 'main-area'} do |f| %>
  <%= f.email_field :email, required: true, size: 30, autofocus: true,
    autocomplete: 'email' %>
  <%= f.submit t(:recover_password) %>
 <% end %>
--- a/app/views/users/registrations/edit.html.erb
+++ b/app/views/users/registrations/edit.html.erb
@@ -4,8 +4,9 @@
 <% end %>
 <div class="rightside-area buttongrid">
-  <%= image_button_to_if !current_user.sole_admin?, t('.delete'), 'account-remove-outline',
+  <%#= TODO: Disallow/disable deletion for last admin account, image_button_to_if %>
-    user_registration_path, form_class: 'tools-area', method: :delete, data: {turbo: false},
+  <%= image_button_to t('.delete'), 'account-remove-outline', user_registration_path,
    form_class: 'tools-area', method: :delete, data: {turbo: false},
    onclick: {confirm: t('.confirm_delete')} %>
 </div>
--- a/app/views/users/profiles/new.html.erb
+++ b/app/views/users/profiles/new.html.erb
@@ -0,0 +1,17 @@
 <%= labeled_form_for resource, url: user_registration_path,
  html: {class: 'main-area', onsubmit: 'formValidate(event)'} do |f| %>
  <%= f.email_field :email, required: true, size: 30, autofocus: true,
    autocomplete: 'email' %>
  <%= f.password_field :password, required: true, size: 30,
    minlength: @minimum_password_length, autocomplete: 'new-password' %>
  <%= f.password_field :password_confirmation, required: true, size: 30,
    minlength: @minimum_password_length, autocomplete: 'off' %>
  <%= f.submit t(:register), data: {turbo: false} %>
  <%# TODO: fix button text color after change link -> button %>
  <%= image_button_tag t(:resend_confirmation), 'email-sync-outline',
    class: 'auxiliary', formaction: user_confirmation_path, formnovalidate: true,
    data: {validate: f.field_id(:email)} %>
 <% end %>
--- a/app/views/users/registrations/new.html.erb
+++ b/app/views/users/registrations/new.html.erb
@@ -1,16 +0,0 @@
 <div class="main-area">
  <%= labeled_form_for resource, url: user_registration_path do |f| %>
    <%= f.email_field :email, required: true, size: 30, autofocus: true,
      autocomplete: 'email' %>
    <%= f.password_field :password, required: true, size: 30,
      minlength: @minimum_password_length, autocomplete: 'new-password' %>
    <%= f.password_field :password_confirmation, required: true, size: 30,
      minlength: @minimum_password_length, autocomplete: 'off' %>
    <%= f.submit t(:register) %>
  <% end %>
  <%= content_tag :p, t(:or), style: 'text-align: center;' %>
  <%= image_link_to t(:resend_confirmation), 'email-sync-outline',
    new_user_confirmation_path, class: 'centered' %>
 </div>
--- a/app/views/users/sessions/new.html.erb
+++ b/app/views/users/sessions/new.html.erb
@@ -1,18 +1,19 @@
-<div class="main-area">
+<%= labeled_form_for resource, url: user_session_path,
-  <%= labeled_form_for resource, url: user_session_path do |f| %>
+  html: {class: 'main-area', onsubmit: 'formValidate(event)'} do |f| %>
  <%= f.email_field :email, required: true, size: 30, autofocus: true,
    autocomplete: 'email' %>
  <%= f.password_field :password, required: true, size: 30,
-      minlength: @minimum_password_length, autocomplete: 'current-password' %>
+    autocomplete: 'current-password' %>
  <% if devise_mapping.rememberable? %>
    <%= f.check_box :remember_me %>
  <% end %>
-    <%= f.submit t(:sign_in) %>
+  <%# /sign_in as HTML; /password as TURBO_STREAM %>
-  <% end %>
+  <%= f.submit t(:sign_in), data: {turbo: false} %>
-  <%= content_tag :p, t(:or), style: 'text-align: center;' %>
+  <%= image_button_tag t(:recover_password), 'lock-reset', class: 'auxiliary',
-  <%= image_link_to t(:recover_password), 'lock-reset', new_user_password_path,
+    formaction: user_password_path, formnovalidate: true,
-    class: 'centered' %>
+    data: {validate: f.field_id(:email)} %>
-</div>
+<% end %>
--- a/config/application.rb.dist
+++ b/config/application.rb.dist
@@ -54,9 +54,5 @@ module FixinMe
    # Sender address of account registration-related messages
    Devise.mailer_sender = 'noreply@localhost'
    # Whether to skip e-mail confirmation for new registrations is configured
    # through the web setup wizard and stored in the database (Setting model),
    # so it does not need to be set here.
  end
 end
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -91,7 +91,7 @@ Devise.setup do |config|
  # It will change confirmation, password recovery and other workflows
  # to behave the same regardless if the e-mail provided was right or wrong.
  # Does not affect registerable.
-  # config.paranoid = true
+  config.paranoid = true
  # By default Devise will store the user in session. You can skip storage for
  # particular strategies by setting this option.
--- a/config/locales/devise.en.yml
+++ b/config/locales/devise.en.yml
@@ -4,15 +4,15 @@ en:
  devise:
    confirmations:
      confirmed: "Your email address has been successfully confirmed."
-      send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes."
+      send_paranoid_instructions: >
-      send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
+        If your email address is in our database, a message with instructions on how
        to confirm your email address has been sent to you.
    failure:
      already_authenticated: "You are already signed in."
      inactive: "Your account is not activated yet."
-      invalid: "Invalid %{authentication_keys} or password."
+      invalid: "Invalid <b>%{authentication_keys}</b> or <b>password</b>."
      locked: "Your account is locked."
      last_attempt: "You have one more attempt before your account is locked."
      not_found_in_database: "Invalid %{authentication_keys} or password."
      timeout: "Your session expired. Please sign in again to continue."
      unauthenticated: "You need to sign in or sign up before continuing."
      unconfirmed: "You have to confirm your email address before continuing."
@@ -32,8 +32,9 @@ en:
      success: "Successfully authenticated from %{kind} account."
    passwords:
      no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
-      send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
+      send_paranoid_instructions: >
-      send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
+        If your email address is in our database, the password recovery link has been
        sent to you.
      updated: "Your password has been changed successfully. You are now signed in."
      updated_not_active: "Your password has been changed successfully."
    registrations:
@@ -50,7 +51,6 @@ en:
      signed_out: "Signed out successfully."
      already_signed_out: "Signed out successfully."
    unlocks:
      send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes."
      send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
      unlocked: "Your account has been unlocked successfully. Please sign in to continue."
  errors:
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -150,7 +150,7 @@ en:
      edit:
        password_html: 'New password:%{password_length_hint_html}'
        update_password: Update password
-    registrations:
+    profiles:
      new:
        password_html: 'Password:%{password_length_hint_html}'
        password_confirmation: 'Retype password:'
@@ -162,34 +162,13 @@ en:
          New password:
          <br><em>leave blank to keep unchanged</em>
          %{password_length_hint_html}
  registrations:
    destroy:
      sole_admin: You cannot delete the only admin account.
  actions: Actions
  setup:
    new:
      admin_account: Admin account
      admin_email: 'E-mail:'
      admin_password: 'Password:'
      admin_password_confirmation: 'Retype password:'
      options: Options
      skip_email_confirmation: Skip e-mail confirmation for new registrations
      seed_units: Seed built-in default units
      submit: Set up
    create:
      email_blank: E-mail cannot be blank.
      password_blank: Password cannot be blank.
      password_mismatch: Passwords do not match.
      success: >
        Installation complete. You can now sign in with the admin account you
        just created.
  add: Add
  apply: Apply
  back: Back
  cancel: Cancel
  delete: Delete
  :no: 'no'
  or: or
  register: Register
  sign_in: Sign in
  recover_password: Recover password
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,7 +1,4 @@
 Rails.application.routes.draw do
  # Web-based installation wizard — only reachable when no admin exists yet.
  resource :setup, only: [:new, :create], controller: :setup
  resources :measurements
  resources :readouts, only: [:new] do
@@ -27,8 +24,9 @@ Rails.application.routes.draw do
  # https://github.com/heartcombo/devise/issues/5786
  connection = ActiveRecord::Base.connection
  if connection.schema_version && connection.table_exists?(:users)
    # NOTE: change helper prefix from *_registration to *_profile once possible
    devise_for :users, path: '', path_names: {registration: 'profile'},
-      controllers: {registrations: :registrations}
+      controllers: {registrations: 'user/profiles'}
  end
  resources :users, only: [:index, :show, :update] do
@@ -37,10 +35,8 @@ Rails.application.routes.draw do
  end
  unauthenticated do
    as :user do
    root to: redirect('/sign_in')
  end
  end
  root to: redirect('/units'), as: :user_root
  direct(:source_code) { 'https://gitea.michalczyk.pro/fixin.me/fixin.me' }
--- a/db/migrate/20260228171524_create_settings.rb
+++ b/db/migrate/20260228171524_create_settings.rb
@@ -1,12 +0,0 @@
 class CreateSettings < ActiveRecord::Migration[7.2]
  def change
    create_table :settings do |t|
      t.string :key, null: false
      t.string :value
      t.timestamps
    end
    add_index :settings, :key, unique: true
  end
 end
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -3,25 +3,13 @@
 #   bin/rails db:seed
 # command (or created alongside the database with db:setup).
 # Seeding process should be idempotent.
 #
 # Admin account setup
 # -------------------
 # The preferred way to create the first admin account is through the web setup
 # wizard, which is shown automatically on the first visit when no admin exists.
 # The wizard also lets you configure runtime options (e.g. skip e-mail
 # confirmation) and seed the default units without using the command line.
 #
 # The block below provides an alternative CLI path for headless / automated
 # deployments.  It is skipped when an admin account already exists (e.g. after
 # the web wizard has run).
 User.transaction do
  break if User.find_by status: :admin
-  password = SecureRandom.alphanumeric(12)
+  User.create! email: Rails.configuration.admin, password: 'admin', status: :admin do |user|
  User.create! email: Rails.configuration.admin, password: password, status: :admin do |user|
    user.skip_confirmation!
-    print "Creating #{user.status} account '#{user.email}' with password '#{password}'..."
+    print "Creating #{user.status} account '#{user.email}' with password '#{user.password}'..."
  end
  puts "done."
--- a/test/application_system_test_case.rb
+++ b/test/application_system_test_case.rb
@@ -1,6 +1,7 @@
 require "test_helper"
 class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
  include ActionView::Helpers::SanitizeHelper
  include ActionView::Helpers::UrlHelper
  # NOTE: geckodriver installed with Firefox, ignore incompatibility warning
@@ -32,7 +33,8 @@ class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
  # Allow skipping interpolations when translating for testing purposes
  INTERPOLATION_PATTERNS = Regexp.union(I18n.config.interpolation_patterns)
  def translate(key, **options)
-    options.empty? ? super.split(INTERPOLATION_PATTERNS, 2).first : super
+    translation = options.empty? ? super.split(INTERPOLATION_PATTERNS, 2).first : super
    sanitize(translation, tags: [])
  end
  alias :t :translate
--- a/test/controllers/registrations_controller_test.rb
+++ b/test/controllers/registrations_controller_test.rb
@@ -1,18 +0,0 @@
 require "test_helper"
 class RegistrationsControllerTest < ActionDispatch::IntegrationTest
  test "sole admin cannot delete account" do
    sign_in users(:admin)
    delete user_registration_path
    assert_redirected_to edit_user_registration_path
    assert_equal t("registrations.destroy.sole_admin"), flash[:alert]
    assert User.exists?(users(:admin).id)
  end
  test "non-admin can delete account" do
    sign_in users(:alice)
    assert_difference ->{ User.count }, -1 do
      delete user_registration_path
    end
  end
 end
--- a/test/system/users_test.rb
+++ b/test/system/users_test.rb
@@ -5,8 +5,8 @@ class UsersTest < ApplicationSystemTestCase
    @admin = users(:admin)
  end
-  test "sign in" do
+  test 'sign in' do
-    visit new_user_session_path
+    visit root_url
    assert find_link(href: new_user_session_path)[:disabled]
    sign_in
@@ -14,16 +14,23 @@ class UsersTest < ApplicationSystemTestCase
    assert_text t('devise.sessions.signed_in')
  end
-  test 'sign in fails with invalid password' do
+  test 'sign in fails with invalid credentials' do
-    sign_in password: random_password
+    label = User.human_attribute_name(:email)
    # Both: valid and invalid emails should give the same (paranoid) error message.
    email = [users.sample.email, random_email].sample
    visit root_url
    fill_in label, with: email
    fill_in User.human_attribute_name(:password), with: random_password
    click_on t(:sign_in)
    assert_current_path new_user_session_path
-    assert_text t('devise.failure.not_found_in_database',
+    assert_text t('devise.failure.invalid', authentication_keys: label.downcase_first)
                  authentication_keys: User.human_attribute_name(:email))
    assert find_link(href: new_user_session_path)[:disabled]
-    assert_not_empty find_field(User.human_attribute_name(:email)).value
+    assert has_field?(label, with: email)
  end
-  test "sign out" do
+  test 'sign out' do
    sign_in
    visit root_url
    click_on t("layouts.application.sign_out")
@@ -31,79 +38,106 @@ class UsersTest < ApplicationSystemTestCase
    assert_text t("devise.sessions.signed_out")
  end
-  test "recover password" do
+  test 'recover password' do
-    visit new_user_session_url
+    label = User.human_attribute_name(:email)
-    click_on t(:recover_password)
+    email = users.select(&:confirmed?).sample.email
    visit root_url
    fill_in label, with: email
    # Form validations should allow empty password.
    assert has_field?(User.human_attribute_name(:password), with: nil)
    fill_in User.human_attribute_name(:email),
      with: users.select(&:confirmed?).sample.email
    assert_emails 1 do
      click_on t(:recover_password)
      # Wait until redirected to make sure async request has been processed
      assert_current_path new_user_session_path
      # Wait for flash message to make sure async request has been processed.
      assert_text t("devise.passwords.send_paranoid_instructions")
    end
-    assert_text t("devise.passwords.send_instructions")
+    assert has_field?(label, with: email)
    with_last_email do |mail|
      visit Capybara.string(mail.body.to_s).find_link("Change my password")[:href]
      assert_current_path edit_user_password_path, ignore_query: true
      # Make sure flash message is not displayed twice.
      assert_no_text t("devise.passwords.send_paranoid_instructions")
    end
    new_password = random_password
    fill_in t("users.passwords.edit.password_html"), with: new_password
    fill_in t("helpers.label.user.password_confirmation"), with: new_password
    assert_emails 1 do
      click_on t("users.passwords.edit.update_password")
      # Wait until redirected to make sure async request has been processed
      assert_current_path units_path
    end
      assert_text t("devise.passwords.updated")
    end
  end
-  test "register" do
+  test 'recover password for nonexistent user' do
-    visit new_user_session_url
+    label = User.human_attribute_name(:email)
    email = random_email
    visit root_url
    fill_in label, with: email
    assert_no_emails do
      click_on t(:recover_password)
      assert_current_path new_user_session_path
      assert_text t("devise.passwords.send_paranoid_instructions")
    end
  end
  test 'register' do
    visit root_url
    click_on t(:register)
    assert find_link(href: new_user_registration_path)[:disabled]
    fill_in User.human_attribute_name(:email), with: random_email
    password = random_password
    fill_in User.human_attribute_name(:password), with: password
-    fill_in t("users.registrations.new.password_confirmation"), with: password
+    fill_in t("users.profiles.new.password_confirmation"), with: password
-    assert_difference ->{User.count}, 1 do
+    assert_difference ->{ User.count }, 1 do
      assert_emails 1 do
        click_on t(:register)
        # Wait until redirected to make sure async request has been processed
        assert_current_path new_user_session_path
      end
    end
        assert_text t("devise.registrations.signed_up_but_unconfirmed")
      end
    end
    assert_changes ->{ User.last.confirmed? }, from: false, to: true do
      with_last_email do |mail|
        visit Capybara.string(mail.body.to_s).find_link("Confirm my account")[:href]
    end
        assert_current_path new_user_session_path
        assert_text t("devise.confirmations.confirmed")
-    assert User.last.confirmed?
+      end
    end
  end
-  test "resend confirmation" do
+  test 'resend confirmation' do
-    visit new_user_session_url
+    label = User.human_attribute_name(:email)
-    click_on t(:register)
+    user = users.reject(&:confirmed?).sample
-    click_on t(:resend_confirmation)
+
    visit root_url
    click_on t(:register)
    fill_in label, with: user.email
    assert has_field?(User.human_attribute_name(:password), with: nil)
    fill_in User.human_attribute_name(:email),
      with: users.reject(&:confirmed?).sample.email
    assert_emails 1 do
      click_on t(:resend_confirmation)
-      # Wait until redirected to make sure async request has been processed
+      assert_current_path new_user_registration_path
-      assert_current_path new_user_session_path
+      assert_text t("devise.confirmations.send_paranoid_instructions")
    end
-    assert_current_path new_user_session_path
+    assert has_field?(label, with: user.email)
    assert_text t("devise.confirmations.send_instructions")
    assert_changes ->{ user.reload.confirmed? }, from: false, to: true do
      with_last_email do |mail|
        visit Capybara.string(mail.body.to_s).find_link("Confirm my account")[:href]
        assert_current_path new_user_session_path
        assert_no_text t("devise.confirmations.send_paranoid_instructions")
        assert_text t("devise.confirmations.confirmed")
      end
    end
  end
-  test "show profile" do
+  test 'show profile' do
    sign_in user: users.select(&:admin?).select(&:confirmed?).sample
    click_on t("users.navigation")
    within all('tr').drop(1).sample do |tr|
@@ -113,7 +147,7 @@ class UsersTest < ApplicationSystemTestCase
    end
  end
-  test "disguise" do
+  test 'disguise' do
    user = users.select(&:admin?).select(&:confirmed?).sample
    sign_in user: user
@@ -129,7 +163,7 @@ class UsersTest < ApplicationSystemTestCase
    assert_link user.email
  end
-  test "disguise fails for admin when disallowed" do
+  test 'disguise fails for admin when disallowed' do
    user = users.select(&:admin?).select(&:confirmed?).sample
    sign_in user: user
@@ -142,45 +176,37 @@ class UsersTest < ApplicationSystemTestCase
    assert_title 'The change you wanted was rejected (422)'
  end
-  test "disguise forbidden for non admin" do
+  test 'disguise forbidden for non admin' do
    sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
    visit disguise_user_path(User.all.sample)
    assert_title 'Access is forbidden to this page (403)'
  end
-  test "delete profile" do
+  test 'delete profile' do
-    user = sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
+    user = sign_in
    # TODO: remove condition after root_url changed to different path than
    # profile in routes.rb
    unless has_current_path?(edit_user_registration_path)
      first(:link_or_button, user.email).click
    end
    assert_difference ->{ User.count }, -1 do
-      accept_confirm { click_on t("users.registrations.edit.delete") }
+      accept_confirm { click_on t("users.profiles.edit.delete") }
      assert_current_path new_user_session_path
    end
    assert_text t("devise.registrations.destroyed")
  end
-  test "sole admin cannot delete profile" do
+  test 'index forbidden for non admin' do
    sign_in user: users(:admin)
    unless has_current_path?(edit_user_registration_path)
      first(:link_or_button, users(:admin).email).click
    end
    assert find(:button, t("users.registrations.edit.delete"))[:disabled]
  end
  test "index forbidden for non admin" do
    sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
    visit users_path
    assert_title "Access is forbidden to this page (403)"
  end
-  test "update profile" do
+  test 'update profile' do
    # TODO
  end
-  test "update status" do
+  test 'update status' do
    sign_in user: users.select(&:admin?).select(&:confirmed?).sample
    visit users_path
@@ -195,7 +221,7 @@ class UsersTest < ApplicationSystemTestCase
    assert_current_path users_path
  end
-  test "update status fails for admin when disallowed" do
+  test 'update status fails for admin when disallowed' do
    sign_in user: users.select(&:admin?).select(&:confirmed?).sample
    visit users_path
@@ -208,7 +234,7 @@ class UsersTest < ApplicationSystemTestCase
    assert_title 'The change you wanted was rejected (422)'
  end
-  test "update status forbidden for non admin" do
+  test 'update status forbidden for non admin' do
    sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
    visit units_path
    inject_button_to find('body'), "update status", user_path(User.all.sample), method: :patch,
		`@@ -0,0 +1,2 @@`
							`<%# For some reason flash messages are duplicated in bot flash and flash.now %>`
							`<% flash.discard %>`