Class: Passwordless::SessionsController

Inherits:

ApplicationController

• Object
• ApplicationController
• ApplicationController
• Passwordless::SessionsController

Includes:

ControllerHelpers

Defined in:

app/controllers/passwordless/sessions_controller.rb

Overview

Controller for managing Passwordless sessions

Instance Method Summary

• #confirm ⇒ Object

  get “/:resource/sign_in/:id/:token” User visits the link sent to them via email.

• #create ⇒ Object

  post ‘/:resource/sign_in’ Creates a new Session record then sends the magic link redirects to sign in page with generic flash message.

• #destroy ⇒ Object

  match ‘/:resource/sign_out’, via: %i[get delete].

• #new ⇒ Object

  get ‘/:resource/sign_in’ Assigns an email_field and new Session to be used by new view.

• #show ⇒ Object

  get “/:resource/sign_in/:id” Shows the form for confirming a Session record.

• #update ⇒ Object

  patch “/:resource/sign_in/:id” User submits the form for confirming a Session record.

Methods included from ControllerHelpers

#authenticate_by_session, #build_passwordless_session, #create_passwordless_session, #create_passwordless_session!, #find_passwordless_session_for, #redirect_session_key, #reset_passwordless_redirect_location!, #save_passwordless_redirect_location!, #session_key, #sign_in, #sign_out

Methods inherited from ApplicationController

#passwordless_controller?

Instance Method Details

#confirm ⇒ Object

get “/:resource/sign_in/:id/:token”

User visits the link sent to them via email.
Looks up session record by provided token. Signs in user if a match
is found. Redirects to either the user's original destination
or _Passwordless.config.success_redirect_path_.

See Also:

• ControllerHelpers#sign_in
• ControllerHelpers#save_passwordless_redirect_location!

# File 'app/controllers/passwordless/sessions_controller.rb', line 88

def confirm
  # Some email clients will visit links in emails to check if they are
  # safe. We don't want to sign in the user in that case.
  return head(:ok) if request.head?

  @session = passwordless_session

  artificially_slow_down_brute_force_attacks(params[:token])

  authenticate_and_sign_in(@session, params[:token])
end

#create ⇒ Object

post ‘/:resource/sign_in’

Creates a new Session record then sends the magic link
redirects to sign in page with generic flash message.

# File 'app/controllers/passwordless/sessions_controller.rb', line 22

def create
  unless @resource = find_authenticatable
    raise(
      ActiveRecord::RecordNotFound,
      "Couldn't find #{authenticatable_type} with email #{passwordless_session_params[email_field]}"
    )
  end

  @session = build_passwordless_session(@resource)

  if @session.save
    if Passwordless.config.after_session_save.arity == 2
      Passwordless.config.after_session_save.call(@session, request)
    else
      Passwordless.config.after_session_save.call(@session)
    end

    redirect_to(
      Passwordless.context.path_for(
        @session,
        id: @session.to_param,
        action: "show"
      ),
      flash: {notice: I18n.t("passwordless.sessions.create.email_sent")}
    )
  else
    flash[:error] = I18n.t("passwordless.sessions.create.error")
    render(:new, status: :unprocessable_entity)
  end

rescue ActiveRecord::RecordNotFound
  flash[:error] = I18n.t("passwordless.sessions.create.not_found")
  render(:new, status: :not_found)
end

#destroy ⇒ Object

match ‘/:resource/sign_out’, via: %i[get delete].

Signs user out. Redirects to root_path

See Also:

• ControllerHelpers#sign_out

# File 'app/controllers/passwordless/sessions_controller.rb', line 103

def destroy
  sign_out(authenticatable_class)

  redirect_to(
    passwordless_sign_out_redirect_path,
    notice: I18n.t("passwordless.sessions.destroy.signed_out"),
    **redirect_to_options
  )
end

#new ⇒ Object

get ‘/:resource/sign_in’

Assigns an email_field and new Session to be used by new view.
renders sessions/new.html.erb.

# File 'app/controllers/passwordless/sessions_controller.rb', line 15

def new
  @session = Session.new
end

#show ⇒ Object

get “/:resource/sign_in/:id”

Shows the form for confirming a Session record.
renders sessions/show.html.erb.

# File 'app/controllers/passwordless/sessions_controller.rb', line 60

def show
  @session = passwordless_session
end

#update ⇒ Object

patch “/:resource/sign_in/:id”

User submits the form for confirming a Session record.
Looks up session record by provided token. Signs in user if a match
is found. Redirects to either the user's original destination
or _Passwordless.config.success_redirect_path_.

See Also:

• ControllerHelpers#sign_in
• ControllerHelpers#save_passwordless_redirect_location!

# File 'app/controllers/passwordless/sessions_controller.rb', line 72

def update
  @session = passwordless_session

  artificially_slow_down_brute_force_attacks(passwordless_session_params[:token])

  authenticate_and_sign_in(@session, passwordless_session_params[:token])
end