overwrite /signup and create /users/new

[saplaum]

I really like this gem and I use it also for my latest project.

Meanwhile I need to deactivate the /signup route and give admin users the possibility to create users. Letting guests create accounts is a security flaw for my application.

What I did was to migrate from a classic app to a modular app, so I was able to overwrite /signup.

But while creating post /users I get stuck:
NoMethodError at /users
undefined method `include?' for nil:NilClass

Can someone help me with the User model?

register Sinatra::SinatraAuthentication # load auth

post '/users' do
@user = User.set(params[:user])
if @user.valid && @user.id
session[:user] = @user.id
if Rack.const_defined?('Flash')
flash[:notice] = "Account created."
end
redirect '/'
else
if Rack.const_defined?('Flash')
flash[:error] = "There were some problems creating the account: #{@user.errors}."
end
redirect '/users/new' + hash_to_query_string(params['user'])
end
end

[andyvanee]

I had a similar issue, as the /signup route leaves things too open for my use case. Here was my solution, allowing existing users to create new users:

before '/signup' do
  # ovrerride un-authenticated signups
  redirect '/'
end

get '/new_user' do
  login_required
  @title = 'New User'
  erb :new_user
end

post '/new_user' do
  login_required
  @title = 'New User'
  @user = User.set(params[:user])
  if @user.valid && @user.id
    flash[:notice] = "Account Created"
    redirect '/users'
  else
    flash[:error] = "There were some problems creating the account: #{@user.errors}."
    erb :new_user
  end
end