Class: Passwordless::SessionsController
- Inherits:
-
ApplicationController
- Object
- ApplicationController
- ApplicationController
- Passwordless::SessionsController
- Includes:
- ControllerHelpers
- Defined in:
- app/controllers/passwordless/sessions_controller.rb
Overview
Controller for managing Passwordless sessions
Defined Under Namespace
Classes: ExpiredSessionError
Instance Method Summary collapse
-
#create ⇒ Object
post ‘/sign_in’ Creates a new Session record then sends the magic link renders sessions/create.html.erb.
-
#destroy ⇒ Object
match ‘/sign_out’, via: %i[get delete].
-
#new ⇒ Object
get ‘/sign_in’ Assigns an email_field and new Session to be used by new view.
-
#show ⇒ Object
get ‘/sign_in/:token’ Looks up session record by provided token.
Methods included from ControllerHelpers
#authenticate_by_cookie, #build_passwordless_session, #reset_passwordless_redirect_location!, #save_passwordless_redirect_location!, #sign_in, #sign_out
Methods inherited from ApplicationController
Instance Method Details
#create ⇒ Object
post ‘/sign_in’
Creates a new Session record then sends the magic link
renders sessions/create.html.erb.
25 26 27 28 29 30 31 32 33 |
# File 'app/controllers/passwordless/sessions_controller.rb', line 25 def create session = build_passwordless_session(find_authenticatable) if session.save Mailer.magic_link(session).deliver_now end render end |
#destroy ⇒ Object
match ‘/sign_out’, via: %i[get delete].
Signs user out. Redirects to root_path
69 70 71 72 |
# File 'app/controllers/passwordless/sessions_controller.rb', line 69 def destroy sign_out authenticatable_class redirect_to main_app.root_path end |
#new ⇒ Object
get ‘/sign_in’
Assigns an email_field and new Session to be used by new view.
renders sessions/new.html.erb.
16 17 18 19 |
# File 'app/controllers/passwordless/sessions_controller.rb', line 16 def new @email_field = email_field @session = Session.new end |
#show ⇒ Object
get ‘/sign_in/:token’
Looks up session record by provided token. Signs in user if a match
is found. Redirects to either the user's original destination
or _root_path_
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
# File 'app/controllers/passwordless/sessions_controller.rb', line 43 def show # Make it "slow" on purpose to make brute-force attacks more of a hassle BCrypt::Password.create(params[:token]) session = find_session raise ExpiredSessionError if session.expired? sign_in session.authenticatable redirect_enabled = Passwordless.redirect_back_after_sign_in destination = reset_passwordless_redirect_location!(User) if redirect_enabled && destination redirect_to destination else redirect_to main_app.root_path end rescue ExpiredSessionError flash[:error] = I18n.t('.passwordless.sessions.create.session_expired') redirect_to main_app.root_path end |