Class: Passwordless::SessionsController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• Passwordless::SessionsController

Includes:

ControllerHelpers

Defined in:

app/controllers/passwordless/sessions_controller.rb

Instance Method Summary

• #create ⇒ Object
• #destroy ⇒ Object
• #new ⇒ Object
• #show ⇒ Object

Methods included from ControllerHelpers

#authenticate_by_cookie, #sign_in, #sign_out

Instance Method Details

#create ⇒ Object

# File 'app/controllers/passwordless/sessions_controller.rb', line 15

def create
  email_field = authenticatable_class.passwordless_email_field
  authenticatable = authenticatable_class.where(
    "lower(#{email_field}) = ?", params[:passwordless][email_field]
  ).first

  session = Session.new.tap do |us|
    us.remote_addr = request.remote_addr
    us.user_agent = request.env['HTTP_USER_AGENT']
    us.authenticatable = authenticatable
  end

  if session.save
    Mailer.magic_link(session).deliver_now
  end

  render
end

#destroy ⇒ Object

# File 'app/controllers/passwordless/sessions_controller.rb', line 48

def destroy
  sign_out authenticatable_class
  redirect_to main_app.root_path
end

#new ⇒ Object

# File 'app/controllers/passwordless/sessions_controller.rb', line 9

def new
  @email_field = authenticatable_class.passwordless_email_field

  @session = Session.new
end

#show ⇒ Object

# File 'app/controllers/passwordless/sessions_controller.rb', line 34

def show
  # Make it "slow" on purpose to make brute-force attacks more of a hassle
  BCrypt::Password.create(params[:token])

  session = Session.valid.find_by!(
    authenticatable_type: authenticatable_classname,
    token: params[:token]
  )

  sign_in session.authenticatable

  redirect_to main_app.root_path
end