Class: Passwordless::SessionsController

Inherits:
Object
  • Object
show all
Includes:
ControllerHelpers
Defined in:
app/controllers/passwordless/sessions_controller.rb

Overview

Controller for managing Passwordless sessions

Instance Method Summary collapse

Methods included from ControllerHelpers

#authenticate_by_session, #build_passwordless_session, #create_passwordless_session, #create_passwordless_session!, #find_passwordless_session_for, #redirect_session_key, #reset_passwordless_redirect_location!, #save_passwordless_redirect_location!, #session_key, #sign_in, #sign_out

Instance Method Details

#confirmObject

get “/:resource/sign_in/:id/:token”

User visits the link sent to them via email.
Looks up session record by provided token. Signs in user if a match
is found. Redirects to either the user's original destination
or _Passwordless.config.success_redirect_path_.

See Also:



80
81
82
83
84
85
86
87
88
89
90
 
# File 'app/controllers/passwordless/sessions_controller.rb', line 80

def confirm
  # Some email clients will visit links in emails to check if they are
  # safe. We don't want to sign in the user in that case.
  return head(:ok) if request.head?

  @session = passwordless_session

  artificially_slow_down_brute_force_attacks(params[:token])

  (@session, params[:token])
end

#createObject

post ‘/:resource/sign_in’

Creates a new Session record then sends the magic link
redirects to sign in page with generic flash message.



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'app/controllers/passwordless/sessions_controller.rb', line 22

def create
  handle_resource_not_found unless @resource = find_authenticatable
  @session = build_passwordless_session(@resource)

  if @session.save
    call_after_session_save

    redirect_to(
      Passwordless.context.path_for(
        @session,
        id: @session.to_param,
        action: "show"
      ),
      flash: {notice: I18n.t("passwordless.sessions.create.email_sent")}
    )
  else
    flash[:error] = I18n.t("passwordless.sessions.create.error")
    render(:new, status: :unprocessable_entity)
  end

rescue ActiveRecord::RecordNotFound
  @session = Session.new

  flash[:error] = I18n.t("passwordless.sessions.create.not_found")
  render(:new, status: :not_found)
end

#destroyObject

match ‘/:resource/sign_out’, via: %i[get delete].

Signs user out. Redirects to root_path

See Also:



95
96
97
98
99
100
101
102
103
 
# File 'app/controllers/passwordless/sessions_controller.rb', line 95

def destroy
  sign_out(authenticatable_class)

  redirect_to(
    passwordless_sign_out_redirect_path,
    notice: I18n.t("passwordless.sessions.destroy.signed_out"),
    **redirect_to_options
  )
end

#newObject

get ‘/:resource/sign_in’

Assigns an email_field and new Session to be used by new view.
renders sessions/new.html.erb.



15
16
17
 
# File 'app/controllers/passwordless/sessions_controller.rb', line 15

def new
  @session = Session.new
end

#showObject

get “/:resource/sign_in/:id”

Shows the form for confirming a Session record.
renders sessions/show.html.erb.



52
53
54
 
# File 'app/controllers/passwordless/sessions_controller.rb', line 52

def show
  @session = passwordless_session
end

#updateObject

patch “/:resource/sign_in/:id”

User submits the form for confirming a Session record.
Looks up session record by provided token. Signs in user if a match
is found. Redirects to either the user's original destination
or _Passwordless.config.success_redirect_path_.

See Also:



64
65
66
67
68
69
70
 
# File 'app/controllers/passwordless/sessions_controller.rb', line 64

def update
  @session = passwordless_session

  artificially_slow_down_brute_force_attacks(passwordless_session_params[:token])

  (@session, passwordless_session_params[:token])
end