password generation

app/assets/javascripts/passwords.js

@@ -18,6 +18,10 @@ function revealPassword($src){
 // Use this instead of typical $().ready
 // because turbolinks.
 document.addEventListener("turbolinks:load", function() {
+  $("[data-id=genpass]").on("ajax:success", "a", function(e, data){
+    $(e.target).parent().find("input").val(data.hash);
+  });
+
   $("[data-id=passwd]").on("ajax:success", "a", function(e, data){
     getPassword($(e.target).parent(), data.hash);
   });

app/controllers/accounts_controller.rb

@@ -10,7 +10,7 @@ class AccountsController < ApplicationController
   end
 
   def new
-    @account = Account.new
+    @account = Account.new(password: SecureRandom.urlsafe_base64(12))
   end
 
   def edit
@@ -20,6 +20,10 @@ class AccountsController < ApplicationController
     render json: { hash: @account.password }.to_json
   end
 
+  def genpass
+    render json: { hash: SecureRandom.urlsafe_base64(12) }.to_json
+  end
+
   def create
     @account = Account.new(account_params)
 

app/views/accounts/_form.html.erb

@@ -16,9 +16,10 @@
     <%= f.text_field :username %>
   </div>
 
-  <div class="field">
+  <div class="field" data-id="genpass">
     <%= f.label :password %>
     <%= f.text_field :password %>
+    <%= link_to 'Generate', genpass_url, remote: true %>
   </div>
 
   <div class="field">

config/routes.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 Rails.application.routes.draw do
+  get 'accounts/genpass', to: 'accounts#genpass', as: :genpass
   get 'accounts/reveal/:id', to: 'accounts#reveal', as: :reveal_password
   resources :accounts, except: [:destroy]
 

test/controllers/accounts_controller/view_test.rb

@@ -37,4 +37,12 @@ class AccountsControllerTest < ActionDispatch::IntegrationTest
     assert_response :success
     assert_match '1q2w3e4r5t6y7u', json['hash']
   end
+
+  test 'genpass should provide password' do
+    get genpass_url, xhr: true
+    json = JSON.parse(response.body).to_hash
+
+    assert_response :success
+    assert json['hash']
+  end
 end