Class: Passwordless::SessionsController

Inherits:

ApplicationController

• Object
• ApplicationController
• ApplicationController
• Passwordless::SessionsController

Includes:

ControllerHelpers

Defined in:

app/controllers/passwordless/sessions_controller.rb

Overview

Controller for managing Passwordless sessions

Defined Under Namespace

Classes: ExpiredSessionError

Instance Method Summary

• #create ⇒ Object

  post ‘/sign_in’ Creates a new Session record then sends the magic link renders sessions/create.html.erb.

• #destroy ⇒ Object

  match ‘/sign_out’, via: %i[get delete].

• #new ⇒ Object

  get ‘/sign_in’ Assigns an email_field and new Session to be used by new view.

• #show ⇒ Object

  get ‘/sign_in/:token’ Looks up session record by provided token.

Methods included from ControllerHelpers

#authenticate_by_cookie, #build_passwordless_session, #reset_passwordless_redirect_location!, #save_passwordless_redirect_location!, #sign_in, #sign_out

Methods inherited from ApplicationController

#passwordless_controller?

Instance Method Details

#create ⇒ Object

post ‘/sign_in’

Creates a new Session record then sends the magic link
renders sessions/create.html.erb.

See Also:

• Mailer#magic_link

# File 'app/controllers/passwordless/sessions_controller.rb', line 25

def create
  session = build_passwordless_session(find_authenticatable)

  if session.save
    Mailer.magic_link(session).deliver_now
  end

  render
end

#destroy ⇒ Object

match ‘/sign_out’, via: %i[get delete].

Signs user out. Redirects to root_path

See Also:

• ControllerHelpers#sign_out

# File 'app/controllers/passwordless/sessions_controller.rb', line 69

def destroy
  sign_out authenticatable_class
  redirect_to main_app.root_path
end

#new ⇒ Object

get ‘/sign_in’

Assigns an email_field and new Session to be used by new view.
renders sessions/new.html.erb.

# File 'app/controllers/passwordless/sessions_controller.rb', line 16

def new
  @email_field = email_field
  @session = Session.new
end

#show ⇒ Object

get ‘/sign_in/:token’

Looks up session record by provided token. Signs in user if a match
is found. Redirects to either the user's original destination
or _root_path_

See Also:

• ControllerHelpers#sign_in
• ControllerHelpers#save_passwordless_redirect_location!

# File 'app/controllers/passwordless/sessions_controller.rb', line 43

def show
  # Make it "slow" on purpose to make brute-force attacks more of a hassle
  BCrypt::Password.create(params[:token])

  session = find_session
  raise ExpiredSessionError if session.expired?

  sign_in session.authenticatable

  redirect_enabled = Passwordless.redirect_back_after_sign_in
  destination = reset_passwordless_redirect_location!(User)

  if redirect_enabled && destination
    redirect_to destination
  else
    redirect_to main_app.root_path
  end
rescue ExpiredSessionError
  flash[:error] = I18n.t('.passwordless.sessions.create.session_expired')
  redirect_to main_app.root_path
end